Scanned pages/files
Request | Server response | Status |
http://www.daytonaautocenterhi.com/ | 200 OK Content-Length: 14427 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By MR.Moein <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  <meta name='keywords' http-equiv='content-type' content='' /> <meta name='description' http-equiv='content-type' content='Hacked By MR.Moein' /> <title>Hacked By MR.MoeinHacked By MR.MoeinHacked By MR.MoeinHacked By MR.MoeinHacked By MR.MoeinHacked By </title> <link href="css/style.css" rel="stylesheet" type="text/css" /> <link href="public/css.css" rel="stylesheet" type="text/css" /> </head> <body topmargin="0" bottommargin="0"> <div id="main" style="margin-top:-15px;"> <div id="apDiv1">&l ...[17356 bytes skipped]... | ||
http://www.statcounter.com/counter/counter.js | 200 OK Content-Length: 15530 Content-Type: application/x-javascript | clean |
http://www.daytonaautocenterhi.com/index.php | 200 OK Content-Length: 14427 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/car.php | 200 OK Content-Length: 29147 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/about.php?action=hr | 200 OK Content-Length: 5761 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/about.php?action=contact | 200 OK Content-Length: 4065 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/staff.php | 200 OK Content-Length: 5730 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/service.php | 200 OK Content-Length: 10266 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/loan.php | 200 OK Content-Length: 7600 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function CarLoanCalculator() { form = document.myform LoanAmount= form.LoanAmount.value DownPayment= "0" AnnualInterestRate = form.InterestRate.value/100 Years= form.NumberOfYears.value MonthRate=AnnualInterestRate/12 NumPayments=Years*12 Prin=LoanAmount-DownPayment MonthPayment=Math.floor((Prin*MonthRate)/(1-Math.pow((1+MonthRate),(-1*NumPayments)))*100)/100 form.MonthlyPayment.value=MonthPayment } Antivirus reports:
| ||
http://www.daytonaautocenterhi.com/about.php?action=server | 200 OK Content-Length: 9337 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/car.php?leibie=34 | 200 OK Content-Length: 4080 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/car.php?leibie=33 | 200 OK Content-Length: 4081 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/car.php?leibie=32 | 200 OK Content-Length: 10851 Content-Type: text/html | clean |
http://www.daytonaautocenterhi.com/car_show.php?id=239 | 200 OK Content-Length: 9207 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: daytonaautocenterhi.com
Result:
GET / HTTP/1.1
Host: daytonaautocenterhi.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: daytonaautocenterhi.com
Referer: http://www.google.com/search?q=daytonaautocenterhi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: daytonaautocenterhi.com
Referer: http://www.google.com/search?q=daytonaautocenterhi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=daytonaautocenterhi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://daytonaautocenterhi.com/
Result: daytonaautocenterhi.com is not infected or malware details are not published yet.
Result: daytonaautocenterhi.com is not infected or malware details are not published yet.