Scanned pages/files
| Request | Server response | Status |
http://play.jb51.net/ | 200 OK Content-Length: 42638 Content-Type: text/html | clean |
http://play.jb51.net/2012js/google468.js | 200 OK Content-Length: 559 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/baidu468.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/playhdp.js | 200 OK Content-Length: 170 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/baidu250.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/indexbaidu960.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
http://play.jb51.net/templets/tongji_index.js | 200 OK Content-Length: 382 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<sc'+'ript src="http://s96.cnzz.com/stat.php?id=4180674&web_id=4180674" language="JavaScript"></scr'+'ipt>');
document.write('<sc'+'ript src="http://s96.cnzz.com/stat.php?id=4180674&web_id=4180674" language="JavaScript"></scr'+'ipt>'); document.write('<sc'+'ript src="http://s17.cnzz.com/stat.php?id=3859858&web_id=3859858" language="JavaScript"></scr'+'ipt>'); Antivirus reports:
| ||
http://play.jb51.net/js/qqguanggao730_index.Js | 200 OK Content-Length: 134 Content-Type: application/x-javascript | clean |
http://play.jb51.net/tags.html | 200 OK Content-Length: 80320 Content-Type: text/html | clean |
http://play.jb51.net/images/js/j.js | 200 OK Content-Length: 31018 Content-Type: application/x-javascript | clean |
http://play.jb51.net/templets/default/js/jquery.cookie.js | 404 Not Found Content-Length: 3979 Content-Type: text/html | clean |
http://play.jb51.net/yinyuebofangqi/index.html | 200 OK Content-Length: 17363 Content-Type: text/html | clean |
http://play.jb51.net/2012js/baidu960.js | 200 OK Content-Length: 1220 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/baidu336.js | 200 OK Content-Length: 416 Content-Type: application/x-javascript | clean |
http://play.jb51.net/2012js/baidu336R.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: play.jb51.net
Result:
HTTP/1.1 200 OK
Date: Tue, 01 Apr 2014 05:25:27 GMT
Accept-Ranges: bytes
ETag: "e216f9a584dcf1:3ea0"
Server: Microsoft-IIS/6.0
Content-Length: 42638
Content-Location: http://play.jb51.net/Index.html
Content-Type: text/html
Last-Modified: Tue, 01 Apr 2014 03:15:16 GMT
...42638 bytes of data.
GET / HTTP/1.1
Host: play.jb51.net
Result:
HTTP/1.1 200 OK
Date: Tue, 01 Apr 2014 05:25:27 GMT
Accept-Ranges: bytes
ETag: "e216f9a584dcf1:3ea0"
Server: Microsoft-IIS/6.0
Content-Length: 42638
Content-Location: http://play.jb51.net/Index.html
Content-Type: text/html
Last-Modified: Tue, 01 Apr 2014 03:15:16 GMT
...42638 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: play.jb51.net
Referer: http://www.google.com/search?q=play.jb51.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: play.jb51.net
Referer: http://www.google.com/search?q=play.jb51.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=play.jb51.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://play.jb51.net/
Result: play.jb51.net is not infected or malware details are not published yet.
Result: play.jb51.net is not infected or malware details are not published yet.