Malware Scanner report for gameka4ka.clan.su

Malicious/Suspicious/Total urls checked: 5/0/23

5 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://gameka4ka.clan.su/news/zemnaja_zhizn_presvjatoj_bogorodicy_s_opisaniem_ee_ikon/2015-05-24-550	200 OK Content-Length: 15161 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports: AntiVir JS/iFrame.YOT nProtect JS:Trojan.JS.Iframe.AM Emsisoft JS:Trojan.JS.Iframe.AM (B) Comodo TrojWare.JS.Kryptik.AH McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Iframe.AM NANO-Antivirus Trojan.Script.IFrame.igvg F-Secure JS:Trojan.JS.Iframe.AM Sophos Mal/Iframe-V GData JS:Trojan.JS.Iframe.AM BitDefender JS:Trojan.JS.Iframe.AM
http://s77.ucoz.net/src/jquery-1.7.2.js	200 OK Content-Length: 94840 Content-Type: text/javascript	clean
http://s77.ucoz.net/src/ulightbox/ulightbox.js	200 OK Content-Length: 22097 Content-Type: text/javascript	clean
http://s77.ucoz.net/src/uwnd.js?2	200 OK Content-Length: 228554 Content-Type: text/javascript	clean
http://s77.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6gameka4ka	200 OK Content-Length: 526 Content-Type: application/javascript	clean
http://s77.ucoz.net/src/socCom.js	200 OK Content-Length: 6344 Content-Type: text/javascript	clean
http://gameka4ka.clan.su//js.advideo.ru/aro.js/	404 Not Found Content-Length: 6869 Content-Type: text/html	clean
http://gameka4ka.clan.su/	200 OK Content-Length: 43098 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports: AntiVir JS/iFrame.YOT nProtect JS:Trojan.JS.Iframe.AM Emsisoft JS:Trojan.JS.Iframe.AM (B) Comodo TrojWare.JS.Kryptik.AH McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Iframe.AM NANO-Antivirus Trojan.Script.IFrame.igvg F-Secure JS:Trojan.JS.Iframe.AM Sophos Mal/Iframe-V GData JS:Trojan.JS.Iframe.AM BitDefender JS:Trojan.JS.Iframe.AM
http://gameka4ka.clan.su/blog	200 OK Content-Length: 7713 Content-Type: text/html	clean
http://gameka4ka.clan.su/index/0-3	200 OK Content-Length: 13164 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports: AntiVir JS/iFrame.YOT nProtect JS:Trojan.JS.Iframe.AM Emsisoft JS:Trojan.JS.Iframe.AM (B) Comodo TrojWare.JS.Kryptik.AH McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Iframe.AM NANO-Antivirus Trojan.Script.IFrame.igvg F-Secure JS:Trojan.JS.Iframe.AM Sophos Mal/Iframe-V GData JS:Trojan.JS.Iframe.AM BitDefender JS:Trojan.JS.Iframe.AM
http://gameka4ka.clan.su/test404page.js	404 Not Found Content-Length: 6869 Content-Type: text/html	clean
http://gameka4ka.clan.su/news/federalnyj_zakon_o_statuse_voennosluzhashhikh/2015-05-24-551	200 OK Content-Length: 13755 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports: AntiVir JS/iFrame.YOT nProtect JS:Trojan.JS.Iframe.AM Emsisoft JS:Trojan.JS.Iframe.AM (B) Comodo TrojWare.JS.Kryptik.AH McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Iframe.AM NANO-Antivirus Trojan.Script.IFrame.igvg F-Secure JS:Trojan.JS.Iframe.AM Sophos Mal/Iframe-V GData JS:Trojan.JS.Iframe.AM BitDefender JS:Trojan.JS.Iframe.AM
http://gameka4ka.clan.su/search/?q=Ð¤ÐµÐ´ÐµÑÐ°Ð»ÑÐ½ÑÐ¹ Ð·Ð°ÐºÐ¾Ð½ Ð ÑÑÐ°ÑÑÑÐµ Ð²Ð¾ÐµÐ½Ð½Ð¾ÑÐ»ÑÐ¶Ð°ÑÐ¸Ñ&m=blog	HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Sat, 05 Sep 2015 11:08:37 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:37 GMT; domain=.gameka4ka.clan.su; Set-Cookie: 6gameka4kauzll=1441451317; path=/; expires=Sun, 04-Sep-2016 11:08:37 GMT; domain=.gameka4ka.clan.su;	clean
