Hi malware fighters,
And another one here:
labradory_krakow.republika.pl
Domain Hash ad873cf7c1d8d47dbdacfa4b1815def1
IP Address 213.180.128.160
IP Hostname gwiazdka.republika.pl
IP Country PL (Poland)
AS Number 12990
AS Name ONET-PL-AS1 Onet.pl portal network
Detections 4 / 18 (22 %)
Status DANGEROUS
Threat Name: Trojan.Malscript!html
Location: htxp://labradory_krakow.republika.pl/
2 suspicious inline scripts found.
Moreover, Google currently lists this page as suspicious*
Malicious software includes 2 exploits, 1 scripting exploits, 1 trojan - Troj/Iframe/DY
HTML/Crypted.Gen aka JS/Redir.AQ
Successful infection resulted in an average of 1 new process on the target machine.
Malicious software is hosted on 7 domains, including searchfunes.org/, mobi-print.com/, adingurj.com/.
2 domains appear to be functioning as intermediaries for distributing malware to visitors of this site, including scaraori.com/, eplarine.com/.
This site was hosted on 1 network(s) including AS5617 (Polish Telecom).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past months labradory_krakow.republika.pl appeared to function as an intermediary for the infection of 3 sites including mojpupil.pl/, labrador.toplista.pl/, hodowle.top-100.pl/,
also see WOT:
http://www.mywot.com/en/scorecard/labrador.toplista.plRead up about the code shown as an attached image:
http://stackoverflow.com/questions/1224670/what-is-the-advantage-of-using-unescape-on-document-write-to-load-javacriptpolonus