Scanned pages/files
Request | Server response | Status |
http://crcarpriceservice.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 05:51:26 GMT Location: http://www.consumerreports.org/cro/cars/index.htm Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.consumerreports.org/cro/cars/index.htm | 200 OK Content-Length: 168938 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=5k6ppe8z;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=5k6ppe8z;ord=1? <iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=5k6ppe8z;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=5k6ppe8z;ord= <iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=5k6ppe8z;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/jquery-1.11.0.min.js | 200 OK Content-Length: 96381 Content-Type: application/javascript | clean |
http://crcarpriceservice.com/etc/designs/cro/application-resources/scripts/jquery-migrate-1.2.1.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 05:51:30 GMT Location: http://www.consumerreports.org/cro/cars/index.htm Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.consumerreports.org/test404page.js | HTTP/1.1 404 Not Found Cache-Control: max-age=0, private, no-store, no-cache, must-revalidate Connection: close Date: Fri, 29 Aug 2014 05:51:30 GMT Accept-Ranges: bytes Server: Apache Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=UTF-8 X-PWI-Host-ID: web06 X-PWI-Service-Time: Serviced at unix time t=1409291490934455 in D=23899 microseconds X-PWI-Worker-Name: (null) | clean |
http://www.consumerreports.org/cro/index.htm | 200 OK Content-Length: 161119 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=cvutlljb;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x1 style: hidden src: http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=cvutlljb;ord=1? <iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=cvutlljb;ord=1?" width="1" height="1" frameborder="0" style="display:none"> Hidden iFrame found. size: 1x1 style: hidden src: http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=cvutlljb;ord= <iframe src="http://3775131.fls.doubleclick.net/activityi;src=3775131;type=invmedia;cat=cvutlljb;ord=' + a + '?" width="1" height="1" frameborder="0" style="display:none"> | ||
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/jquery-migrate-1.2.1.js | 200 OK Content-Length: 16618 Content-Type: application/javascript | clean |
http://www.consumerreports.org//cdn.optimizely.com/js/69071259.js/ | HTTP/1.1 404 Not Found Cache-Control: max-age=0, private, no-store, no-cache, must-revalidate Connection: close Date: Fri, 29 Aug 2014 05:51:34 GMT Accept-Ranges: bytes Server: Apache Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=UTF-8 X-PWI-Host-ID: web02 X-PWI-Service-Time: Serviced at unix time t=1409291494257378 in D=2333 microseconds X-PWI-Worker-Name: (null) | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/jquery.tools.min-1.2.5.js | 200 OK Content-Length: 46531 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/jquery.cookie.js | 200 OK Content-Length: 4247 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/modules/header/scripts/header.js | 200 OK Content-Length: 2747 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/modules/header/scripts/typeahead.js | 200 OK Content-Length: 19599 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/shared-resources/scripts/sx-render.js | 200 OK Content-Length: 11418 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/oas_analytics.js | 200 OK Content-Length: 947 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/application-resources/scripts/iframeDialog.js | 200 OK Content-Length: 4720 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/resources/js/mbox.js | 200 OK Content-Length: 67 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/shared-resources/scripts/forsee-survey/foresee-code.js | 200 OK Content-Length: 7318 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/shared-resources/scripts/forsee-survey/oeLauncher.js | 200 OK Content-Length: 51704 Content-Type: application/javascript | clean |
http://www.consumerreports.org/etc/designs/cro/shared-resources/scripts/event-handlers.js | 200 OK Content-Length: 353 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: crcarpriceservice.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 29 Aug 2014 05:51:26 GMT
Location: http://www.consumerreports.org/cro/cars/index.htm
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: crcarpriceservice.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 29 Aug 2014 05:51:26 GMT
Location: http://www.consumerreports.org/cro/cars/index.htm
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: crcarpriceservice.com
Referer: http://www.google.com/search?q=crcarpriceservice.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: crcarpriceservice.com
Referer: http://www.google.com/search?q=crcarpriceservice.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=crcarpriceservice.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://crcarpriceservice.com/
Result: crcarpriceservice.com is not infected or malware details are not published yet.
Result: crcarpriceservice.com is not infected or malware details are not published yet.