Malware Scanner report for gta-4-now.narod.ru

Malicious/Suspicious/Total urls checked: 8/0/15

8 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://gta-4-now.narod.ru/index.html	200 OK Content-Length: 21208 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=nCWEVUCSvIVKYMWgc4U;qbGG0IitdpWY1mvx4PM0765tLZ6AR^Phi;uQQbg6pGgWju11W!5K^AlaUR6uYSAuHD8MhBN6xxKGBbbpftxrQMkZ52iNFWQuESVGeygtmqzAkH1tCf8aTGppVBxn	200 OK Content-Length: 2749 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/images/popup.js	200 OK Content-Length: 0 Content-Type: text/javascript	clean
http://gta-4-now.narod.ru/images/top100.js	200 OK Content-Length: 955 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!102!111!110!116!32!99!111!108!111!114!61!34!114!101!100!34!62!60!115!112!97!110!32!115!116!121!108!101!61!34!102!111!110!116!45!115!105!122!101!58!50!52!112!116!59!34!62!1057!1072!1081!1090!32!1074!1088!1077!1084!1077!1085!1085!1086!32!1079!1072!1082!1088!1099!1090!32!1085!1072!32!1088!1077!1082!1086!1085!1089!1090!1088!1091!1082!1094!1080!1102!46!60!47!115!112!97!110!62!60!47!102!111!110!116!62!60!47!112!62!10!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!60!105!109!103!32!97!108!105!103!110!61!34!97!98!115!109!105!100!100!108!101!34!32!115!114!99!61!34!105!109!97!103!101!115!47!105!109!103!46!106!112!103!34!32!32!98!111!114!100!101!114!61!34!48!34!62!60!47!112!62!10!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/offline-activation-gta4-y107.html	200 OK Content-Length: 20359 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=ROdPQeMJidQW2tvhH8Nd7rvTVeFjndivLGPJsTqBUdYUyy3Lkf3z2;B;KQOeWksJx9JQthZzabw61UyMzOZIU^ipK2mDseChtYdWhHOr;Rds;ya7vER9HB9SxbwgCuxlPJ!QB4eUFf4meJ92jiYo	200 OK Content-Length: 2729 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/gta4-onlayn-j442.html	200 OK Content-Length: 19709 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=n41keRkGWw3Gelv^rZ0PHDpQ6b3LT6!FwN7E;Z1!L9QHNVz26Qx8PII9Q3khy607iZ0GFDNh2eAGz^tXqKvHzOq6Zin;QBKElW7VSLWnlJD^AMgbDHPFKm8WDesP0X3sGg!j8^iJuDnd^kS7Kgoo	200 OK Content-Length: 2769 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/minimalnye-sistemnye-trebovaniya-gta-iv-e392.html	200 OK Content-Length: 24577 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=WI8Y55WrlRYYRcHXOw1cK^O2Zsp^FSDGM3tIH2XKtZ6f;0mI2Fv9FLmP3cebyUwJkQU6Nlm!^zmXTsdpw6Aj^4pE3c9e3rkFp9vkpaCmsx5qYx4j7yzOdHmRzLBDeNXtfiWxmZOCI3uwSp2Hncio	200 OK Content-Length: 2729 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/gta-iv-nedostatochno-videopamyati-e363.html	200 OK Content-Length: 23779 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=IR4AChh6dsMf5aQ2j0YF5K!1vDnnxmiUn!V0sxRKiQyOltm24Av^GVOTX73bEL9U0n5l;bKh8GwWAzdXNIpQ!KDndZ9f;2Ea35bh3icSLf6dPH^Y9GvNhZ1QhQ2SpR!3dnI;!GL8iJlwseKs	200 OK Content-Length: 2729 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/seks-v-gta-4-o414.html	200 OK Content-Length: 21994 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT
http://gta-4-now.narod.ru/abnl/?adsdata=e3f5XpnYW2GE6xTmaYunrwri;WwdGYvet471wJ^1^m;nxl1WlJnG23xnMUZ2mmFYO0isyWN^BQeAW6SMv1UEr!TOVzdZ3;J8eRTfxjA9^gHl7mIG^9Gdst1r38SyK8v12t7RjaI0jOMiseHw	200 OK Content-Length: 2757 Content-Type: application/javascript	clean
http://gta-4-now.narod.ru/gta4-patch-10-30-y87.html	200 OK Content-Length: 20804 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";var str="60!100!105!118!32!115!116!121!108!101!61!34!100!105!115!112!108!97!121!58!110!111!110!101!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports: AntiVir JS/Decdec.psc Avast JS:Redirector-KP [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.JS.QLT K7AntiVirus Riskware TrendMicro-HouseCall TROJ_GEN.F47V0122 Emsisoft Trojan.JS.QLT (B) Comodo TrojWare.JS.Redirect.crk McAfee-GW-Edition JS/Exploit-Blacole.hv DrWeb JS.IFrame.180 Kaspersky HEUR:Trojan.Script.Iframer Microsoft VirTool:JS/Obfuscator.CC MicroWorld-eScan Trojan.JS.QLT Fortinet JS/Kryptik.BP!tr PCTools Trojan.Malscript Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.hv NANO-Antivirus Trojan.Script.Packed.iagb F-Secure Trojan.JS.QLT VIPRE Malware.JS.Generic (JS) F-Prot JS/Crypted.AT.gen eSafe JS.Agent.ia AVG JS/Redir Norman Redir.GS Sophos Mal/Iframe-F GData Trojan.JS.QLT Symantec Trojan.Malscript!JS Commtouch JS/Crypted.AT.gen Agnitum JS.Cored.A ESET-NOD32 JS/Kryptik.BP BitDefender Trojan.JS.QLT

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: gta-4-now.narod.ru

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: gta-4-now.narod.ru
Referer: http://www.google.com/search?q=gta-4-now.narod.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=gta-4-now.narod.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://gta-4-now.narod.ru/

Result: gta-4-now.narod.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for gta-4-now.narod.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools