Scanned pages/files
Request | Server response | Status |
http://honeymooncruises.us/ | 200 OK Content-Length: 84654 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED By Iran-Cyber , Owned By Iran-Cyber , Defaced By iran-cyber , hack by iran-cyber , Hacked By ...[591 bytes skipped]... itle>Home - Honeymoon Cruises</title> <link rel="pingback" href="<html> </head><body alink="gray" bgcolor="black" vlink="gray" link="gray" text="white" charset="utf-8"><center> <title>ICSG</title> <center> <br> <script src="http://alibabadlove.ir/wp-content/languages/themes/ic.js"></script>HACKED By Iran-Cyber , Owned By Iran-Cyber , Defaced By iran-cyber , hack by iran-cyber , Hacked By Iran Cyber Security group <br><br> <font size=2 Color=red>Hacked By Iran Cyber Security group<br><br>/xmlrpc.php" /> <!--[if lt IE 9]> <script src="" type="text/javascript"></script> <![endif]--> <link href="_lib/css/resbox.css" rel="stylesheet" /> <link href="_lib/css/jquery-ui-1.10.3.custom.min.css" rel="stylesheet" /> <script ty ...[93793 bytes skipped]... | ||
http://alibabadlove.ir/wp-content/languages/themes/ic.js | 200 OK Content-Length: 1138 Content-Type: application/javascript | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...200 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/test404page.js | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...211 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...230 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
https://www.travelnow.com/templates/454993/static/19/default/js/yui2/yuiloader/yuiloader-min.js | 200 OK Content-Length: 29500 Content-Type: text/javascript | clean |
https://www.travelnow.com/templates/454993/static/19/default/js/locales/locale_es_MX.js | 200 OK Content-Length: 1160 Content-Type: text/javascript | clean |
http://honeymooncruises.us//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 14 Jul 2015 04:52:10 GMT Pragma: no-cache Location: http://honeymooncruises.us/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: nginx/1.8.0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT | clean |
http://honeymooncruises.us/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 79431 Content-Type: text/html | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...236 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...230 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...211 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...210 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...218 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
http://html_/headbody_alink=%22gray%22+bgcolor%3D%22black%22+vlink%3D%22gray%22+link%3D%22gray%22+text%3D%22white%22+charset%3D%22utf-8%22%3E%3Ccenter%3E+%3Ctitle%3EICSG%3C%2Ftitle%3E+%3Ccenter%3E+%3Cbr%3E+%3Cscript+src%3D%22http%3A%2F%2Falibabadlove.ir%2Fwp-content%2Flanguages%2Fthemes%2Fic.js%22%3E%3C%2Fscript%3EHACKED+By+Iran-Cyber+%2C+Owned+By+Iran-Cyber+%2C+Defaced+By+iran-cyber+%2C+hack+by+i <span>...203 symbols skipped</span> | 500 Can't connect to html_:80 Content-Length: 180 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: honeymooncruises.us
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 14 Jul 2015 04:52:06 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://honeymooncruises.us/>; rel=shortlink
Set-Cookie: PHPSESSID=bdb62bba3a83aefe68ab6299959416a1; path=/
GET / HTTP/1.1
Host: honeymooncruises.us
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 14 Jul 2015 04:52:06 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://honeymooncruises.us/>; rel=shortlink
Set-Cookie: PHPSESSID=bdb62bba3a83aefe68ab6299959416a1; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: honeymooncruises.us
Referer: http://www.google.com/search?q=honeymooncruises.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: honeymooncruises.us
Referer: http://www.google.com/search?q=honeymooncruises.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=honeymooncruises.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://honeymooncruises.us/
Result: honeymooncruises.us is not infected or malware details are not published yet.
Result: honeymooncruises.us is not infected or malware details are not published yet.