Scanned pages/files
Request | Server response | Status |
http://atrium.dn.ua/ | 200 OK Content-Length: 10567 Content-Type: text/html | clean |
http://mypromo.com.ua/www/delivery/al.php?zoneid=116&target=_blank&cb=INSERT_RANDOM_NUMBER_HERE&layerstyle=simple&align=right&valign=top&padding=2&padding=2&shifth=50&shiftv=50&closebutton=t&backcolor=FFFFFF&bordercolor=000000 | 200 OK Content-Length: 23150 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof net=="undefined"){var net=new Object();}if(typeof net.m3=="undefined"){net.m3=new Object();}if(typeof net.m3.util=="undefined"){net.m3.util=new Object();}if(typeof net.m3.FlashObjectUtil=="undefined"){net.m3.FlashObjectUtil=new Object();}net.m3.FlashObject=function(_1,id,w,h,_5,c,_7,_8,_9,_a,_b){if(!document.createElement||!document.getElementById){return;}this.DETECT_KEY=_b?_b:"detectflash";this.skipDetect=net.m3.util.getRequestParameter(this.DETECT_KEY);this.params=new Object();this. MAX_adlayers_place_4cce195f(); window.clearInterval(MAX_adlayers_timerid_4cce195f); break; case 'open': MAX_adlayers_visible_4cce195f = 'visible'; MAX_adlayers_place_4cce195f(); MAX_adlayers_timerid_4cce195f = window.setInterval('MAX_adlayers_place_4cce195f()', 10); break; } } var MAX_adlayers_timerid_4cce195f; var MAX_adlayers_visible_4cce195f; MAX_simplepop_4cce195f('open'); Antivirus reports:
| ||
http://atrium.dn.ua/index.php?id=5436 | 200 OK Content-Length: 10184 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21820 | 200 OK Content-Length: 10814 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=22245 | 200 OK Content-Length: 7845 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21818 | 200 OK Content-Length: 10180 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21819 | 200 OK Content-Length: 11114 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21821 | 200 OK Content-Length: 8468 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21823 | 200 OK Content-Length: 8461 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=21822 | 200 OK Content-Length: 8203 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=4nalbum&do=showpic&pid=91669&orderby=ratingD | 200 OK Content-Length: 9254 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=4nalbum | 200 OK Content-Length: 8474 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=4nalbum&do=showgall&gid=10497 | 200 OK Content-Length: 13165 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=4nalbum&do=showgall&gid=10497&offset=8 | 200 OK Content-Length: 11017 Content-Type: text/html | clean |
http://atrium.dn.ua/index.php?id=5436&show=4nalbum&do=showgall&gid=10497&offset=0 | 200 OK Content-Length: 13161 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: atrium.dn.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 28 Sep 2014 23:44:25 GMT
Pragma: no-cache
Server: nginx/0.7.63
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0b6346efd812c2143365dd4bab3f5606; path=/
X-Powered-By: PHP/5.2.6-1+lenny16
GET / HTTP/1.1
Host: atrium.dn.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 28 Sep 2014 23:44:25 GMT
Pragma: no-cache
Server: nginx/0.7.63
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0b6346efd812c2143365dd4bab3f5606; path=/
X-Powered-By: PHP/5.2.6-1+lenny16
Second query (visit from search engine):
GET / HTTP/1.1
Host: atrium.dn.ua
Referer: http://www.google.com/search?q=atrium.dn.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: atrium.dn.ua
Referer: http://www.google.com/search?q=atrium.dn.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atrium.dn.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://atrium.dn.ua/
Result: atrium.dn.ua is not infected or malware details are not published yet.
Result: atrium.dn.ua is not infected or malware details are not published yet.