Scanned pages/files
Request | Server response | Status |
http://goldygoldspage.angelfire.com/ | 200 OK Content-Length: 68543 Content-Type: text/html | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos.js | 200 OK Content-Length: 4357 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/2.0/webon.js | 200 OK Content-Length: 3537 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/jquery/jquery-1.4.2.min.js | 200 OK Content-Length: 71669 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/jquery/jquery.inherit-1.0.9.js | 200 OK Content-Length: 1319 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/jquery/jquery.effects.js | 200 OK Content-Length: 23521 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/3.0/published.moduleloader.js | 200 OK Content-Length: 436 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/3.0/published.module.js | 200 OK Content-Length: 1593 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/colorbox/jquery.colorbox-min.js | 200 OK Content-Length: 9192 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/3.0/modules/fbooklikebutton.js | 200 OK Content-Length: 830 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/2.0/webon/modules/fbooklikebutton.js | 404 Not Found Content-Length: 4293 Content-Type: text/html | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos.js?libs=webon:ui:util | 200 OK Content-Length: 4357 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/2.0/swfobject/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/x-javascript | clean |
http://goldygoldspage.angelfire.com/adm/js/lycos/2.0/swfobject/swfobject.js | 200 OK Content-Length: 11179 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t this.debug(["SWFUpload.SWFObject Plugin settings:","\n","\t","minimum_flash_version: ",this.settings.minimum_flash_version,"\n","\t","swfupload_pre_load_handler assigned: ",(typeof(this.settings.swfupload_pre_load_handler)==="function").toString(),"\n","\t","swfupload_load_failed_handler assigned: ",(typeof(this.settings.swfupload_load_failed_handler)==="function").toString(),"\n",].join(""));};}(SWFUpload.prototype.displayDebugInfo);} Antivirus reports:
| ||
http://goldygoldspage.angelfire.com//stats.lycos.com:80/lys.js/ | 404 Not Found Content-Length: 5737 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: goldygoldspage.angelfire.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 23:17:16 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Wed, 08-Apr-2015 23:17:16 GMT
X-Server-IP: 209.202.245.141
GET / HTTP/1.1
Host: goldygoldspage.angelfire.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Apr 2014 23:17:16 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Wed, 08-Apr-2015 23:17:16 GMT
X-Server-IP: 209.202.245.141
Second query (visit from search engine):
GET / HTTP/1.1
Host: goldygoldspage.angelfire.com
Referer: http://www.google.com/search?q=goldygoldspage.angelfire.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: goldygoldspage.angelfire.com
Referer: http://www.google.com/search?q=goldygoldspage.angelfire.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=goldygoldspage.angelfire.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://goldygoldspage.angelfire.com/
Result: goldygoldspage.angelfire.com is not infected or malware details are not published yet.
Result: goldygoldspage.angelfire.com is not infected or malware details are not published yet.