See:
https://urlquery.net/report/bce47fb0-0ee8-4526-aaf4-d22beaaad2fbDetected PHISHing via Word Press theme.
Reason as Sucuri gives it:
URL: scan for: -sitecheck.sucuri.net/results/cbs-semenov.ru/wp-content/
Your Browser: common webbrowser (third party cold reconnaissance scan on sucuri website blocked by their firewall -
Block ID: DIR081
Block reason: Directory listing denied.
This temporary block happens when our Intrusion Detection System (IDS) detects suspicious actions
and blocks a visitor's IP for a 30 minutes period.
N.B. Wonder whether their IDS firewall alert is also that aggressive,
when the scan comes from or through Google's VT?
A general domain Sucuri scan cannot scan properly, only gives server version info proliferation:
Scan for: htxp://cbs-semenov.ru
Hostname: -cbs-semenov.ru
IP address: 5.101.152.140
System Details:
Running on: nginx-reuseport/1.13.4
Loaded resources: GoogleSafe:
OK Load:
551ms Server: -5.101.152.140
nginx-reuseport/1.13.4 ASN: 198610 Russia
Beget Ltd Reverse DNS:
-m2.diffie.beget.ru
error: undefined function location.reload sourcecode:
<html><head><script>function set_cookie(){var now = new Date();var time = now.getTime();time += 19360000 * 1000;now.setTime(time);document.cookie='beget=begetok'+'; expires='+now.toGMTString()+'; path=/';}set_cookie();location.reload();;</script></head><body></body></html>
Also get this as I bring up mazilla malware browser and excactly this...
So is the website being cleansed? No, but it is not like given above, according to:
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=cbs-semenov.ru&ref_sel=GSP2&ua_sel=ff&fs=1Compare to scan results and flags here:
http://retire.insecurity.today/#!/scan/38ed7cbf465e92266995309835c77c054d333bca00733ffb28908c152a6e3157polonus
