Scanned pages/files
Request | Server response | Status |
http://bezpremki.pl/ | 200 OK Content-Length: 16669 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js | 200 OK Content-Length: 93637 Content-Type: text/javascript | clean |
http://bezpremki.pl/js/jquery.min.js | 200 OK Content-Length: 93636 Content-Type: text/javascript | clean |
http://bezpremki.pl/js/jquery.modal.min.js | 200 OK Content-Length: 4197 Content-Type: text/javascript | clean |
http://liczniki.org/hit.php?l=bezpremki&o=1 | 200 OK Content-Length: 366 Content-Type: application/x-javascript | clean |
http://bezpremki.pl/js/ciastko.js | 200 OK Content-Length: 1998 Content-Type: text/javascript | clean |
http://bezpremki.pl/js/menu.js | 200 OK Content-Length: 6983 Content-Type: text/javascript | clean |
http://app.sugester.pl/bezpremki/widget.js | 200 OK Content-Length: 22705 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof uid == 'undefined'){uid='';};if (typeof uid_email == 'undefined'){uid_email='';};if (typeof sugester_tab == 'undefined'){sugester_tab=1;}; var sx_={};sx_.lib=function(){var F={};var C=/(-[a-z])/gi;var B=function(H,I){return I.charAt(1).toUpperCase()};var G=function(I){var H;if(!(H=F[I])){H=F[I]=I.replace(C,B)}return H};var A=document.defaultView;var E=/alpha\([^\)]*\)/gi;var D=function(J,H){var I=J.style;if(window.ActiveXObject){I.zoom=1;I.filter=(I.filter||"").replace(E,"")+(H==1 sx_.loadSkin('sugester','http://app.sugester.pl/stylesheets');f1=window.onload;window.onload=function(){sx_.init();if (sugester_tab==1) {document.getElementById('sugester_widget').style.display="block"};if(f1!=undefined)f1()}; Antivirus reports:
| ||
http://bezpremki.pl/index | 200 OK Content-Length: 16669 Content-Type: text/html | clean |
http://bezpremki.pl/rejestracja | 200 OK Content-Length: 8656 Content-Type: text/html | clean |
http://bezpremki.pl/sklep | 200 OK Content-Length: 16734 Content-Type: text/html | clean |
http://bezpremki.pl/telewizja-online | 200 OK Content-Length: 6149 Content-Type: text/html | clean |
http://bezpremki.pl/jwplayer/jwplayer.js | 200 OK Content-Length: 66799 Content-Type: text/javascript | clean |
http://bezpremki.pl/logowanie | 200 OK Content-Length: 8264 Content-Type: text/html | clean |
http://bezpremki.pl/helpdeskpl/knowledgebase.php | 200 OK Content-Length: 9191 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bezpremki.pl
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Apr 2015 23:35:09 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=p5f8bgbe0dmvkroajtbhecjfn7; path=/
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: bezpremki.pl
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Apr 2015 23:35:09 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=p5f8bgbe0dmvkroajtbhecjfn7; path=/
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: bezpremki.pl
Referer: http://www.google.com/search?q=bezpremki.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bezpremki.pl
Referer: http://www.google.com/search?q=bezpremki.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bezpremki.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bezpremki.pl/
Result: bezpremki.pl is not infected or malware details are not published yet.
Result: bezpremki.pl is not infected or malware details are not published yet.