Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.shisha-portal.pl/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.shisha-portal.pl Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 06 Sep 2014 08:43:19 GMT Location: http://eltex.com.pl/images_l/clk.php Server: Apache Content-Length: 244 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.shisha-portal.pl/ | 200 OK Content-Length: 18416 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript" > you need to pay for this crypt</script> | ||
http://www.shisha-portal.pl/core/common.js | 200 OK Content-Length: 2208 Content-Type: application/javascript | suspicious |
Suspicious code found you need to pay for this crypt | ||
http://www.shisha-portal.pl/core/plugins.js | 200 OK Content-Length: 31 Content-Type: application/javascript | clean |
http://www.shisha-portal.pl/core/prototype.lite.js | 200 OK Content-Length: 3861 Content-Type: application/javascript | suspicious |
Suspicious code found you need to pay for this crypt | ||
http://www.shisha-portal.pl/core/moo.fx.js | 200 OK Content-Length: 3793 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var fx = new Object(); fx.Base = function(){}; fx.Base.prototype = { setOptions: function(options) { this.options = { duration: 500, onComplete: '', transition: fx.sinoidal } Object.extend(this.options, options || {}); }, step: function() { var time = (new Date).getTime(); if (time >= this.options.duration+this.startTime) { this.now = this.to; clearInterval (this.timer); this.timer = null; if (thi this.el.style.opacity = opacity; }, toggle: function() { if (this.now > 0) this.custom(1, 0); else this.custom(0, 1); } }); fx.sinoidal = function(pos){ return ((-Math.cos(pos*Math.PI)/2) + 0.5); } fx.linear = function(pos){ return pos; } fx.cubic = function(pos){ return Math.pow(pos, 3); } fx.circ = function(pos){ return Math.sqrt(pos); } document.write(''); Antivirus reports:
| ||
http://www.shisha-portal.pl/core/litebox-1.0.js | 200 OK Content-Length: 16098 Content-Type: application/javascript | suspicious |
Suspicious code found you need to pay for this crypt | ||
http://www.shisha-portal.pl/track/click-tracker.js | 200 OK Content-Length: 4189 Content-Type: application/javascript | suspicious |
Suspicious code found you need to pay for this crypt | ||
http://www.shisha-portal.pl/index.php | 200 OK Content-Length: 18434 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript" > you need to pay for this crypt</script> | ||
http://www.shisha-portal.pl/newsy,1.html | 200 OK Content-Length: 18938 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript" > you need to pay for this crypt</script> | ||
http://www.shisha-portal.pl/wszystko-o-fajce-wodnej,150.html | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 06 Sep 2014 08:43:24 GMT Pragma: no-cache Location: http://shisha-portal.pl/wszystko-o-fajce-wodnej,25.html Server: Apache Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=4sda99inf5bj2rqns4vcff4ss4; path=/ X-Powered-By: PHP/5.3.29 | clean |
http://shisha-portal.pl/wszystko-o-fajce-wodnej,25.html | 200 OK Content-Length: 19184 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript" > you need to pay for this crypt</script> | ||
http://shisha-portal.pl/core/common.js | 200 OK Content-Length: 2208 Content-Type: application/javascript | suspicious |
Suspicious code found you need to pay for this crypt | ||
http://www.shisha-portal.pl/forum,3.html | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 06 Sep 2014 08:43:25 GMT Pragma: no-cache Location: http://www.shisha-forum.pl Server: Apache Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=2ajvf1813bvbu4k351bbbucn31; path=/ X-Powered-By: PHP/5.3.29 | clean |
http://www.shisha-forum.pl/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Date: Sat, 06 Sep 2014 08:43:27 GMT Pragma: no-cache Location: http://shisha-forum.pl/ Server: IdeaWebServer/v0.80 Content-Length: 179 Content-Type: text/html Expires: Fri, 05 Sep 2014 08:43:27 GMT Set-Cookie: session_id=84b0e7d1bcbc62d7c070fe9d6884cdc2; path=/; domain=shisha-forum.pl; httponly | clean |
http://shisha-forum.pl/ | 200 OK Content-Length: 160440 Content-Type: text/html | clean |
http://shisha-forum.pl//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js/ | 200 OK Content-Length: 160614 Content-Type: text/html | clean |
http://shisha-forum.pl/public/style_images/infinitedark_3_4/js/cookie.js | 200 OK Content-Length: 732 Content-Type: application/javascript | clean |
http://shisha-forum.pl/public/style_images/infinitedark_3_4/js/colorpicker.js | 200 OK Content-Length: 10978 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shisha-portal.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shisha-portal.pl/
Result: shisha-portal.pl is not infected or malware details are not published yet.
Result: shisha-portal.pl is not infected or malware details are not published yet.