Scanned pages/files
Request | Server response | Status |
http://www.rfidentikit.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 14:46:14 GMT Location: http://rfidentikit.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_qos/10.10 Content-Length: 0 Content-Type: text/html; charset=UTF-7 Set-Cookie: slimstat_tracking_code=24918id.f33067af83277fa0e60237c162eea6b4; expires=Tue, 22-Jul-2014 14:46:15 GMT; path=/ X-Pingback: http://rfidentikit.com/wp/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://rfidentikit.com/ | 200 OK Content-Length: 16905 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-/title+AD4-Hacked By TurkHackTeam ...[320 bytes skipped]... ]--> <!--[if (gte IE 9)|!(IE)]><!--> <html class="no-js" dir="ltr" lang="en-US"> <!--<![endif]--> <head> <meta charset="UTF-7" /> <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" /> <title>+ADw-/title+AD4-Hacked By TurkHackTeam Misir Operasyonu www.turkhackteam.net / tgrl+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4-</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="http://rfidentikit.com/wp/xmlrpc.php" /> <link rel="alternate" type="application/rss+xml" title="+ADw-/title+AD4-Hacked By TurkHackTeam Misir Operasyonu www.turkhackteam.net / tgrl+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xm ...[18301 bytes skipped]... | ||
http://rfidentikit.com/wp/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/themes/responsive/js/responsive-modernizr.js?ver=2.6.1 | 200 OK Content-Length: 15117 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/plugins/wp-slimstat/wp-slimstat.js | 200 OK Content-Length: 8508 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.25.0-2013.01.18 | 200 OK Content-Length: 15158 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.3 | 200 OK Content-Length: 6933 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/themes/responsive/js/responsive-scripts.js?ver=1.2.1 | 200 OK Content-Length: 11265 Content-Type: application/javascript | clean |
http://rfidentikit.com/wp/wp-content/themes/responsive/js/responsive-plugins.js?ver=1.1.1 | 200 OK Content-Length: 946 Content-Type: application/javascript | clean |
http://www.rfidentikit.com/wp | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 14:46:26 GMT Location: http://www.rfidentikit.com/wp/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_qos/10.10 Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.rfidentikit.com/wp/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 14:46:27 GMT Location: http://rfidentikit.com/wp/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_qos/10.10 Content-Length: 0 Content-Type: text/html; charset=UTF-7 Set-Cookie: slimstat_tracking_code=24922id.ecf12ab0c3e6d90ae23ee1569b346e2c; expires=Tue, 22-Jul-2014 14:46:28 GMT; path=/ X-Pingback: http://rfidentikit.com/wp/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://rfidentikit.com/wp/ | 200 OK Content-Length: 16905 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=90 | 200 OK Content-Length: 15957 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=15 | 200 OK Content-Length: 17695 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=10 | 200 OK Content-Length: 16434 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=152 | 200 OK Content-Length: 15567 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=162 | 200 OK Content-Length: 15567 Content-Type: text/html | clean |
http://rfidentikit.com/?page_id=43 | 200 OK Content-Length: 15450 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rfidentikit.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 14:46:16 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_qos/10.10
Content-Type: text/html; charset=UTF-7
Set-Cookie: slimstat_tracking_code=24920id.46ca5edcf74f043773d7bf81c48b551f; expires=Tue, 22-Jul-2014 14:46:17 GMT; path=/
X-Pingback: http://rfidentikit.com/wp/xmlrpc.php
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: rfidentikit.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Jun 2014 14:46:16 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_jk/1.2.37 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_qos/10.10
Content-Type: text/html; charset=UTF-7
Set-Cookie: slimstat_tracking_code=24920id.46ca5edcf74f043773d7bf81c48b551f; expires=Tue, 22-Jul-2014 14:46:17 GMT; path=/
X-Pingback: http://rfidentikit.com/wp/xmlrpc.php
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: rfidentikit.com
Referer: http://www.google.com/search?q=rfidentikit.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rfidentikit.com
Referer: http://www.google.com/search?q=rfidentikit.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rfidentikit.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rfidentikit.com/
Result: rfidentikit.com is not infected or malware details are not published yet.
Result: rfidentikit.com is not infected or malware details are not published yet.