Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=holodnoavto.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://holodnoavto.ru/ | 200 OK Content-Length: 44027 Content-Type: text/html | clean |
http://up.bot.nu/go/796 | 500 Can't connect to up.bot.nu:80 Content-Length: 184 Content-Type: text/plain | clean |
http://up.bot.nu/test404page.js | 500 Can't connect to up.bot.nu:80 Content-Length: 184 Content-Type: text/plain | clean |
http://holodnoavto.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 99777 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createE Antivirus reports:
| ||
http://holodnoavto.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 72181 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function c(b,c){var e=b.nodeName.toLowerCase();if("area"===e){var f=b.parentNode,g=f.name,h;return!b.href||!g||f.nodeName.toLowerCase()!=="map"?!1:(h=a("img[usemap=#"+g+"]")[0],!!h&&d(h))}return(/input|select|textarea|button|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).length}a.ui=a.ui||{};if(a.ui.version)return;a.ext Antivirus reports:
| ||
http://holodnoavto.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 26078 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var c_cache=[];
function RunAjaxJS(a,b){var c=new Date,d=!1,c=c.getTime(),e=/<script.*?>(.|[\r\n])*?<\/script>/ig,f=e.exec(b);if(null!=f){for(var g=Array(f.shift()),d=!0;f;)f=e.exec(b),null!=f&&g.push(f.shift());for(e=0;e<g.length;e++)b=b.replace(g[e],'<span id="'+c+e+'" style="display:none;"></span>')}$("#"+a).html(b);if(d){d=/<script.*?>((.|[\r\n])*?)<\/script>/ig;for(e=0;e<g.length;e++){var h=document.getElementById(c+""+e),f=h.parentNode Antivirus reports:
| ||
http://holodnoavto.ru/templates/auto-new/js/libs.js | 200 OK Content-Length: 6426 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var logopened=false;
$(document).ready(function(){ $('#logbtn').click(function(){ if(logopened) { $('#logform').hide('fast'); $('#logbtn').removeClass('selected'); } else { $('#logform').show('fast'); $('#logbtn').addClass('selected'); } logopened=!logopened; return false; }); }).click(function( Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: holodnoavto.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 18 Jan 2015 02:00:52 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fb05dad08c8faa0c2ec173c448720418; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: holodnoavto.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 18 Jan 2015 02:00:52 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fb05dad08c8faa0c2ec173c448720418; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.holodnoavto.ru; httponly
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: holodnoavto.ru
Referer: http://www.google.com/search?q=holodnoavto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: holodnoavto.ru
Referer: http://www.google.com/search?q=holodnoavto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.