From owner-freebsd-questions@FreeBSD.ORG Wed May 6 22:26:41 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8FA39888 for ; Wed, 6 May 2015 22:26:41 +0000 (UTC) Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4AEEA1847 for ; Wed, 6 May 2015 22:26:41 +0000 (UTC) Received: by qkgx75 with SMTP id x75so16491209qkg.1 for ; Wed, 06 May 2015 15:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=Rx4MVwOwNLm5XfjGyiVVCbroY41jvSccKA7J7NQonO8=; b=yqd3j2KJA/OjcAGaIzoiHvMeppWKwZoVi11qe/UlHESIDhv6IPX6Bz7Hr254490Sgv 6cObfIUeNOPaotqQlMCfaGydTYFJTedrHuxahw12yMqVPOtIlb0MjqYvdpI+DHuRaMqN 11uJO2Jg0ar33RXCOmTTll/EkUi2R2O9prDq2BoevDlQ8diWIHRmPvRHuHDyHmWRp4O4 nOl4SiClFry0cl5hxuXDjlwtuRtOjpEA2/BoWNqj+hxnSL9y+sVp7ovsGvuatoBsgIQy R3ck/uX0VAfzu55q/sEv1gQvD7waCiWtAEVP523Bg3PuBjRbt980vD2k7BFTi0ntjNwg ktAg== X-Received: by 10.55.17.209 with SMTP id 78mr2388503qkr.18.1430951200365; Wed, 06 May 2015 15:26:40 -0700 (PDT) Received: from localhost.localdomain ([209.181.150.218]) by mx.google.com with ESMTPSA id f33sm112439qkh.23.2015.05.06.15.26.39 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 May 2015 15:26:39 -0700 (PDT) Message-ID: <554A951E.3060306@gmail.com> Date: Wed, 06 May 2015 16:26:38 -0600 From: jd1008 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: FreeBSD Users Subject: javascript that is autoloaded and executed by Firefox Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2015 22:26:41 -0000 Safe Browsing /Diagnostic page for/googleusercontent.com *What is the current listing status for googleusercontent.com?* This site is not currently listed as suspicious. *What happened when Google visited this site?* Of the 1866724 pages we tested on the site over the past 90 days, 5271 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2015-05-06, and the last time suspicious content was found on this site was on 2015-05-06. Malicious software includes 35571 trojan(s), 30826 exploit(s), 1773 scripting exploit(s). Malicious software is hosted on 8 domain(s), including douglas.de/ , google.com/ , douglas.ch/ . This site was hosted on 1 network(s) including AS15169 (GOOGLE) . *Has this site acted as an intermediary resulting in further distribution of malware?* Over the past 90 days, googleusercontent.com appeared to function as an intermediary for the infection of 4 site(s) including startbusinesscoaching.com.au/ , crpcoutreach.blogspot.com/ , businesscoachinstitute.com.au/ . *Has this site hosted malware?* Yes, this site has hosted malicious software over the past 90 days. It infected 3999 domain(s), including googleapis.com/ , v4download.com/ , vfastdownload.com/ . ====================================================== *So, it is not currecntly suspicious??? It installs malware, and it is not currently considered as suspicious??? WTF??? What's worse, is that https://www.mywot.com/en/scorecard/googleusercontent.com consideres it's trustworthiness as excellent. *