New scan:

Malware Scanner report for gameka4ka.clan.su

Malicious/Suspicious/Total urls checked
5/0/23
5 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://gameka4ka.clan.su/news/zemnaja_zhizn_presvjatoj_bogorodicy_s_opisaniem_ee_ikon/2015-05-24-550
200 OK
Content-Length: 15161
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1))

Antivirus reports:

AntiVir
JS/iFrame.YOT
nProtect
JS:Trojan.JS.Iframe.AM
Emsisoft
JS:Trojan.JS.Iframe.AM (B)
Comodo
TrojWare.JS.Kryptik.AH
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.JS.Iframe.AM
NANO-Antivirus
Trojan.Script.IFrame.igvg
F-Secure
JS:Trojan.JS.Iframe.AM
Sophos
Mal/Iframe-V
GData
JS:Trojan.JS.Iframe.AM
BitDefender
JS:Trojan.JS.Iframe.AM

http://s77.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s77.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s77.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean
http://s77.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=6gameka4ka
200 OK
Content-Length: 526
Content-Type: application/javascript
clean
http://s77.ucoz.net/src/socCom.js
200 OK
Content-Length: 6344
Content-Type: text/javascript
clean
http://gameka4ka.clan.su//js.advideo.ru/aro.js/
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://gameka4ka.clan.su/
200 OK
Content-Length: 43098
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1))

Antivirus reports:

AntiVir
JS/iFrame.YOT
nProtect
JS:Trojan.JS.Iframe.AM
Emsisoft
JS:Trojan.JS.Iframe.AM (B)
Comodo
TrojWare.JS.Kryptik.AH
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.JS.Iframe.AM
NANO-Antivirus
Trojan.Script.IFrame.igvg
F-Secure
JS:Trojan.JS.Iframe.AM
Sophos
Mal/Iframe-V
GData
JS:Trojan.JS.Iframe.AM
BitDefender
JS:Trojan.JS.Iframe.AM

http://gameka4ka.clan.su/blog
200 OK
Content-Length: 7713
Content-Type: text/html
clean
http://gameka4ka.clan.su/index/0-3
200 OK
Content-Length: 13164
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1))

Antivirus reports:

AntiVir
JS/iFrame.YOT
nProtect
JS:Trojan.JS.Iframe.AM
Emsisoft
JS:Trojan.JS.Iframe.AM (B)
Comodo
TrojWare.JS.Kryptik.AH
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.JS.Iframe.AM
NANO-Antivirus
Trojan.Script.IFrame.igvg
F-Secure
JS:Trojan.JS.Iframe.AM
Sophos
Mal/Iframe-V
GData
JS:Trojan.JS.Iframe.AM
BitDefender
JS:Trojan.JS.Iframe.AM

http://gameka4ka.clan.su/test404page.js
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://gameka4ka.clan.su/news/federalnyj_zakon_o_statuse_voennosluzhashhikh/2015-05-24-551
200 OK
Content-Length: 13755
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1))

Antivirus reports:

AntiVir
JS/iFrame.YOT
nProtect
JS:Trojan.JS.Iframe.AM
Emsisoft
JS:Trojan.JS.Iframe.AM (B)
Comodo
TrojWare.JS.Kryptik.AH
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.JS.Iframe.AM
NANO-Antivirus
Trojan.Script.IFrame.igvg
F-Secure
JS:Trojan.JS.Iframe.AM
Sophos
Mal/Iframe-V
GData
JS:Trojan.JS.Iframe.AM
BitDefender
JS:Trojan.JS.Iframe.AM

