Scanned pages/files
Request | Server response | Status |
http://thecranebeachhouse.com/ | 200 OK Content-Length: 27709 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- Hacked By ./-Disconnect --> <!-- Welcome Back ! --> document.write(unescape('%0A%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44%54%44%20%58%48%54%4D%4C%20%31%2E%30%20%54%72%61%6E%73%69%74%69%6F%6E%61%6C%2F%2F%45%4E%22%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%54%52%2F%78%68%74%6D%6C%31%2F%44%54%44%2F%78%68%74%6D%6C%31%2D%74%72%61%6E%73%69%74%69%6F%6E%61%6C%2E%64%74%64%22%3E%3C%68%74%6 Antivirus reports:
Deface/Content modification. The following signature was found: !-- Hacked By ./-Disconnect -- <Script Language='Javascript'>
<!-- Hacked By ./-Disconnect --> <!-- Welcome Back ! --> document.write(unescape('%0A%3C%21%44%4F%43%54%59%50%45%20%68%74%6D%6C%20%50%55%42%4C%49%43%20%22%2D%2F%2F%57%33%43%2F%2F%44%54%44%20%58%48%54%4D%4C%20%31%2E%30%20%54%72%61%6E%73%69%74%69%6F%6E%61%6C%2F%2F%45%4E%22%20%22%68%74%74%70%3A%2F%2F%77%77%77%2E%77%33%2E%6F%72%67%2F%54%52%2F%78%68%74%6D%6C%31%2F%44%54%44%2F%78%68%74%6D%6C%31%2D%74%72%61%6E%73%69%74%69%6F%6E%61 ...[27252 bytes skipped]... | ||
http://thecranebeachhouse.com/test404page.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://thecranebeachhouse.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thecranebeachhouse.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 01 Jan 2015 14:18:49 GMT
Server: nginx/1.6.2
Content-Type: text/html
GET / HTTP/1.1
Host: thecranebeachhouse.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 01 Jan 2015 14:18:49 GMT
Server: nginx/1.6.2
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: thecranebeachhouse.com
Referer: http://www.google.com/search?q=thecranebeachhouse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thecranebeachhouse.com
Referer: http://www.google.com/search?q=thecranebeachhouse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thecranebeachhouse.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thecranebeachhouse.com/
Result: thecranebeachhouse.com is not infected or malware details are not published yet.
Result: thecranebeachhouse.com is not infected or malware details are not published yet.