New scan:

Malware Scanner report for stalkers-games.ucoz.ru

Malicious/Suspicious/Total urls checked
6/0/15
6 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://stalkers-games.ucoz.ru/
200 OK
Content-Length: 61282
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://s17.ucoz.net/src/jquery-1.7.2.js
200 OK
Content-Length: 94840
Content-Type: text/javascript
clean
http://s17.ucoz.net/src/ulightbox/ulightbox.js
200 OK
Content-Length: 22097
Content-Type: text/javascript
clean
http://s17.ucoz.net/src/uwnd.js?2
200 OK
Content-Length: 228554
Content-Type: text/javascript
clean
http://stalkers-games.ucoz.ru/register
200 OK
Content-Length: 38365
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://stalkers-games.ucoz.ru/photo/
200 OK
Content-Length: 52990
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://s17.ucoz.net/src/entriesList.js
200 OK
Content-Length: 639
Content-Type: text/javascript
clean
http://s17.ucoz.net/src/photopage.js
200 OK
Content-Length: 18520
Content-Type: text/javascript
clean
http://stalkers-games.ucoz.ru/photo/rss/
200 OK
Content-Length: 6399
Content-Type: text/xml
clean
http://stalkers-games.ucoz.ru/test404page.js
404 Not Found
Content-Length: 6869
Content-Type: text/html
clean
http://stalkers-games.ucoz.ru/forum/
200 OK
Content-Length: 83620
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://stalkers-games.ucoz.ru/forum/0-0-0-37
200 OK
Content-Length: 52918
Content-Type: text/xml
clean
http://stalkers-games.ucoz.ru/gb/
200 OK
Content-Length: 69610
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Erwy~})}#ynF+qrmmnw+)wjvnF+|x|+) ju~nF+;A===B>>9>+)8G9');

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.A

http://stalkers-games.ucoz.ru/publ/
200 OK
Content-Length: 46799
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out);

Antivirus reports:

AntiVir
JS/Decdec.psc
Avast
JS:Redirector-KP [Trj]
Ikarus
Exploit.HTML.IframeRef
nProtect
Trojan.JS.QLT
K7AntiVirus
Riskware
TrendMicro-HouseCall
TROJ_GEN.F47V0122
Emsisoft
Trojan.JS.QLT (B)
Comodo
TrojWare.JS.Redirect.crk
McAfee-GW-Edition
JS/Exploit-Blacole.hv
DrWeb
JS.IFrame.180
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
VirTool:JS/Obfuscator.CC
MicroWorld-eScan
Trojan.JS.QLT
Fortinet
JS/Kryptik.BP!tr
PCTools
Trojan.Malscript
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hv
NANO-Antivirus
Trojan.Script.Packed.iagb
F-Secure
Trojan.JS.QLT
VIPRE
Malware.JS.Generic (JS)
F-Prot
JS/Crypted.AT.gen
eSafe
JS.Agent.ia
AVG
JS/Redir
Norman
Redir.GS
Sophos
Mal/Iframe-F
GData
Trojan.JS.QLT
Symantec
Trojan.Malscript!JS
Commtouch
JS/Crypted.AT.gen
Agnitum
JS.Cored.A
ESET-NOD32
JS/Kryptik.BP
BitDefender
Trojan.JS.QLT

http://stalkers-games.ucoz.ru/publ/rss/
200 OK
Content-Length: 4752
Content-Type: text/xml
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 06:31:39 GMT
Server: uServ/3.2.2
Content-Length: 61282
Content-Type: text/html; charset=UTF-8

...61282 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru
Referer: http://www.google.com/search?q=stalkers-games.ucoz.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=stalkers-games.ucoz.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stalkers-games.ucoz.ru/

Result: stalkers-games.ucoz.ru is not infected or malware details are not published yet.