Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=getthenews.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://getthenews.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.getthenews.net/ | 200 OK Content-Length: 79598 Content-Type: text/html | clean |
http://getthenews.net/CSS.js | 200 OK Content-Length: 381 Content-Type: application/javascript | clean |
http://getthenews.net/Boss.js | 200 OK Content-Length: 1768 Content-Type: application/javascript | clean |
http://getthenews.net/Date.js | 200 OK Content-Length: 153 Content-Type: application/javascript | clean |
http://getthenews.net/TB.js | 200 OK Content-Length: 573 Content-Type: application/javascript | clean |
http://GetTheNews.net/home.js | 200 OK Content-Length: 383 Content-Type: application/javascript | clean |
http://GetTheNews.net/menu.js | 200 OK Content-Length: 1984 Content-Type: application/javascript | clean |
http://GetTheNews.net/weather.js | 200 OK Content-Length: 1916 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.getthenews.net document.write('</tr><tr><td height=20 align=center><font class=mt3>Weather</font></a></td></tr><tr>\ <td height=20 onMouseOver="this.style.backgroundColor=\'#51709E\'" onMouseOut="this.style.backgroundColor=\'#163975\'"><ilayer><layer height=20 width="100%" onMouseOver="this.bgColor=\'#51709E\'" onMouseOut="this.bgColor=\'#163975\'"> <a href="http://www.getthenews.net/cgi-bin/weather/weather.cgi" onFocus="if(this.blur)this.blur()"><font class=mt>US Weather</font></a></center></layer></ilayer></td></tr><tr>\ <td height=20 onMouseOver="this.style.backgroundColor=\'#51709E\'" onMouseOut="this.style.backgroundColor=\'#163975\'"><ilayer><layer height=20 width="100%" onMouseOver="this.bgColor=\'#51709E\'" onMouseOut="this.bgColor=\ ...[1437 bytes skipped]... Decoded script: </tr><tr><td height=20 align=center><font class=mt3>Weather</font></a></td></tr><tr><td height=20 onMouseOver="this.style.backgroundColor='#51709E'" onMouseOut="this.style.backgroundColor='#163975'"><ilayer><layer height=20 width="100%" onMouseOver="this.bgColor='#51709E'" onMouseOut="this.bgColor='#163975'"> <a href="http://www.getthenews.net/cgi-bin/weather/weather.cgi" onFocus="if(this.blur)this.blur()"><font class=mt>US Weather</font></a></center></layer></ilayer></td></tr><tr><td height=20 onMouseOver="this.style.backgroundColor='#51709E'" onMouseOut="this.style.backgroundColor='#163975'"><ilayer><layer height=20 width="100%" onMouseOver="this.bgColor='#51709E'" onMouseOut="this.bgColor='#163975'"> ...[1398 bytes skipped]... | ||
http://GetTheNews.net/HR.js | 200 OK Content-Length: 289 Content-Type: application/javascript | clean |
http://getthenews.net/M1.js | 200 OK Content-Length: 117 Content-Type: application/javascript | clean |
http://getthenews.net/cgi-bin/cached_feed.pl?c=Top%20stories&o=js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://getthenews.net/test404page.js | 404 Not Found Content-Length: 507 Content-Type: text/html | clean |
http://getthenews.net/M2.js | 200 OK Content-Length: 1810 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: getthenews.net
Result:
GET / HTTP/1.1
Host: getthenews.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: getthenews.net
Referer: http://www.google.com/search?q=getthenews.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: getthenews.net
Referer: http://www.google.com/search?q=getthenews.net
Result:
The result is similar to the first query. There are no suspicious redirects found.