UWS Cyber Breach

If you go to the University of the West of Scotland’s Web site at the current time, you get:

UWS Cyber Breach

If you go to the University of the West of Scotland’s Web site at the current time, you get:

At first sight, this could to be a standard domain take-over, and where the HTTPs certificate is valid:

But, when we do a lookup, we see that the domain name has been parked at 3dqkz9i.x.incapdns.net:

 % nslookup www.uws.ac.uk
Server:  8.8.8.8
Address: 8.8.8.8#53

Non-authoritative answer:
www.uws.ac.uk canonical name = 3dqkz9i.x.incapdns.net.
Name: 3dqkz9i.x.incapdns.net
Address: 107.154.112.136

Overall, Incapsula is a cloud-based hosting company — it may be that the university is using the cloud provider for their hosting. Generally, it is not recommended to actually log into the site (even though the password hint is ‘Google’), as the main page seems to have a redirected site on the redirected site:

Generally, there is a sign of the usage of WordPress, and which may be used to deliver the UWS Web pages (wp-content is a typical folder used to store digital content on a Word Press site) — this might point to a WordPress site take-over:

If we go to the Way Back engine, the last recorded site archive was on 1 July [here]:

Overall, the HTML is there is signs of WordPress being used:

If we try some of the links above we get:

But some of the pages look untouched:

Conclusions

Take care of your domain names!