Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 06 May 2015 16:26:38 -0600
From:      jd1008 <jd1008@gmail.com>
To:        FreeBSD Users <freebsd-questions@freebsd.org>
Subject:   javascript that is autoloaded and executed by Firefox
Message-ID:  <554A951E.3060306@gmail.com>
next in thread | raw e-mail | index | archive | help 
Safe Browsing

/Diagnostic page for/googleusercontent.com

*What is the current listing status for googleusercontent.com?*

    This site is not currently listed as suspicious.

*What happened when Google visited this site?*

    Of the 1866724 pages we tested on the site over the past 90 days,
    5271 page(s) resulted in malicious software being downloaded and
    installed without user consent. The last time Google visited this
    site was on 2015-05-06, and the last time suspicious content was
    found on this site was on 2015-05-06.
    Malicious software includes 35571 trojan(s), 30826 exploit(s), 1773
    scripting exploit(s).
    Malicious software is hosted on 8 domain(s), including douglas.de/
    <http://www.google.com/safebrowsing/diagnostic?site=douglas.de/>,
    google.com/
    <http://www.google.com/safebrowsing/diagnostic?site=google.com/>,
    douglas.ch/
    <http://www.google.com/safebrowsing/diagnostic?site=douglas.ch/>.
    This site was hosted on 1 network(s) including AS15169 (GOOGLE)
    <http://www.google.com/safebrowsing/diagnostic?site=AS:15169>.

*Has this site acted as an intermediary resulting in further 
distribution of malware?*

    Over the past 90 days, googleusercontent.com appeared to function as
    an intermediary for the infection of 4 site(s) including
    startbusinesscoaching.com.au/
    <http://www.google.com/safebrowsing/diagnostic?site=startbusinesscoaching.com.au/>,
    crpcoutreach.blogspot.com/
    <http://www.google.com/safebrowsing/diagnostic?site=crpcoutreach.blogspot.com/>,
    businesscoachinstitute.com.au/
    <http://www.google.com/safebrowsing/diagnostic?site=businesscoachinstitute.com.au/>.

*Has this site hosted malware?*

    Yes, this site has hosted malicious software over the past 90 days.
    It infected 3999 domain(s), including googleapis.com/
    <http://www.google.com/safebrowsing/diagnostic?site=googleapis.com/>, v4download.com/
    <http://www.google.com/safebrowsing/diagnostic?site=v4download.com/>, vfastdownload.com/
    <http://www.google.com/safebrowsing/diagnostic?site=vfastdownload.com/>.

    ======================================================

    *So, it is not currecntly suspicious???
    It installs malware, and it is not currently considered as suspicious???
    WTF???

    What's worse, is that
    https://www.mywot.com/en/scorecard/googleusercontent.com
    consideres it's trustworthiness as excellent.


    *

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?554A951E.3060306>