Scanned pages/files
| Request | Server response | Status |
http://www.lotturystyka.pl/ | 200 OK Content-Length: 6110 Content-Type: text/html | clean |
http://www.lotturystyka.pl/1.txt.locked | 200 OK Content-Length: 2979 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/test404page.js | 404 Not Found Content-Length: 185 Content-Type: text/html | clean |
http://www.lotturystyka.pl/113672.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/136848.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/23vghw8m.php.locked | 200 OK Content-Length: 44477 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/348424.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/403.php.locked | 200 OK Content-Length: 66083 Content-Type: application/octet-stream | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } Antivirus reports:
| ||
http://www.lotturystyka.pl/' . $explink . ' | 404 Not Found Content-Length: 195 Content-Type: text/html | clean |
http://www.lotturystyka.pl/496938.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/593174.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/607777.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/676206.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/696029.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
http://www.lotturystyka.pl/742587.php.locked | 200 OK Content-Length: 10 Content-Type: application/octet-stream | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lotturystyka.pl
Result:
GET / HTTP/1.1
Host: lotturystyka.pl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: lotturystyka.pl
Referer: http://www.google.com/search?q=lotturystyka.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lotturystyka.pl
Referer: http://www.google.com/search?q=lotturystyka.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lotturystyka.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lotturystyka.pl/
Result: lotturystyka.pl is not infected or malware details are not published yet.
Result: lotturystyka.pl is not infected or malware details are not published yet.