Scanned pages/files
| Request | Server response | Status |
http://icxchost.com/ | 200 OK Content-Length: 6759 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HaCkEd By Dr.HaCkEr ...[4644 bytes skipped]... </div> <div id="wrapper2" class="shownocolumns"> <div id="main"> <div class="blog-featured"> <h1> Home </h1> <div class="items-leading"> <div class="leading-0"> <h2> <a href="/index.php/2-uncategorised/1-hacked-by-troyanblack"> HaCkEd By Dr.HaCkEr</a> </h2> <ul class="actions"> <li class="print-icon"> <a href="/index.php/2-uncategorised/1-hacked-by-troyanblack?tmpl=component&print=1&page=" title="Print" onclick="window.open(this.href,'win2','status=no,toolbar=no,scrollbars=yes,titlebar=no,menubar=no,resizable=yes,width=640,height=480,directories=no,location=no'); return false;" rel="nofollow"><img src="/media/system/images/printButton.png" ...[2977 bytes skipped]... | ||
http://icxchost.com/media/system/js/core.js | 200 OK Content-Length: 3616 Content-Type: application/javascript | clean |
http://icxchost.com/media/system/js/mootools-core.js | 200 OK Content-Length: 83987 Content-Type: application/javascript | clean |
http://icxchost.com/media/system/js/caption.js | 200 OK Content-Length: 800 Content-Type: application/javascript | clean |
http://icxchost.com/media/system/js/mootools-more.js | 200 OK Content-Length: 224389 Content-Type: application/javascript | clean |
http://icxchost.com/templates/beez5/javascript/md_stylechanger.js | 200 OK Content-Length: 2104 Content-Type: application/javascript | clean |
http://icxchost.com/templates/beez5/javascript/hide.js | 200 OK Content-Length: 7704 Content-Type: application/javascript | clean |
http://icxchost.com/index.php/2-uncategorised/1-hacked-by-troyanblack | 200 OK Content-Length: 6555 Content-Type: text/html | clean |
http://icxchost.com/index.php/2-uncategorised/ | 200 OK Content-Length: 7281 Content-Type: text/html | clean |
http://icxchost.com/index.php/2-uncategorised/1-hacked-by-troyanblack?tmpl=component&print=1&page= | 200 OK Content-Length: 3594 Content-Type: text/html | clean |
http://icxchost.com/index.php/2-uncategorised | 200 OK Content-Length: 7280 Content-Type: text/html | clean |
http://icxchost.com/index.php/ | 200 OK Content-Length: 6764 Content-Type: text/html | clean |
http://icxchost.com/index.php/component/mailto/?tmpl=component&template=beez5&link=9239185e207a69416e4374f3cc53d2049c2d2692 | 200 OK Content-Length: 3893 Content-Type: text/html | clean |
http://icxchost.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: icxchost.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 27 Jun 2015 23:14:03 GMT
Pragma: no-cache
Server: Apache
Content-Length: 6759
Content-Type: text/html; charset=utf-8
Set-Cookie: 3277718f30721b18a67e1a651aac0210=d12be90b456770ab856921adcdea8a84; path=/
X-Powered-By: PHP/5.3.28
...6759 bytes of data.
GET / HTTP/1.1
Host: icxchost.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 27 Jun 2015 23:14:03 GMT
Pragma: no-cache
Server: Apache
Content-Length: 6759
Content-Type: text/html; charset=utf-8
Set-Cookie: 3277718f30721b18a67e1a651aac0210=d12be90b456770ab856921adcdea8a84; path=/
X-Powered-By: PHP/5.3.28
...6759 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: icxchost.com
Referer: http://www.google.com/search?q=icxchost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: icxchost.com
Referer: http://www.google.com/search?q=icxchost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=icxchost.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://icxchost.com/
Result: icxchost.com is not infected or malware details are not published yet.
Result: icxchost.com is not infected or malware details are not published yet.