Scanned pages/files
| Request | Server response | Status |
http://kms.edu.ge/ | 200 OK Content-Length: 12893 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY ANONGHOST ...[7281 bytes skipped]... ;</div> <div class="region region-content"> <div id="block-system-main" class="block block-system"> <div class="content"> <div id="node-84" class="node node-page node-promoted node-teaser clearfix" about="/?q=node/84" typeof="foaf:Document"> <h2 property="dc:title" datatype=""><a href="/?q=node/84">HACKED BY ANONGHOST</a></h2> <div class="content"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p> <embed src="http://www.youtube.com/v/94bGzWyHbu0?version=3&autoplay=1&feature=player_detailpage" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" he ...[6667 bytes skipped]... | ||
http://kms.edu.ge/misc/jquery.js?v=1.4.4 | 200 OK Content-Length: 78602 Content-Type: application/javascript | clean |
http://kms.edu.ge/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
http://kms.edu.ge/misc/drupal.js?mleupl | 200 OK Content-Length: 13852 Content-Type: application/javascript | clean |
http://kms.edu.ge/sites/all/libraries/shadowbox/shadowbox.js?v=3.0.3 | 200 OK Content-Length: 64654 Content-Type: application/javascript | clean |
http://kms.edu.ge/sites/default/files/languages/ka_jJ1Akz2Smshm9HHE9vgxjpGx8mGSAjRAxD5brikNYFM.js?mleupl | 200 OK Content-Length: 560 Content-Type: application/javascript | clean |
http://kms.edu.ge/sites/all/modules/video/js/video.js?mleupl | 200 OK Content-Length: 3461 Content-Type: application/javascript | clean |
http://kms.edu.ge/sites/all/modules/views_slideshow/js/views_slideshow.js?mleupl | 200 OK Content-Length: 19256 Content-Type: application/javascript | clean |
http://kms.edu.ge/?q=node/84 | 200 OK Content-Length: 12263 Content-Type: text/html | clean |
http://kms.edu.ge/?q=node/ | 200 OK Content-Length: 12893 Content-Type: text/html | clean |
http://kms.edu.ge/?q=user/register | 200 OK Content-Length: 14469 Content-Type: text/html | clean |
http://kms.edu.ge/misc/jquery.cookie.js?v=1.0 | 200 OK Content-Length: 961 Content-Type: application/javascript | clean |
http://kms.edu.ge/misc/jquery.form.js?v=2.52 | 200 OK Content-Length: 9913 Content-Type: application/javascript | clean |
http://kms.edu.ge/misc/ajax.js?v=7.16 | 200 OK Content-Length: 22510 Content-Type: application/javascript | clean |
http://kms.edu.ge/misc/progress.js?v=7.16 | 200 OK Content-Length: 3112 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kms.edu.ge
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 16 Nov 2014 00:31:03 GMT
ETag: "1416097863"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Language: ka
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 16 Nov 2014 00:31:03 +0000
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.3.23
GET / HTTP/1.1
Host: kms.edu.ge
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 16 Nov 2014 00:31:03 GMT
ETag: "1416097863"
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Language: ka
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 16 Nov 2014 00:31:03 +0000
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.3.23
Second query (visit from search engine):
GET / HTTP/1.1
Host: kms.edu.ge
Referer: http://www.google.com/search?q=kms.edu.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kms.edu.ge
Referer: http://www.google.com/search?q=kms.edu.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kms.edu.ge
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kms.edu.ge/
Result: kms.edu.ge is not infected or malware details are not published yet.
Result: kms.edu.ge is not infected or malware details are not published yet.