Scanned pages/files
Request | Server response | Status |
http://www.selecom.co.za/ | 200 OK Content-Length: 32683 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) var I1I='=oQKpkyJ8dCK0lGbwNnLnwWYu9Wa0l2cuFmcUBjM8hTQzwHewVTN1E0M8ZzMENDf3cTNENDf4BHOBNDf4BXO0cTQzwHN0Q0M8dDOBNDf2UTNENDf4BHN3ETQzwHM1cDRzwnM5E0M8NDNENDf4B3N5ETQzwnNENDf4BnM3cTQzwHewVDNBNDf4BnM3UTQzwHewVDOxE0M8hzMBNDfzMTQzwXMzUDRzwHewljMxE0M8BjM3Q0M8lzMENDf4Q0M8NzNBNDflxWe0N3M3UDRzwXO4E0M8BjN3Q0M8hHc4ATMBNDf5E0M8VTMENDfxMDRzwHewdDNBNDf4BXN4cTQzwnN4cDRzwHewljM3E0M8hHcwE0M8JzN3Q0M8ZmZpdGfyUTQzwXN1cDRzwHewVTN3E0M8JjMENDfzEDRzw3NyQ0M8lTN3Q0M8BDOBNDf0MTQzwXN4E0M8hHcxMzNBNDf3QDRzwHewZTQzw3NIJTUHljTXFH Antivirus reports:
Deface/Content modification. The following signature was found: ҳ̸Ҳ̸ҳ Hacked By Hacker Sakit Hati ҳ̸Ҳ̸ҳ <script language='javascript' type='text/javascript'>var I1I='=oQKpkyJ8dCK0lGbwNnLnwWYu9Wa0l2cuFmcUBjM8hTQzwHewVTN1E0M8ZzMENDf3cTNENDf4BHOBNDf4BXO0cTQzwHN0Q0M8dDOBNDf2UTNENDf4BHN3ETQzwHM1cDRzwnM5E0M8NDNENDf4B3N5ETQzwnNENDf4BnM3cTQzwHewVDNBNDf4BnM3UTQzwHewVDOxE0M8hzMBNDfzMTQzwXMzUDRzwHewljMxE0M8BjM3Q0M8lzMENDf4Q0M8NzNBNDflxWe0N3M3UDRzwXO4E0M8BjN3Q0M8hHc4ATMBNDf5E0M8VTMENDfxMDRzwHewdDNBNDf4BXN4cTQzwnN4cDRzwHewljM3E0M8hHcwE0M8JzN3Q0M8ZmZpdGfyUTQzwXN1cDRzwHewVTN3E0M8JjMENDfzEDRzw3NyQ0M8lTN3 ...[32347 bytes skipped]... | ||
http://www.selecom.co.za/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: selecom.co.za
Result:
GET / HTTP/1.1
Host: selecom.co.za
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: selecom.co.za
Referer: http://www.google.com/search?q=selecom.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: selecom.co.za
Referer: http://www.google.com/search?q=selecom.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=selecom.co.za
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://selecom.co.za/
Result: selecom.co.za is not infected or malware details are not published yet.
Result: selecom.co.za is not infected or malware details are not published yet.