http://gameka4ka.clan.su/search/?q=Федеральный закон О статусе военнослужащих&m=blog
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sat, 05 Sep 2015 11:08:37 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:37 GMT; domain=.gameka4ka.clan.su;
Set-Cookie: 6gameka4kauzll=1441451317; path=/; expires=Sun, 04-Sep-2016 11:08:37 GMT; domain=.gameka4ka.clan.su;
clean
http://keitb.ru/1325?charset=utf-8&keyword=Федеральный
HTTP/1.1 302 Moved Temporarily
Cache-Control: max-age=0
Connection: close
Date: Sat, 05 Sep 2015 11:08:33 GMT
Pragma: no-cache
Location: http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Sat, 05 Sep 2015 11:08:33 GMT
clean
http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 05 Sep 2015 11:08:33 GMT
Location: http://dl01.loadingqcc.name?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&sid=178153237&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9
Server: nginx
Content-Type: text/html; charset=UTF-8
clean
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/
HTTP/1.1 302 Found
Cache-Control: max-age=259200
Connection: close
Date: Sat, 05 Sep 2015 11:08:33 GMT
Pragma: no-cache
Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F
Server: nginx/1.0.14
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Tue, 08 Sep 2015 11:08:33 GMT
Set-Cookie: PHPSESSID=2g9l0mdjilc21dtc7i9g4997r6; path=/
X-Powered-By: PHP/5.3.10
clean
http://dl01.loadingqcc.name?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&sid=178153237&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9/?page=lending&type=book&img=http%3a%2f%2fkered.ru%2f1.png&size=0&ext=zip&key=%d0%a4%d0%b5%d0%b4%d0%b5%d1%80%d0%b0%d0%bb%d1%8c%d0%bd%d1%8b%d0%b9%2f
HTTP/1.1 302 Found
Cache-Control: max-age=259200
Connection: close
Date: Sat, 05 Sep 2015 11:08:33 GMT
Pragma: no-cache
Location: /?page=lending&type=book&img=http%3A%2F%2Fkered.ru%2F1.png&size=0&ext=zip&key=%D0%A4%D0%B5%D0%B4%D0%B5%D1%80%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B9%2F
Server: nginx/1.0.14
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Tue, 08 Sep 2015 11:08:33 GMT
Set-Cookie: PHPSESSID=di90sq6cjhl7lqv59175v3fud3; path=/
X-Powered-By: PHP/5.3.10
clean
http://gameka4ka.clan.su/news/lunnyj_kalendar_sadovoda_ogorodnika_2005g_l_nikolaev/2015-05-24-18
200 OK
Content-Length: 14846
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1))

Antivirus reports:

AntiVir
JS/iFrame.YOT
nProtect
JS:Trojan.JS.Iframe.AM
Emsisoft
JS:Trojan.JS.Iframe.AM (B)
Comodo
TrojWare.JS.Kryptik.AH
McAfee-GW-Edition
Heuristic.LooksLike.HTML.Infected.B
DrWeb
SCRIPT.Virus
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
JS:Trojan.JS.Iframe.AM
NANO-Antivirus
Trojan.Script.IFrame.igvg
F-Secure
JS:Trojan.JS.Iframe.AM
Sophos
Mal/Iframe-V
GData
JS:Trojan.JS.Iframe.AM
BitDefender
JS:Trojan.JS.Iframe.AM

http://gameka4ka.clan.su/search/?q=Лунный календарь садовода-огородника 2005г - Л. Николаев&m=blog
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Sat, 05 Sep 2015 11:08:39 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 6gameka4kauCoz=; path=/; expires=Thu, 05-Sep-2013 11:08:39 GMT; domain=.gameka4ka.clan.su;
Set-Cookie: 6gameka4kauzll=1441451319; path=/; expires=Sun, 04-Sep-2016 11:08:39 GMT; domain=.gameka4ka.clan.su;
clean
http://keitb.ru/1325?charset=utf-8&keyword=Лунный
HTTP/1.1 302 Moved Temporarily
Cache-Control: max-age=0
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Pragma: no-cache
Location: http://kered.ru/lp/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&service=LoadBooks&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Sat, 05 Sep 2015 11:08:35 GMT
clean
http://kered.ru/lp/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&service=loadbooks&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&cl=0&qr=1&dt=0&trans=0&pu=1&wap=1
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Location: http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%D0%9B%D1%83%D0%BD%D0%BD%D1%8B%D0%B9&i=http%3A%2F%2Fkered.ru%2F1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk
Server: nginx
Content-Type: text/html; charset=UTF-8
clean
http://l0adbbukus.cuisines.pp.ua/?r=8398&q=%d0%9b%d1%83%d0%bd%d0%bd%d1%8b%d0%b9&i=http%3a%2f%2fkered.ru%2f1.png&type=book&size=3&date=4&hm=1&hs=1&qr=1&pu=1&wap=1&comt=vk
200 OK
Content-Length: 74233
Content-Type: text/html
clean
http://l0adbbukus.cuisines.pp.ua/js/jquery.min.js
200 OK
Content-Length: 93867
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gameka4ka.clan.su

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 05 Sep 2015 11:08:35 GMT
Server: uServ/3.2.2
Content-Length: 43098
Content-Type: text/html; charset=UTF-8

...43098 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gameka4ka.clan.su
Referer: http://www.google.com/search?q=gameka4ka.clan.su

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gameka4ka.clan.su

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gameka4ka.clan.su/

Result: gameka4ka.clan.su is not infected or malware details are not published yet.