Scanned pages/files
Request | Server response | Status |
http://www.ubuchule.co.za/ | HTTP/1.1 200 OK Date: Thu, 17 Dec 2015 06:08:15 GMT Accept-Ranges: bytes ETag: "1a57e441413d11:f6ac2" Server: Microsoft-IIS/6.0 Content-Length: 23198 Content-Location: http://www.ubuchule.co.za/index.htm Content-Type: text/html Last-Modified: Fri, 30 Oct 2015 13:09:53 GMT X-Powered-By: ASP.NET | clean |
http://www.ubuchule.co.za/index.htm | 200 OK Content-Length: 23198 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By azab siyah <script type="text/javascript">
function tb8_makeArray(n){ this.length = n; return this.length; } tb8_messages = new tb8_makeArray(2); tb8_messages[0] = "Hacked By azab siyah"; tb8_messages[1] = "Ananymous Cyber Team"; tb8_rptType = 'infinite'; tb8_rptNbr = 5; tb8_speed = 100; tb8_delay = 2000; var tb8_counter=1; var tb8_currMsg=0; var tb8_tekst =""; var tb8_i=0; var tb8_TID = null; function tb8_pisi(){ tb8_tekst = tb8_tekst + tb8_messages[tb8_currMsg].substring(tb8_i, tb8_i+1); document.title = tb8_tekst; tb8_sp=tb8_speed; tb ...[25293 bytes skipped]... | ||
https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 17 Dec 2015 06:06:34 GMT Pragma: no-cache Accept-Ranges: none Location: https://97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 17 Dec 2015 06:06:34 GMT Pragma: no-cache Accept-Ranges: none Location: https://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js | 500 Can't connect to 8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com:443 Content-Length: 274 Content-Type: text/plain | clean |
http://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/test404page.js | 500 Can't connect to 8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com:80 Content-Length: 272 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ubuchule.co.za
Result:
GET / HTTP/1.1
Host: ubuchule.co.za
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ubuchule.co.za
Referer: http://www.google.com/search?q=ubuchule.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ubuchule.co.za
Referer: http://www.google.com/search?q=ubuchule.co.za
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ubuchule.co.za
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ubuchule.co.za/
Result: ubuchule.co.za is not infected or malware details are not published yet.
Result: ubuchule.co.za is not infected or malware details are not published yet.