I’ve tried searching for more information about this but I can’t really find anything so it makes me think this is a false flag whenever I try to connect to Getmadd.com. Anyone know anything about this?
Welcome to the forums, akwey.
The source code for the page shows script outside of … block.
This is not proper and is suspicious.
Click the below link for more information :
http://www.UnmaskParasites.com/security-report/?page=www.getmadd.com
Hi akwey, Welcome to the forum
This website uses the webstat counter:
It is also outsite of the html block, which is against general web standards.
I think this is most likely the reason for the alert, and without that in the source code there is no alert - I have tested this.
-Scott-
[edit] Oops, CharleyO posted before…
[edit2]Found another post about webstat, from one of the ALWIL virus team, definitely dodgy…:
Hi akwey,
This is the script in question:
Writes
^img alt="Free Hit Counter" width="0" height="0" border="0" hspace="0" vspace="0" src=
"htXp://wXw.webstat.net/basic/counter.php?i=12156&r=&n=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3 ^^^^
B%20Windows^^^^%20NT%205.1%3B%20.NET%20CLR%201.1.4322%29&p=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3^=====^
B%20Windows%20NT%205.1%3B%20.^^NET%20CLR%201.1.4322%29&g=htXp%3A//getmadd.com&sd=24&sw=1024x768"^ ^script broken by me- pol
Last time webstat has suspicious content was on 2009-10-03.
Malicious software includes 437 scripting exploits.
This site was hosted on 1 network(s) including AS21844 (THEPLANET).
Also seen this code in the past there:
^script language="JavaScript" type="text/javascript"^
^!--
// Hit counter code for Webstat.net
var data = '&r=' + escape(document.referrer)
+ '&n=' + escape(navigator.userAgent)
+ '&p=' + escape(navigator.userAgent)
+ '&g=' + escape(document.location.href);
if (navigator.userAgent.substring(0,1)>'3')
data = data + '&sd=' + screen.colorDepth
+ '&sw=' + escape(screen.width+'x'+screen.height);
document.write('^i[b]mg alt[/b]="Website Counter" width="0" height="0" border="0" hspace="0" '+'vspace="0" src="hxtp://wXw.webstat.net/basic/counter.php?i=21095' + data + '">');
// --^...........
/script
webstat.net is on a block malware list, so the webadmin/hoster should consider another tracker…
polonus