Scanned pages/files
| Request | Server response | Status |
http://www.re-lead.org/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 09 Sep 2015 10:47:24 GMT Pragma: no-cache Location: http://re-lead.org/ Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=5d275ffqr5t85c843f9mp4p3r4; path=/ Set-Cookie: wfvt_3559587920=55f00e3e60e88; expires=Wed, 09-Sep-2015 11:17:26 GMT; path=/; httponly X-Pingback: http://re-lead.org/xmlrpc.php X-Powered-By: PHP/5.4.44 | clean |
http://re-lead.org/ | 200 OK Content-Length: 35778 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By KaracaBey ...[7063 bytes skipped]... ount:1;column-count:1}}</style> <link rel='stylesheet' id='rs-settings-css' href='http://re-lead.org/wp-content/plugins/revslider/rs-plugin/css/settings.css,qver=4.1.pagespeed.ce.-YxrfOL8Sc.css' type='text/css' media='all'/> <style id='rs-captions-css' media='all'><body style='color: transparent;background-color: black'><center><h1><b style='color: white'><center>Hacked By KaracaBey<br>KaracaBey - Memo<p style='color: transparent'></style> <style id='pageScrollButtonsStyle-css' media='all'> .page-scroll-buttons button, .page-scroll-buttons button:hover, .page-scroll-buttons button:focus { position:fixed; z-index:100; width:45px; height:45px; background:url('wp-content/plugins/smooth-page-scroll-updown-buttons/assets/img/spsb-sprite.png'); border:0; border-radius:4px; ...[32598 bytes skipped]... | ||
http://re-lead.org/wp-includes/js/jquery/jquery.js,qver=1.11.1.pagespeed.jm.z9hb-Gxqf6.js | 200 OK Content-Length: 95719 Content-Type: application/javascript | clean |
http://re-lead.org/wp-includes/js/jquery/jquery-migrate.min.js,qver=1.2.1.pagespeed.jm.mhpNjdU8Wl.js | 200 OK Content-Length: 7085 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/jquery-colorbox/js/jquery.colorbox-min.js,qver=1.3.21.pagespeed.jm.za-R_pVSFM.js | 200 OK Content-Length: 9587 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/jquery-colorbox/js/jquery-colorbox-wrapper-min.js,qver=4.6.pagespeed.ce.duE7X3gfAm.js | 200 OK Content-Length: 8067 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.plugins.min.js,qver=4.1.pagespeed.jm.t-2oG_xxa6.js | 200 OK Content-Length: 15296 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.1 | 200 OK Content-Length: 54474 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins,_smooth-page-scroll-updown-buttons,_assets,_js,_smooth-page-scroll-updown-buttons.min.js,,qver==1.2,Mjm.A4DfVKQ7Ks.js+themes,_parallax-pro,_js,_responsive-menu.js,,qver==1.0.0,Mjm.NWMgEtMWXa.js+themes,_parallax-pro,_js,_parallax.js,,qver==1.0.0,Mjm.eovzgshX8_.js.pagespeed.jc.dvDGR5XQ0Q.js | 200 OK Content-Length: 3635 Content-Type: application/javascript | clean |
http://re-lead.org/wp-includes/js/jquery/ui/core.min.js,,qver==1.11.2,Mjm.G5FbKsFtv1.js+widget.min.js,,qver==1.11.2,Mjm.rVbriq03X2.js+accordion.min.js,,qver==1.11.2,Mjm.b-Xvae01Yz.js.pagespeed.jc.Iv1Xm5blgU.js | 200 OK Content-Length: 19311 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js,qver=3.51.0-2014.06.20.pagespeed.jm.RVBOol6lkO.js | 200 OK Content-Length: 14900 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/contact-form-7/includes/js/scripts.js,qver=4.2.2.pagespeed.jm.KFUoiSQRr9.js | 200 OK Content-Length: 9382 Content-Type: application/javascript | clean |
http://re-lead.org/wp-content/plugins/smooth-page-scroll-updown-buttons,_assets,_js,_addButtons.js,,qver==1.1,Mjm.QwDkmWF-Ru.js+genesis-responsive-slider,_js,_jquery.flexslider.js,,qver==0.9.2,Mjm.lOKexw5Vu7.js.pagespeed.jc.pUOEuc2io2.js | 200 OK Content-Length: 14586 Content-Type: application/javascript | clean |
http://www.re-lead.org/ http://re-lead.org/program-details/who-is-relead-for | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 09 Sep 2015 10:47:35 GMT Pragma: no-cache Location: http://re-lead.org/%20http:/re-lead.org/program-details/who-is-relead-for Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=qs8jv3vc4umrhrnjkrn7v3hmu4; path=/ Set-Cookie: wfvt_3559587920=55f00e4809236; expires=Wed, 09-Sep-2015 11:17:36 GMT; path=/; httponly X-Pingback: http://re-lead.org/xmlrpc.php X-Powered-By: PHP/5.4.44 | clean |
http://re-lead.org/%20http:/re-lead.org/program-details/who-is-relead-for | 404 Not Found Content-Length: 17539 Content-Type: text/html | clean |
http://re-lead.org/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://re-lead.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: re-lead.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: max-age=0, no-cache
Connection: close
Date: Wed, 09 Sep 2015 10:47:26 GMT
Pragma: no-cache
Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9
Vary: Accept-Encoding,User-Agent
Content-Length: 35778
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=9klqsa691skr05vtfj9lm8pqq2; path=/
Set-Cookie: wfvt_3559587920=55f00e3fb342c; expires=Wed, 09-Sep-2015 11:17:27 GMT; path=/; httponly
X-Mod-Pagespeed: 1.7.30.5-3847
X-Pingback: http://re-lead.org/xmlrpc.php
X-Powered-By: PHP/5.4.44
...35778 bytes of data.
GET / HTTP/1.1
Host: re-lead.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: max-age=0, no-cache
Connection: close
Date: Wed, 09 Sep 2015 10:47:26 GMT
Pragma: no-cache
Server: Apache Phusion_Passenger/4.0.10 mod_bwlimited/1.4 mod_fcgid/2.3.9
Vary: Accept-Encoding,User-Agent
Content-Length: 35778
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=9klqsa691skr05vtfj9lm8pqq2; path=/
Set-Cookie: wfvt_3559587920=55f00e3fb342c; expires=Wed, 09-Sep-2015 11:17:27 GMT; path=/; httponly
X-Mod-Pagespeed: 1.7.30.5-3847
X-Pingback: http://re-lead.org/xmlrpc.php
X-Powered-By: PHP/5.4.44
...35778 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: re-lead.org
Referer: http://www.google.com/search?q=re-lead.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: re-lead.org
Referer: http://www.google.com/search?q=re-lead.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=re-lead.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://re-lead.org/
Result: re-lead.org is not infected or malware details are not published yet.
Result: re-lead.org is not infected or malware details are not published yet.