1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

anyone willing to check a site that i think may contain malware?

Discussion in 'BlackHat Lounge' started by davids355, Jan 13, 2017.

  1. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,833
    Likes Received:
    7,440
    Home Page:
    Basically there is a website belonging to a potential client and I think it contains malware - when i went on it, there was popups and I got redirected.

    Now no matter how many times I visit the site and from different browsers, different device etc I cannot get any issues to occur.

    So I dont know if it was me and its actually another site that I had visited that caused the malware, or if the malware is now hiding itself from me because I have already visited.

    Tried running the site through virustotal.com and it comes back clean.

    checkde source code and there is some encoded stuff in there so to me it looks suspicious.

    Just wondering if anyone has a safe computer they could visit the site from or any other advise on how to confirm whether it does or does not contain malware.
     
  2. BlogPro

    BlogPro Power Member

    Joined:
    Apr 23, 2012
    Messages:
    521
    Likes Received:
    451
    PM me the details, please. I'll be happy to analyze it for you.
     
  3. Ste Fishkin

    Ste Fishkin Jr. VIP Jr. VIP Premium Member

    Joined:
    May 14, 2011
    Messages:
    2,047
    Likes Received:
    10,421
    Get the web host to scan the files for you.

    If it is infected and you're checking from the front end you will only see it when they want you to see it.
     
    • Thanks Thanks x 1
  4. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,967
    Likes Received:
    3,723
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    Look out for hidden code. Ask the client what things in the code doesn't recognize. Also contact your hosting provider for virus scan.
     
  5. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    11,450
    Likes Received:
    32,374
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  6. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,833
    Likes Received:
    7,440
    Home Page:
    Sent you a pm thanks.

    It's not an active client so I don't have access to the backend yet.

    Yea, I am pretty sure I can see some suspicious code.

    Thanks. I checked with virustotal and it came up clean but I'll try checking with all these sites; nice one.
     
  7. Taegn

    Taegn Junior Member

    Joined:
    Jul 22, 2016
    Messages:
    171
    Likes Received:
    32
    Scanners won't stop anything that is even moderately competent. You would need someone to look at it manually to get results that can be relied upon.
     
  8. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,967
    Likes Received:
    3,723
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    Totally. I have created the scammiest sites out there and those kinds of scanners never show anything :D
     
    • Thanks Thanks x 1
  9. Taegn

    Taegn Junior Member

    Joined:
    Jul 22, 2016
    Messages:
    171
    Likes Received:
    32
    Because the scanners are the real scammers ;)
    :D
     
    • Thanks Thanks x 1
  10. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,588
    Likes Received:
    11,728
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    Have you by any chance tried using the Fetch As Google (& Render) tool in your Google Search Console account.

    You should give it a try and compare the "what your visitors see" image to the "what Google sees" image.
     
  11. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,967
    Likes Received:
    3,723
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    You forgot Dr Oz in your sig bro. Guess he doesnt approve your sig bro. Gotta up your game, man.
     
  12. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,588
    Likes Received:
    11,728
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    Everyone approves of my 11/10 sig space, but I only have 3 lines and Elliot Rodger's approval was more important.
     
  13. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,967
    Likes Received:
    3,723
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    I dont know bro, but when dr oz approved my pills, customers started buying.
     
  14. BassTrackerBoats

    BassTrackerBoats Super Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    15,927
    Likes Received:
    29,261
    Occupation:
    Selling CPA Sites
    Location:
    Not England
    Home Page:
    Googled Elliot Rodger and gave you a warning for saying anyone is more important than Dr. Oz.

    Ask my wife.
     
    • Thanks Thanks x 2
  15. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,588
    Likes Received:
    11,728
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    No way...
    [​IMG]
    All right, all right, I'll add Dr. Oz. Sheesh! :rolleyes:

    PS. BTB didn't really warn me, I just Photoshopped that image.
     
    • Thanks Thanks x 2
    Last edited: Jan 13, 2017
  16. royserpa

    royserpa Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 28, 2011
    Messages:
    4,967
    Likes Received:
    3,723
    Gender:
    Male
    Occupation:
    Negative Options aka Rebills!
    Location:
    Exploiting Loopholes!
    Home Page:
    When a mod warns another to-be-mod member is epic lol!

    Dr oz >> Elliot R, any time bro.
    100% guaranteed by my customers! If i talked about elliot no one would buy! Haha
     
  17. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,588
    Likes Received:
    11,728
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    That image was Photoshopped; BTB didn't really warn me.

    Which reminds me, I should probably add a disclaimer to my last post stating that.
     
    • Thanks Thanks x 1
  18. BlogPro

    BlogPro Power Member

    Joined:
    Apr 23, 2012
    Messages:
    521
    Likes Received:
    451
    Sent you a PM. The site has malware and there are several payloads loading along with the page.

    I was able to recreate the redirect as well.
     
    • Thanks Thanks x 1
  19. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    9,833
    Likes Received:
    7,440
    Home Page:
    Ever get the feeling your thread has been hijacked :)

    Only joking, thanks for the replies guys and thanks for the confirmation @BlogPro