Scanned pages/files
Request | Server response | Status |
http://ras.ge/ | 200 OK Content-Length: 51355 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By LuXas ...[47120 bytes skipped]... prev" href="#"> </a> </td> <td> <div class="viewport"> <ul class="overview"> <li class="item icon"> <div class="imageBlock"> <img src='uploads/news/567/IMG_4449_-_Copy.JPG' class='image' alt='Hacked By LuXas' align='left' /> </div> <div class="info"> <div class="name"> <a href="geo/news/567"> Hacked By LuXas </a> </div> <div class="date"> ...[13540 bytes skipped]... | ||
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://code.jquery.com/ui/1.10.3/jquery-ui.js | 200 OK Content-Length: 301936 Content-Type: application/javascript | clean |
http://ras.ge/js/functions.js | 200 OK Content-Length: 11449 Content-Type: application/javascript | clean |
http://ras.ge/js/html5/html5placeholder.jquery.js | 200 OK Content-Length: 3233 Content-Type: application/javascript | clean |
http://ras.ge/js/main.js | 200 OK Content-Length: 3458 Content-Type: application/javascript | clean |
http://ras.ge/js/lib/jquery.validate.js | 200 OK Content-Length: 39405 Content-Type: application/javascript | clean |
http://ras.ge/js/jquery.selectbox/js/jquery.selectbox-0.6.1.js | 200 OK Content-Length: 6177 Content-Type: application/javascript | clean |
http://ras.ge/js/qm.js | 200 OK Content-Length: 3315 Content-Type: application/javascript | clean |
http://ras.ge/js/lib/showcase/js/jquery.aw-showcase.js | 200 OK Content-Length: 42118 Content-Type: application/javascript | clean |
http://ras.ge/js/lib/tinyCarousel/js/jquery.tinycarousel.min.js | 200 OK Content-Length: 3593 Content-Type: application/javascript | clean |
http://ras.ge/geo/home | 200 OK Content-Length: 56022 Content-Type: text/html | clean |
http://ras.ge/geo/js/functions.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://ras.ge/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ras.ge
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 02 Dec 2015 11:12:31 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=a4d29a11aa704740fc3bcbc06e413bb2; path=/
GET / HTTP/1.1
Host: ras.ge
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 02 Dec 2015 11:12:31 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=a4d29a11aa704740fc3bcbc06e413bb2; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: ras.ge
Referer: http://www.google.com/search?q=ras.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ras.ge
Referer: http://www.google.com/search?q=ras.ge
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ras.ge
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ras.ge/
Result: ras.ge is not infected or malware details are not published yet.
Result: ras.ge is not infected or malware details are not published yet.