New scan:

Malware Scanner report for ubuchule.co.za

Malicious/Suspicious/Total urls checked
0/0/6
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked By azab siyah  (59 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.ubuchule.co.za/
HTTP/1.1 200 OK
Date: Thu, 17 Dec 2015 06:08:15 GMT
Accept-Ranges: bytes
ETag: "1a57e441413d11:f6ac2"
Server: Microsoft-IIS/6.0
Content-Length: 23198
Content-Location: http://www.ubuchule.co.za/index.htm
Content-Type: text/html
Last-Modified: Fri, 30 Oct 2015 13:09:53 GMT
X-Powered-By: ASP.NET
clean
http://www.ubuchule.co.za/index.htm
200 OK
Content-Length: 23198
Content-Type: text/html
suspicious
Deface/Content modification. The following signature was found: Hacked By azab siyah

<script type="text/javascript">
function tb8_makeArray(n){
this.length = n;
return this.length;
}
tb8_messages = new tb8_makeArray(2);
tb8_messages[0] = "Hacked By azab siyah";
tb8_messages[1] = "Ananymous Cyber Team";
tb8_rptType = 'infinite';
tb8_rptNbr = 5;
tb8_speed = 100;
tb8_delay = 2000;
var tb8_counter=1;
var tb8_currMsg=0;
var tb8_tekst ="";
var tb8_i=0;
var tb8_TID = null;
function tb8_pisi(){
tb8_tekst = tb8_tekst + tb8_messages[tb8_currMsg].substring(tb8_i, tb8_i+1);
document.title = tb8_tekst;
tb8_sp=tb8_speed;
tb
...[25293 bytes skipped]...


https://googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Date: Thu, 17 Dec 2015 06:06:34 GMT
Pragma: no-cache
Accept-Ranges: none
Location: https://97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0B6KVua7D2SLCNDN2RW1ORmhZRWs/sp_tilang.js
Server: GSE
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Origin: *
Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25"
Alternate-Protocol: 443:quic,p=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
clean
https://97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Date: Thu, 17 Dec 2015 06:06:34 GMT
Pragma: no-cache
Accept-Ranges: none
Location: https://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js
Server: GSE
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp
Access-Control-Allow-Methods: GET,OPTIONS
Access-Control-Allow-Origin: *
Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25"
Alternate-Protocol: 443:quic,p=1
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
clean
https://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/host/0b6kvua7d2slcndn2rw1ormhzrws/sp_tilang.js
500 Can't connect to 8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com:443
Content-Length: 274
Content-Type: text/plain
clean
http://8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com/test404page.js
500 Can't connect to 8a61fe9fb92b3f315450c7d6b5d8d6d63b7316a2-97f96ce86e3ce912c790e99bca703b4cda51bc77.googledrive.com:80
Content-Length: 272
Content-Type: text/plain
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ubuchule.co.za

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ubuchule.co.za
Referer: http://www.google.com/search?q=ubuchule.co.za

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ubuchule.co.za

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ubuchule.co.za/

Result: ubuchule.co.za is not infected or malware details are not published yet.