Scanned pages/files
Request | Server response | Status |
http://home.mebtel.net/ | HTTP/1.1 200 OK Connection: close Date: Wed, 14 Jan 2015 16:10:34 GMT Accept-Ranges: bytes ETag: "298153-60-46e9c660e2840" Server: Apache/2.2.3 (Red Hat) Content-Length: 96 Content-Type: text/html; charset=UTF-8 Last-Modified: Mon, 13 Jul 2009 20:45:13 GMT | clean |
http://www.mebtel.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 16:10:31 GMT Via: 1.1 varnish Age: 0 Location: http://dialup.centurylink.net/ Server: nginx Content-Type: text/html; charset=iso-8859-1 X-Varnish: 558940412 | clean |
http://dialup.centurylink.net/ | HTTP/1.1 302 Found Connection: close Date: Wed, 14 Jan 2015 16:10:32 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://centurylink.net/ Server: nginx Content-Length: 279 Content-Type: text/html; charset=iso-8859-1 X-Varnish: 3650927087 | clean |
http://centurylink.net/ | 200 OK Content-Length: 206310 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var aff_def = [ { valid_primary: true, regex: /\/sports\/|\/vendor\/espn\ }, { valid_primary: true, regex: /\/entertainment\/|\bhollyscoop\b|\bcelebritywire\b|e(?:\!|\%21)|\/player\/fiveminute\ }, { valid_primary: true, regex: /\/news\/read\/category\/top(?:\%20|\+|\s)news\/|\/news\/category\/(?:us|world|political)\ }, { valid_primary: false, regex: /\bcontext\=topsearches\b/i }, { valid_p { var omniture_affinityname = ["sports", "entertainment", "general news", "top searches", "video", "games", "weather", "search", "other"]; Syn.Tracking.Omniture.setSValues({'prop46':aff.primary===null?"(no affinity)":omniture_affinityname[aff.primary]}); var omniture_groupname = ["test", "control"]; Syn.Tracking.Omniture.setSValues({'prop47':omniture_groupname[aff.group]}); } if (aff_updated) aff_write(aff); } aff_update(); })(); Antivirus reports:
| ||
http://static.peridot.synacor.com/assets/res.php?j;embarqmail.com/centurylink;en_US;fe24b354;javascripts!scripts~components*services@3rdparty=marketwatch+globals$component_discovery,component^recommendations/visual_revenue?plugins{weather}personalizer|watercooler\tabbed[mostpopular]en_US($(!(=(jquery(jquery-1.4.2.min;{(jquery.jsonp-2.1.4;jquery.cookie;jquery.ba-tinypubsub;jquery.jstorage-0.1.4;jqu <span>...1473 symbols skipped</span> | 200 OK Content-Length: 301837 Content-Type: application/x-javascript | clean |
http://home.mebtel.net/toolbar | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
http://home.mebtel.net/test404page.js | 404 Not Found Content-Length: 293 Content-Type: text/html | clean |
http://home.mebtel.net/login | 404 Not Found Content-Length: 284 Content-Type: text/html | clean |
http://home.mebtel.net/search/?q=Super+Bowl&context=topsearches | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
http://home.mebtel.net/search/?q=Britney+Spears&context=topsearches | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
http://home.mebtel.net/search/?q=Credit+Report&context=topsearches | 404 Not Found Content-Length: 286 Content-Type: text/html | clean |
http://home.mebtel.net/selfcare/manage/?sc_cid=selfcare_hm_usernamemanagement | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://home.mebtel.net/selfcare/manage/?sc_cid=selfcare_hm_accessmanagement | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://home.mebtel.net/selfcare/manage/?sc_cid=selfcare_hm_emailsettings | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://home.mebtel.net/customization/index.php?user_action=billing | 404 Not Found Content-Length: 302 Content-Type: text/html | clean |
http://home.mebtel.net/username_management/?sc_cid=selfcare_hm_editmailbox | 404 Not Found Content-Length: 299 Content-Type: text/html | clean |
http://home.mebtel.net/selfcare/manage/?sc_cid=selfcare_hm_parentalcontrols | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://home.mebtel.net/ads/controls/?sc_cid=ad_controls_mysettings | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: home.mebtel.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Jan 2015 16:10:34 GMT
Accept-Ranges: bytes
ETag: "298153-60-46e9c660e2840"
Server: Apache/2.2.3 (Red Hat)
Content-Length: 96
Content-Type: text/html; charset=UTF-8
Last-Modified: Mon, 13 Jul 2009 20:45:13 GMT
...96 bytes of data.
GET / HTTP/1.1
Host: home.mebtel.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Jan 2015 16:10:34 GMT
Accept-Ranges: bytes
ETag: "298153-60-46e9c660e2840"
Server: Apache/2.2.3 (Red Hat)
Content-Length: 96
Content-Type: text/html; charset=UTF-8
Last-Modified: Mon, 13 Jul 2009 20:45:13 GMT
...96 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: home.mebtel.net
Referer: http://www.google.com/search?q=home.mebtel.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: home.mebtel.net
Referer: http://www.google.com/search?q=home.mebtel.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=home.mebtel.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://home.mebtel.net/
Result: home.mebtel.net is not infected or malware details are not published yet.
Result: home.mebtel.net is not infected or malware details are not published yet.