Scanned pages/files
Request | Server response | Status |
http://www.sacanopy.co.za/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 19 May 2014 08:02:19 GMT Pragma: no-cache Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 25135 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fq0a0bjupga9kh2veuopd0aki1; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.9 | clean |
http://zonehmirrors.net/defaced/2013/01/21/www.matlaeng.com/ | 200 OK Content-Length: 25902 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Worms Libyan Hackers ...[614 bytes skipped]... guage="Javascript"> <!-- Begin function disableselect(e){ return false } function reEnable(){ return true } document.onselectstart=new Function ("return false") if (window.sidebar){ document.onmousedown=disableselect document.onclick=reEnable } // End --> </script> <!-- no txt fin --> <!-- codigo inicio --> <title>Hacked By Worms Libyan Hackers</title> <link href="drahli/css.css" rel="stylesheet" type="text/css"> <style> IMG.HoverBorder {border:5px solid #eee;} body { background-color: rgb(153, 153, 153); background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAIAAAD/gAIDAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAHK5JREFUeNrsnelaHDfThulhGTAYfP6nlfXK4iQ+AoPBMCye75Hu7puih9iO19fJNz+4enq6pVKpVMtTJTG8ePFia/pcXV3t7+9fXFwcHh5y582bN3d3d7u7u1sb ...[25766 bytes skipped]... | ||
http://zonehmirrors.net/defaced/2013/01/21/www.matlaeng.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 136 Content-Type: text/html | clean |
http://zonehmirrors.net/test404page.js | 200 OK Content-Length: 136 Content-Type: text/html | clean |
http://www.google-analytics.com/ga.js | 200 OK Content-Length: 40155 Content-Type: text/javascript | clean |
http://www.sacanopy.co.za/drahli/ga.js | 404 Not Found Content-Length: 294 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sacanopy.co.za
Result:
GET / HTTP/1.1
Host: sacanopy.co.za
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: sacanopy.co.za
Referer: http://www.google.com/search?q=sacanopy.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sacanopy.co.za
Referer: http://www.google.com/search?q=sacanopy.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sacanopy.co.za
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sacanopy.co.za/
Result: sacanopy.co.za is not infected or malware details are not published yet.
Result: sacanopy.co.za is not infected or malware details are not published yet.