Scanned pages/files
Request | Server response | Status |
http://koshtradingpost.angelfire.com/ | 200 OK Content-Length: 8566 Content-Type: text/html | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos.js | 200 OK Content-Length: 4357 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/webon.js | 200 OK Content-Length: 3537 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery-1.4.2.min.js | 200 OK Content-Length: 71669 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery.inherit-1.0.9.js | 200 OK Content-Length: 1319 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/jquery/jquery.effects.js | 200 OK Content-Length: 23521 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/published.moduleloader.js | 200 OK Content-Length: 436 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/published.module.js | 200 OK Content-Length: 1593 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/colorbox/jquery.colorbox-min.js | 200 OK Content-Length: 9192 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/3.0/modules/dummymodule.js | 404 Not Found Content-Length: 4293 Content-Type: text/html | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos.js?libs=webon:ui:util | 200 OK Content-Length: 4357 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/swfobject/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/x-javascript | clean |
http://koshtradingpost.angelfire.com/adm/js/lycos/2.0/swfobject/swfobject.js | 200 OK Content-Length: 11179 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t this.debug(["SWFUpload.SWFObject Plugin settings:","\n","\t","minimum_flash_version: ",this.settings.minimum_flash_version,"\n","\t","swfupload_pre_load_handler assigned: ",(typeof(this.settings.swfupload_pre_load_handler)==="function").toString(),"\n","\t","swfupload_load_failed_handler assigned: ",(typeof(this.settings.swfupload_load_failed_handler)==="function").toString(),"\n",].join(""));};}(SWFUpload.prototype.displayDebugInfo);} Antivirus reports:
| ||
http://koshtradingpost.angelfire.com//stats.lycos.com:80/lys.js/ | HTTP/1.1 404 Not Found Connection: close Date: Mon, 29 Sep 2014 06:26:44 GMT Server: Squeegit/1.2.5 (3_sir) Vary: * Content-Type: text/html P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA" Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Tue, 29-Sep-2015 06:26:44 GMT X-Server-IP: 209.202.245.161 | clean |
http://r.lycos.com/?cid=lesl&src=wp_na_lesl_c_sl | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 06:26:45 GMT Location: http://video.lycos.com/featured/rgscripps/?m=c&s=lesl&SRC=&rst=62978046155915 Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI" Set-Cookie: CORE-STICKY=R3839803822; path=/ Set-Cookie: beacon-uid=beacon5428fba538d131.17032454; expires=Tue, 29-Sep-2015 06:26:45 GMT X-Powered-By: PHP/5.1.6 | clean |
http://video.lycos.com/featured/rgscripps/?m=c&s=lesl&src=&rst=62978046155915 | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=600, proxy-revalidate Connection: close Date: Mon, 29 Sep 2014 06:27:04 GMT Location: http://video.lycos.com/video/view/guy-fieri-tries-octopus-tacos-in-cabo-san-lucas-1495507/?m=c&s=lesl&src= Server: Apache Content-Encoding: gzip Content-Length: 20 Content-Type: text/html; charset=utf-8 Expires: Mon, 29 Sep 2014 06:36:45 GMT P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI" X-Powered-By: PHP/5.1.6 | clean |
http://video.lycos.com/video/view/guy-fieri-tries-octopus-tacos-in-cabo-san-lucas-1495507/?m=c&s=lesl&src= | 200 OK Content-Length: 19772 Content-Type: text/html | clean |
http://ly.lygo.com/ly/video/js/jquery.min.js | 200 OK Content-Length: 91555 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 06:26:37 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Tue, 29-Sep-2015 06:26:37 GMT
X-Server-IP: 209.202.245.157
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 06:26:37 GMT
Server: Squeegit/1.2.5 (3_sir)
Vary: *
Content-Type: text/html
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
Set-Cookie: CookieStatus=COOKIE_OK; path=/; domain=angelfire.lycos.com; expires=Tue, 29-Sep-2015 06:26:37 GMT
X-Server-IP: 209.202.245.157
Second query (visit from search engine):
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com
Referer: http://www.google.com/search?q=koshtradingpost.angelfire.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: koshtradingpost.angelfire.com
Referer: http://www.google.com/search?q=koshtradingpost.angelfire.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=koshtradingpost.angelfire.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://koshtradingpost.angelfire.com/
Result: koshtradingpost.angelfire.com is not infected or malware details are not published yet.
Result: koshtradingpost.angelfire.com is not infected or malware details are not published yet.