Scanned pages/files
Request | Server response | Status |
http://daytonaautohi.com/ | 200 OK Content-Length: 14342 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Brwa-yk <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  <meta name='keywords' http-equiv='content-type' content='Hacked By Brwa-yk' /> <meta name='description' http-equiv='content-type' content='Hacked By Brwa-yk' /> <title>Hacked By Brwa-yk</title> <link href="css/style.css" rel="stylesheet" type="text/css" /> <link href="public/css.css" rel="stylesheet" type="text/css" /> </head> <body topmargin="0" bottommargin="0"> <div id="main" style="margin-top:-15px;"> <div id="apDi ...[17347 bytes skipped]... | ||
http://www.statcounter.com/counter/counter.js | 200 OK Content-Length: 21400 Content-Type: application/x-javascript | clean |
http://daytonaautohi.com/index.php | 200 OK Content-Length: 14342 Content-Type: text/html | clean |
http://daytonaautohi.com/car.php | 200 OK Content-Length: 29049 Content-Type: text/html | clean |
http://daytonaautohi.com/about.php?action=hr | 200 OK Content-Length: 5694 Content-Type: text/html | clean |
http://daytonaautohi.com/about.php?action=contact | 200 OK Content-Length: 3998 Content-Type: text/html | clean |
http://daytonaautohi.com/staff.php | 200 OK Content-Length: 5663 Content-Type: text/html | clean |
http://daytonaautohi.com/service.php | 200 OK Content-Length: 10199 Content-Type: text/html | clean |
http://daytonaautohi.com/loan.php | 200 OK Content-Length: 7533 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function CarLoanCalculator() { form = document.myform LoanAmount= form.LoanAmount.value DownPayment= "0" AnnualInterestRate = form.InterestRate.value/100 Years= form.NumberOfYears.value MonthRate=AnnualInterestRate/12 NumPayments=Years*12 Prin=LoanAmount-DownPayment MonthPayment=Math.floor((Prin*MonthRate)/(1-Math.pow((1+MonthRate),(-1*NumPayments)))*100)/100 form.MonthlyPayment.value=MonthPayment } Antivirus reports:
| ||
http://daytonaautohi.com/about.php?action=server | 200 OK Content-Length: 9262 Content-Type: text/html | clean |
http://daytonaautohi.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://daytonaautohi.com/car.php?leibie=34 | 200 OK Content-Length: 6429 Content-Type: text/html | clean |
http://daytonaautohi.com/car_show.php?id=248 | 200 OK Content-Length: 9131 Content-Type: text/html | clean |
http://daytonaautohi.com/Photos.php?id=248 | 200 OK Content-Length: 3661 Content-Type: text/html | clean |
http://daytonaautohi.com/js/FancyZoom.js | 200 OK Content-Length: 23027 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: daytonaautohi.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 20 Jul 2015 14:47:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: daytonaautohi.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 20 Jul 2015 14:47:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: daytonaautohi.com
Referer: http://www.google.com/search?q=daytonaautohi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: daytonaautohi.com
Referer: http://www.google.com/search?q=daytonaautohi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=daytonaautohi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://daytonaautohi.com/
Result: daytonaautohi.com is not infected or malware details are not published yet.
Result: daytonaautohi.com is not infected or malware details are not published yet.