Getmadd.com JS:ScriptIP-inf [Trj]

I’ve tried searching for more information about this but I can’t really find anything so it makes me think this is a false flag whenever I try to connect to Getmadd.com. Anyone know anything about this?


Welcome to the forums, akwey. :slight_smile:

The source code for the page shows script outside of … block.

This is not proper and is suspicious.

Click the below link for more information :

http://www.UnmaskParasites.com/security-report/?page=www.getmadd.com


Hi akwey, Welcome to the forum :slight_smile:

This website uses the webstat counter:

It is also outsite of the html block, which is against general web standards.
I think this is most likely the reason for the alert, and without that in the source code there is no alert - I have tested this.

-Scott-

[edit] Oops, CharleyO posted before…
[edit2]Found another post about webstat, from one of the ALWIL virus team, definitely dodgy…:

Hi akwey,

This is the script in question:

Writes

^img alt="Free Hit Counter" width="0" height="0" border="0" hspace="0" vspace="0" src=
"htXp://wXw.webstat.net/basic/counter.php?i=12156&r=&n=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3 ^^^^
B%20Windows^^^^%20NT%205.1%3B%20.NET%20CLR%201.1.4322%29&p=Mozilla/4.0%20%28compatible%3B%20MSIE%207.0%3^=====^
B%20Windows%20NT%205.1%3B%20.^^NET%20CLR%201.1.4322%29&g=htXp%3A//getmadd.com&sd=24&sw=1024x768"^ ^script broken by me- pol
 

Last time webstat has suspicious content was on 2009-10-03.
Malicious software includes 437 scripting exploits.

This site was hosted on 1 network(s) including AS21844 (THEPLANET).
Also seen this code in the past there:


^script language="JavaScript" type="text/javascript"^
^!--
  // Hit counter code for Webstat.net
  var data = '&r=' + escape(document.referrer)
	+ '&n=' + escape(navigator.userAgent)
	+ '&p=' + escape(navigator.userAgent)
	+ '&g=' + escape(document.location.href);
  if (navigator.userAgent.substring(0,1)>'3')
    data = data + '&sd=' + screen.colorDepth 
	+ '&sw=' + escape(screen.width+'x'+screen.height);
  document.write('^i[b]mg alt[/b]="Website Counter" width="0" height="0" border="0" hspace="0" '+'vspace="0" src="hxtp://wXw.webstat.net/basic/counter.php?i=21095' + data + '">');
// --^...........
/script 

webstat.net is on a block malware list, so the webadmin/hoster should consider another tracker…

polonus