Scanned pages/files
Request | Server response | Status |
http://stalkers-games.ucoz.ru/ | 200 OK Content-Length: 61282 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports:
| ||
http://s17.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s17.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s17.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://stalkers-games.ucoz.ru/register | 200 OK Content-Length: 38365 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports:
| ||
http://stalkers-games.ucoz.ru/photo/ | 200 OK Content-Length: 52990 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports:
| ||
http://s17.ucoz.net/src/entriesList.js | 200 OK Content-Length: 639 Content-Type: text/javascript | clean |
http://s17.ucoz.net/src/photopage.js | 200 OK Content-Length: 18520 Content-Type: text/javascript | clean |
http://stalkers-games.ucoz.ru/photo/rss/ | 200 OK Content-Length: 6399 Content-Type: text/xml | clean |
http://stalkers-games.ucoz.ru/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://stalkers-games.ucoz.ru/forum/ | 200 OK Content-Length: 83620 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports:
| ||
http://stalkers-games.ucoz.ru/forum/0-0-0-37 | 200 OK Content-Length: 52918 Content-Type: text/xml | clean |
http://stalkers-games.ucoz.ru/gb/ | 200 OK Content-Length: 69610 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('Erwy~})}#ynF+qrmmnw+)wjvnF+|x|+) ju~nF+;A===B>>9>+)8G9'); Antivirus reports:
| ||
http://stalkers-games.ucoz.ru/publ/ | 200 OK Content-Length: 46799 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out=""; var str="60!100!105!118!32!115!116!121!108!101!61!34!116!101!120!116!45!97!108!105!103!110!58!99!101!110!116!101!114!59!112!97!100!100!105!110!103!58!53!112!120!32!49!48!112!120!32!53!112!120!32!49!48!112!120!59!34!62!13!10!60!112!32!97!108!105!103!110!61!34!99!101!110!116!101!114!34!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++; out=out+String.fromCharCode(temp);temp="";}document.write(out); Antivirus reports:
| ||
http://stalkers-games.ucoz.ru/publ/rss/ | 200 OK Content-Length: 4752 Content-Type: text/xml | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 06:31:39 GMT
Server: uServ/3.2.2
Content-Length: 61282
Content-Type: text/html; charset=UTF-8
...61282 bytes of data.
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 06:31:39 GMT
Server: uServ/3.2.2
Content-Length: 61282
Content-Type: text/html; charset=UTF-8
...61282 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru
Referer: http://www.google.com/search?q=stalkers-games.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stalkers-games.ucoz.ru
Referer: http://www.google.com/search?q=stalkers-games.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stalkers-games.ucoz.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stalkers-games.ucoz.ru/
Result: stalkers-games.ucoz.ru is not infected or malware details are not published yet.
Result: stalkers-games.ucoz.ru is not infected or malware details are not published yet.