Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: littlespa.wholefoodnation.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 03 Oct 2014 20:07:35 GMT
Location: http://littlespa.com/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://littlespa.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: littlespa.wholefoodnation.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 03 Oct 2014 20:07:35 GMT
Location: http://littlespa.com/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://littlespa.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: littlespa.wholefoodnation.com
Referer: http://www.google.com/search?q=littlespa.wholefoodnation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: littlespa.wholefoodnation.com
Referer: http://www.google.com/search?q=littlespa.wholefoodnation.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://littlespa.wholefoodnation.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 03 Oct 2014 20:07:35 GMT Location: http://littlespa.com/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://littlespa.com/xmlrpc.php | clean |
http://littlespa.com/ | 200 OK Content-Length: 12672 Content-Type: text/html | clean |
http://littlespa.com/wp-content/themes/littlespa/script.js | 200 OK Content-Length: 6575 Content-Type: application/javascript | clean |
http://littlespa.com/wp-content/plugins/cforms/js/cforms.js | 200 OK Content-Length: 17442 Content-Type: application/javascript | clean |
http://littlespa.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://s.gravatar.com/js/gprofiles.js?aa&ver=3.3.1 | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://littlespa.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.3.1 | 200 OK Content-Length: 930 Content-Type: application/javascript | clean |
http://stats.wordpress.com/e-201440.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://littlespa.wholefoodnation.com/programs/fat-burn.html | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://littlespa.wholefoodnation.com/test404page.js | 404 Not Found Content-Length: 10555 Content-Type: text/html | clean |
http://littlespa.wholefoodnation.com/programs/detox.html | 200 OK Content-Length: 14186 Content-Type: text/html | clean |
http://littlespa.wholefoodnation.com/programs/unstick.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 03 Oct 2014 20:07:54 GMT Location: http://unstickyourbrain.com/ Server: nginx/1.6.2 Content-Type: text/html; charset=UTF-8 Link: <http://wp.me/PHgL7-L>; rel=shortlink Set-Cookie: PHPSESSID=3da82c0b7bfcbd5b0007757cf6b8a4c2; path=/ X-Pingback: http://littlespa.com/xmlrpc.php | clean |
http://unstickyourbrain.com/ | 200 OK Content-Length: 7505 Content-Type: text/html | clean |
http://unstickyourbrain.com/test404page.js | 200 OK Content-Length: 7505 Content-Type: text/html | clean |
http://littlespa.wholefoodnation.com/programs/personal-time-with-dr-heidi.html | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://littlespa.wholefoodnation.com/about.html | 200 OK Content-Length: 12981 Content-Type: text/html | clean |
http://littlespa.wholefoodnation.com/programs/fat-burn/bad-good-food.html | 200 OK Content-Length: 11806 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=littlespa.wholefoodnation.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://littlespa.wholefoodnation.com/
Result: littlespa.wholefoodnation.com is not infected or malware details are not published yet.
Result: littlespa.wholefoodnation.com is not infected or malware details are not published yet.