New scan:

Malware Scanner report for koshtradingpost.angelfire.com

Malicious/Suspicious/Total urls checked
1/0/18
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://koshtradingpost.angelfire.com/
200 OK
Content-Length: 8566
Content-Type: text/html
clean
http://koshtradingpost.angelfire.com/adm/js/lycos.js
200 OK
Content-Length: 4357
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/webon.js
200 OK
Content-Length: 3537
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery-1.4.2.min.js
200 OK
Content-Length: 71669
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery.inherit-1.0.9.js
200 OK
Content-Length: 1319
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery.effects.js
200 OK
Content-Length: 23521
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/published.moduleloader.js
200 OK
Content-Length: 436
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/published.module.js
200 OK
Content-Length: 1593
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/colorbox/jquery.colorbox-min.js
200 OK
Content-Length: 9192
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/modules/dummymodule.js
404 Not Found
Content-Length: 4293
Content-Type: text/html
clean
http://koshtradingpost.angelfire.com/adm/js/lycos.js?libs=webon:ui:util
200 OK
Content-Length: 4357
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/swfobject/AC_RunActiveContent.js
200 OK
Content-Length: 8029
Content-Type: application/x-javascript
clean
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/swfobject/swfobject.js
200 OK
Content-Length: 11179
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t
... 3116 bytes are skipped ...
splayDebugInfo.call(this);}
this.debug(["SWFUpload.SWFObject Plugin settings:","\n","\t","minimum_flash_version: ",this.settings.minimum_flash_version,"\n","\t","swfupload_pre_load_handler assigned: ",(typeof(this.settings.swfupload_pre_load_handler)==="function").toString(),"\n","\t","swfupload_load_failed_handler assigned: ",(typeof(this.settings.swfupload_load_failed_handler)==="function").toString(),"\n",].join(""));};}(SWFUpload.prototype.displayDebugInfo);}

Antivirus reports:

K7AntiVirus
Trojan ( 85a43f9d0 )
TrendMicro-HouseCall
TROJ_GEN.F47V1102
K7GW
Trojan ( 85a43f9d0 )
F-Prot
JS/IFrame.RS
Commtouch
JS/IFrame.RS

http://koshtradingpost.angelfire.com//stats.lycos.com:80/lys.js/
HTTP/1.1 404 Not Found
Connection: close
Date: Mon, 29 Sep 2014 06:26:44 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Tue, 29-Sep-2015 06:26:44 GMT
X-Server-IP: 209.202.245.161
clean
http://r.lycos.com/?cid=lesl&src=wp_na_lesl_c_sl
HTTP/1.1 302 Found
Connection: close
Date: Mon, 29 Sep 2014 06:26:45 GMT
Location: http://video.lycos.com/featured/rgscripps/?m=c&s=lesl&SRC=&rst=62978046155915
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=utf-8
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Set-Cookie: CORE-STICKY=R3839803822; path=/
Set-Cookie: beacon-uid=beacon5428fba538d131.17032454; expires=Tue, 29-Sep-2015 06:26:45 GMT
X-Powered-By: PHP/5.1.6
clean
http://video.lycos.com/featured/rgscripps/?m=c&s=lesl&src=&rst=62978046155915
HTTP/1.1 302 Moved Temporarily
Cache-Control: max-age=600, proxy-revalidate
Connection: close
Date: Mon, 29 Sep 2014 06:27:04 GMT
Location: http://video.lycos.com/video/view/guy-fieri-tries-octopus-tacos-in-cabo-san-lucas-1495507/?m=c&s=lesl&src=
Server: Apache
Content-Encoding: gzip
Content-Length: 20
Content-Type: text/html; charset=utf-8
Expires: Mon, 29 Sep 2014 06:36:45 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
X-Powered-By: PHP/5.1.6
clean
http://video.lycos.com/video/view/guy-fieri-tries-octopus-tacos-in-cabo-san-lucas-1495507/?m=c&s=lesl&src=
200 OK
Content-Length: 19772
Content-Type: text/html
clean
http://ly.lygo.com/ly/video/js/jquery.min.js
200 OK
Content-Length: 91555
Content-Type: application/x-javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 06:26:37 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Tue, 29-Sep-2015 06:26:37 GMT
X-Server-IP: 209.202.245.157
Second query (visit from search engine):
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com
Referer: http://www.google.com/search?q=koshtradingpost.angelfire.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=koshtradingpost.angelfire.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://koshtradingpost.angelfire.com/

Result: koshtradingpost.angelfire.com is not infected or malware details are not published yet.