http://keitb.ru/1325?charset=utf-8&keyword=Ð¤ÐµÐ´ÐµÑÐ°Ð»ÑÐ½ÑÐ¹	HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 05 Sep 2015 11:08:33 GMT	clean
http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Location: http://dl01.loadingqcc.name?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9 Server: nginx Content-Type: text/html; charset=UTF-8	clean
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/	HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Tue, 08 Sep 2015 11:08:33 GMT Set-Cookie: PHPSESSID=2g9l0mdjilc21dtc7i9g4997r6; path=/ X-Powered-By: PHP/5.3.10	clean
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9%2f	HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Sat, 05 Sep 2015 11:08:33 GMT Pragma: no-cache Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Tue, 08 Sep 2015 11:08:33 GMT Set-Cookie: PHPSESSID=di90sq6cjhl7lqv59175v3fud3; path=/ X-Powered-By: PHP/5.3.10	clean
http://gameka4ka.clan.su/news/lunnyj_kalendar_sadovoda_ogorodnika_2005g_l_nikolaev/2015-05-24-18	200 OK Content-Length: 14846 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports: AntiVir JS/iFrame.YOT nProtect JS:Trojan.JS.Iframe.AM Emsisoft JS:Trojan.JS.Iframe.AM (B) Comodo TrojWare.JS.Kryptik.AH McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B DrWeb SCRIPT.Virus Kaspersky HEUR:Trojan.Script.Iframer MicroWorld-eScan JS:Trojan.JS.Iframe.AM NANO-Antivirus Trojan.Script.IFrame.igvg F-Secure JS:Trojan.JS.Iframe.AM Sophos Mal/Iframe-V GData JS:Trojan.JS.Iframe.AM BitDefender JS:Trojan.JS.Iframe.AM
http://gameka4ka.clan.su/search/?q=ÐÑÐ½Ð½ÑÐ¹ ÐºÐ°Ð»ÐµÐ½Ð´Ð°ÑÑ ÑÐ°Ð´Ð¾Ð²Ð¾Ð´Ð°-Ð¾Ð³Ð¾ÑÐ¾Ð´Ð½Ð¸ÐºÐ° 2005Ð³ - Ð. ÐÐ¸ÐºÐ¾Ð»Ð°ÐµÐ²&m=blog	HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Sat, 05 Sep 2015 11:08:39 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:39 GMT; domain=.gameka4ka.clan.su; Set-Cookie: 6gameka4kauzll=1441451319; path=/; expires=Sun, 04-Sep-2016 11:08:39 GMT; domain=.gameka4ka.clan.su;	clean
http://keitb.ru/1325?charset=utf-8&keyword=ÐÑÐ½Ð½ÑÐ¹	HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Sat, 05 Sep 2015 11:08:35 GMT Pragma: no-cache Location: http://kered.ru/lp/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&service=LoadBooks&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Sat, 05 Sep 2015 11:08:35 GMT	clean
http://kered.ru/lp/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&service=loadbooks&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1	HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 05 Sep 2015 11:08:35 GMT Location: http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk Server: nginx Content-Type: text/html; charset=UTF-8	clean
http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk	200 OK Content-Length: 74233 Content-Type: text/html	clean
http://l0adbbukus.cuisines.pp.ua/js/jquery.min.js	200 OK Content-Length: 93867 Content-Type: application/x-javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gameka4ka.clan.su

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Server: uServ/3.2.2
Content-Length: 43098
Content-Type: text/html; charset=UTF-8

...43098 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: gameka4ka.clan.su
Referer: http://www.google.com/search?q=gameka4ka.clan.su

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gameka4ka.clan.su

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://gameka4ka.clan.su/

Result: gameka4ka.clan.su is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for gameka4ka.clan.su

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools