Scanned pages/files
Request | Server response | Status |
http://goldcoastconnection.com/ | HTTP/1.1 302 Found Connection: close Date: Sun, 13 Jul 2014 01:10:24 GMT Location: http://ww34.goldcoastconnection.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3-7+squeeze20 | clean |
http://ww34.goldcoastconnection.com/ | 200 OK Content-Length: 18904 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var json_big_log_str='eyJkb21haW4iOiJnb2xkY29hc3Rjb25uZWN0aW9uLmNvbSIsInN1YmRvbWFpbiI6Ind3MzQiLCJyZWZlcmVyIjoiIiwicV9zcmMiOiIiLCJxdWVyeSI6IiIsImJyb3dzZXIiOiJNU0lFIDguMCIsInN0cl9tZDUiOiIzMzQ2Y2I0MmFjM2YwOWRiZTc1OWVkNDFjN2IzYzMzNyIsImxhbmdfY29kZSI6IiIsIm1lbWJlcl9pZCI6IjcwMDk5IiwiY2hhbm5lbHMiOm51bGwsImRyaWQiOiJhcy1kcmlkLTI1NjYwMTQ2NTU0OTI4MTAiLCJjbGllbnQiOiJkcC1uYW1lZHJpdmUwNl94bWwiLCJsYW5kZXIiOjEsInRlbXBsYXRlIjoibWFycXVlZTIiLCJycyI6IjIiLCJjYXRlZ29yeSI6IjIwMDAwMCIsImZlZWQyX3VybCI6Imh0dHA6XC9c if (document.getElementById('oneclick').style.display) { document.getElementById('oneclick').style.display='block'; } if (document.getElementById('oneclick').style.visibility) { document.getElementById('oneclick').style.visibility='visible'; } if (document.getElementById('twoclick').style.display) { document.getElementById('twoclick').style.display='none'; } } Antivirus reports:
| ||
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 285 Content-Type: text/javascript | clean |
http://goldcoastconnection.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goldcoastconnection.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 13 Jul 2014 01:10:24 GMT
Location: http://ww34.goldcoastconnection.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3-7+squeeze20
...0 bytes of data.
GET / HTTP/1.1
Host: goldcoastconnection.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Sun, 13 Jul 2014 01:10:24 GMT
Location: http://ww34.goldcoastconnection.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3-7+squeeze20
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: goldcoastconnection.com
Referer: http://www.google.com/search?q=goldcoastconnection.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goldcoastconnection.com
Referer: http://www.google.com/search?q=goldcoastconnection.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=goldcoastconnection.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://goldcoastconnection.com/
Result: goldcoastconnection.com is not infected or malware details are not published yet.
Result: goldcoastconnection.com is not infected or malware details are not published yet.