New scan:

Malware Scanner report for r-toner.com

Malicious/Suspicious/Total urls checked
1/2/12
3 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "r-toner.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
3/0/3
3 malicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=r-toner.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://r-toner.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://r-toner.com/
200 OK
Content-Length: 34603
Content-Type: text/html
malicious
Page code contains blacklisted domain: fujitsu.r-toner.com

<?xml version="1.0" encoding="Shift_JIS"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja">
<head>
<link rel="alternate" media="handheld" href="http://a-toner.com/m/" />
<meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS" />
<title>
...[4653 bytes skipped]...

Malicious iFrame found.
size: 223x228     
src: http://www.r-toner.com/campaign/present01/present01.html
This URL is marked by Yandex as suspicious

<iframe src="http://www.r-toner.com/campaign/present01/present01.html" width="223" height="228" frameborder="0" scrolling="no">

Malicious iFrame found.
size: 213x193     
src: http://www.r-toner.com/campaign/2013calender2/calender121213-04/calender121213-04.html
This URL is marked by Yandex as suspicious

<iframe src="http://www.r-toner.com/campaign/2013calender2/calender121213-04/calender121213-04.html" width="213" height="193" frameborder="0" scrolling="no">

Malicious iFrame found.
size: 223x255     
src: http://www.r-toner.com/campaign/books20111104/books2.html
This URL is marked by Yandex as suspicious

<iframe src="http://www.r-toner.com/campaign/books20111104/books2.html" width="223" height="255" frameborder="0" scrolling="no">

http://www.r-toner.com/r-toner_js.js
200 OK
Content-Length: 1155
Content-Type: application/x-javascript
clean
http://r-toner.com/swf/swf.js
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 03:19:07 GMT
Location: http://www.r-toner.com/404.html
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 403
Content-Type: text/html; charset=iso-8859-1
clean
http://www.r-toner.com/404.html
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:19:08 GMT
Accept-Ranges: bytes
ETag: "a981a0-6cc-507fd7b947340"
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 1740
Content-Type: text/html
Last-Modified: Sun, 16 Nov 2014 17:49:25 GMT
clean
http://www.r-toner.com/
200 OK
Content-Length: 34603
Content-Type: text/html
suspicious
Page code contains blacklisted domain: fujitsu.r-toner.com

<?xml version="1.0" encoding="Shift_JIS"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja">
<head>
<link rel="alternate" media="handheld" href="http://a-toner.com/m/" />
<meta http-equiv="Content-Type" content="text/html; charset=Shift_JIS" />
<title>
...[4653 bytes skipped]...

http://www.r-toner.com/swf/swf.js
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 03:19:10 GMT
Location: http://www.r-toner.com/404.html
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 403
Content-Type: text/html; charset=iso-8859-1
clean
http://www.r-toner.com/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 03:19:11 GMT
Location: http://www.r-toner.com/404.html
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 403
Content-Type: text/html; charset=iso-8859-1
clean
https://gsl-co2.com/mark/?siteh=http://www.r-toner.com/
200 OK
Content-Length: 503
Content-Type: text/javascript
suspicious
Page code contains blacklisted domain: r-toner.com


if (location.hostname == 'r-toner.com' || location.hostname == 'www.r-toner.com') {
document.write('<a href="https://gsl-co2.com/mark/license.php?siteh=http://www.r-toner.com/" onclick="window.open(\'https://gsl-co2.com/mark/license.php?siteh=http://www.r-toner.com/\', \'_blank\', \'width=500,height=625,resizable=no,status=0\'); return false;">');

document.write('<img src="https://gsl-co2.com/license/seal.png" border="0" width="60" height="75" />');

document.write('</a>');
}

http://platform.twitter.com/widgets.js
200 OK
Content-Length: 110239
Content-Type: application/javascript
clean
http://script.trackfeed.com/usr/0a16b78632.js
200 OK
Content-Length: 2182
Content-Type: text/html
clean
http://script.trackfeed.com/usr/${site_url}?r=${uid}
404 Not Found
Content-Length: 213
Content-Type: text/html
clean
http://j1.ax.xrea.com/l.j?id=100673863
200 OK
Content-Length: 6413
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: r-toner.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 03:19:04 GMT
Accept-Ranges: bytes
ETag: "a98187-872b-5095d10dbc4c0"
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.1h PHP/5.2.17 with Suhosin-Patch mod_apreq2-20051231/2.6.0 mod_perl/2.0.5 Perl/v5.8.9
Content-Length: 34603
Content-Type: text/html
Last-Modified: Thu, 04 Dec 2014 05:16:43 GMT

...34603 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: r-toner.com
Referer: http://www.google.com/search?q=r-toner.com

Result:
The result is similar to the first query. There are no suspicious redirects found.