Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=net-avto.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://net-avto.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://net-avto.ru/ | 200 OK Content-Length: 37130 Content-Type: text/html | clean |
http://net-avto.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 99777 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createE Antivirus reports:
| ||
http://net-avto.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 72181 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function c(b,c){var e=b.nodeName.toLowerCase();if("area"===e){var f=b.parentNode,g=f.name,h;return!b.href||!g||f.nodeName.toLowerCase()!=="map"?!1:(h=a("img[usemap=#"+g+"]")[0],!!h&&d(h))}return(/input|select|textarea|button|object/.test(e)?!b.disabled:"a"==e?b.href||c:c)&&d(b)}function d(b){return!a(b).parents().andSelf().filter(function(){return a.curCSS(this,"visibility")==="hidden"||a.expr.filters.hidden(this)}).length}a.ui=a.ui||{};if(a.ui.version)return;a.ext Antivirus reports:
| ||
http://net-avto.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 26078 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var c_cache=[];
function RunAjaxJS(a,b){var c=new Date,d=!1,c=c.getTime(),e=/<script.*?>(.|[\r\n])*?<\/script>/ig,f=e.exec(b);if(null!=f){for(var g=Array(f.shift()),d=!0;f;)f=e.exec(b),null!=f&&g.push(f.shift());for(e=0;e<g.length;e++)b=b.replace(g[e],'<span id="'+c+e+'" style="display:none;"></span>')}$("#"+a).html(b);if(d){d=/<script.*?>((.|[\r\n])*?)<\/script>/ig;for(e=0;e<g.length;e++){var h=document.getElementById(c+""+e),f=h.parentNode Antivirus reports:
| ||
http://net-avto.ru/templates/auto-new/js/libs.js | 200 OK Content-Length: 6426 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var logopened=false;
$(document).ready(function(){ $('#logbtn').click(function(){ if(logopened) { $('#logform').hide('fast'); $('#logbtn').removeClass('selected'); } else { $('#logform').show('fast'); $('#logbtn').addClass('selected'); } logopened=!logopened; return false; }); }).click(function( Antivirus reports:
| ||
http://net-avto.ru/novosti/ | 200 OK Content-Length: 40110 Content-Type: text/html | clean |
http://net-avto.ru/autoobzor/ | 200 OK Content-Length: 39761 Content-Type: text/html | clean |
http://net-avto.ru/autosport/ | 200 OK Content-Length: 39793 Content-Type: text/html | clean |
http://net-avto.ru/tuning/ | 200 OK Content-Length: 39692 Content-Type: text/html | clean |
http://net-avto.ru/testdrive/ | 200 OK Content-Length: 39574 Content-Type: text/html | clean |
http://net-avto.ru/sitemap.html | 200 OK Content-Length: 100776 Content-Type: text/html | clean |
http://net-avto.ru/addnews.html | 200 OK Content-Length: 21583 Content-Type: text/html | clean |
http://net-avto.ru/novosti/6599-lada-granta-s-avtomatom-poyavitsya-v-prodazhe-osenyu.html | 200 OK Content-Length: 28290 Content-Type: text/html | clean |
http://net-avto.ru/novosti/6598-dva-samyx-dorogix-pagani-zakazali-v-ukraine.html | 200 OK Content-Length: 28671 Content-Type: text/html | clean |
http://net-avto.ru/autosport/6597-kak-prodayutsya-ukrainskie-avto-v-rossii.html | 200 OK Content-Length: 29536 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: net-avto.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 13 Sep 2014 22:12:28 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8444f3c2cc20bc523757bb33b34679a6; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: net-avto.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 13 Sep 2014 22:12:28 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8444f3c2cc20bc523757bb33b34679a6; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.net-avto.ru; httponly
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: net-avto.ru
Referer: http://www.google.com/search?q=net-avto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: net-avto.ru
Referer: http://www.google.com/search?q=net-avto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.