Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=r-toner.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://r-toner.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://r-toner.com/ | 200 OK Content-Length: 34603 Content-Type: text/html | malicious |
Page code contains blacklisted domain: fujitsu.r-toner.com <?xml version="1.0" encoding="Shift_JIS"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja"> <head> <link rel="alternate" media="handheld" href="http://a-toner.com/m/" /> <meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS" /> <title> ...[4653 bytes skipped]... Malicious iFrame found. size: 223x228 src: http://www.r-toner.com/campaign/present01/present01.html This URL is marked by Yandex as suspicious <iframe src="http://www.r-toner.com/campaign/present01/present01.html" width="223" height="228" frameborder="0" scrolling="no"> Malicious iFrame found. size: 213x193 src: http://www.r-toner.com/campaign/2013calender2/calender121213-04/calender121213-04.html This URL is marked by Yandex as suspicious <iframe src="http://www.r-toner.com/campaign/2013calender2/calender121213-04/calender121213-04.html" width="213" height="193" frameborder="0" scrolling="no"> Malicious iFrame found. size: 223x255 src: http://www.r-toner.com/campaign/books20111104/books2.html This URL is marked by Yandex as suspicious <iframe src="http://www.r-toner.com/campaign/books20111104/books2.html" width="223" height="255" frameborder="0" scrolling="no"> | ||
http://www.r-toner.com/r-toner_js.js | 200 OK Content-Length: 1155 Content-Type: application/x-javascript | clean |
http://r-toner.com/swf/swf.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 03:19:07 GMT Location: http://www.r-toner.com/404.html Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9 Content-Length: 403 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.r-toner.com/404.html | HTTP/1.1 200 OK Connection: close Date: Mon, 22 Dec 2014 03:19:08 GMT Accept-Ranges: bytes ETag: "a981a0-6cc-507fd7b947340" Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9 Content-Length: 1740 Content-Type: text/html Last-Modified: Sun, 16 Nov 2014 17:49:25 GMT | clean |
http://www.r-toner.com/ | 200 OK Content-Length: 34603 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fujitsu.r-toner.com <?xml version="1.0" encoding="Shift_JIS"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja"> <head> <link rel="alternate" media="handheld" href="http://a-toner.com/m/" /> <meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS" /> <title> ...[4653 bytes skipped]... | ||
http://www.r-toner.com/swf/swf.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 03:19:10 GMT Location: http://www.r-toner.com/404.html Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9 Content-Length: 403 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.r-toner.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 03:19:11 GMT Location: http://www.r-toner.com/404.html Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9 Content-Length: 403 Content-Type: text/html; charset=iso-8859-1 | clean |
https://gsl-co2.com/mark/?siteh=http://www.r-toner.com/ | 200 OK Content-Length: 503 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: r-toner.com if (location.hostname == 'r-toner.com' || location.hostname == 'www.r-toner.com') { document.write('<a href="https://gsl-co2.com/mark/license.php?siteh=http://www.r-toner.com/" onclick="window.open(\'https://gsl-co2.com/mark/license.php?siteh=http://www.r-toner.com/\', \'_blank\', \'width=500,height=625,resizable=no,status=0\'); return false;">'); document.write('<img src="https://gsl-co2.com/license/seal.png" border="0" width="60" height="75" />'); document.write('</a>'); } | ||
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 110239 Content-Type: application/javascript | clean |
http://script.trackfeed.com/usr/0a16b78632.js | 200 OK Content-Length: 2182 Content-Type: text/html | clean |
http://script.trackfeed.com/usr/${site_url}?r=${uid} | 404 Not Found Content-Length: 213 Content-Type: text/html | clean |
http://j1.ax.xrea.com/l.j?id=100673863 | 200 OK Content-Length: 6413 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: r-toner.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:19:04 GMT
Accept-Ranges: bytes
ETag: "a98187-872b-5095d10dbc4c0"
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 34603
Content-Type: text/html
Last-Modified: Thu, 04 Dec 2014 05:16:43 GMT
...34603 bytes of data.
GET / HTTP/1.1
Host: r-toner.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:19:04 GMT
Accept-Ranges: bytes
ETag: "a98187-872b-5095d10dbc4c0"
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 34603
Content-Type: text/html
Last-Modified: Thu, 04 Dec 2014 05:16:43 GMT
...34603 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: r-toner.com
Referer: http://www.google.com/search?q=r-toner.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: r-toner.com
Referer: http://www.google.com/search?q=r-toner.com
Result:
The result is similar to the first query. There are no suspicious redirects found.