I'm just trying to clear up some confusion here because after looking at it, I believe your main statement that this page exists to distribute malware is incorrect.
"look at the network traffic behind the page and understand what it was doing behind the scenes."
"based on the behavior of the traffic and my analysis with the information I had, I'd say I'm doing just fine with my technical expertise."
What analysis? You mean plug the domain into VirusTotal, Hybrid Analysis, and Sucuri and then regurgitate back what it told you? Okay but that != technical expertise.
"I'm fairly confident that this site does distribute malware, but I cannot say what kind and what it does other than establishing a connection to a remote host (possibly a botnet?)."
It does not distribute malware. The landing page is designed to make some dude in Pakistan money via a CPA affiliate company and the website generates it's traffic by forcing users to Like and Share the URL on Facebook. A very common tactic in the cpa offer spam scene. I would love to see your evidence that the page exists to spread malware.
In the Advanced Reading section of my 1st comment I put more information about how content locking pages like this work.
There isn't any confusion. As I mentioned, I said it was inclusive. Again, I also said I couldn't be sure. Based on the traffic I saw, it collected browser information along with some other tracking things. That kind of behavior can be found to be consistent with malware delivery. Also, I didn't regurgitate anything from Virus Total or SiteCheck, I only shared the links. You're taking something I did out of boredom and making it quite serious for no other reason than to be right on the internet, which is fine if that's how you feel but I'm not sure what you think is gained by arguing with me about it. Especially considering the majority of the article discusses the backend of the page and its behaviors. If you're taking issue with a few lines at the end of the page, then duly noted.
Also, I will update my article with your additions.. However, I should mention that perhaps it would be in your best interest not to approach people with hostility when trying to present an opposing view point. It immediately puts people on the defense and invalidates anything you want to share, no matter how relevant. This exchange could have gone differently. Just food for thought. Unless you just like fighting with people.. in which case, do you.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Antoinette,
I'm just trying to clear up some confusion here because after looking at it, I believe your main statement that this page exists to distribute malware is incorrect.
"look at the network traffic behind the page and understand what it was doing behind the scenes."
"based on the behavior of the traffic and my analysis with the information I had, I'd say I'm doing just fine with my technical expertise."
What analysis? You mean plug the domain into VirusTotal, Hybrid Analysis, and Sucuri and then regurgitate back what it told you? Okay but that != technical expertise.
"I'm fairly confident that this site does distribute malware, but I cannot say what kind and what it does other than establishing a connection to a remote host (possibly a botnet?)."
It does not distribute malware. The landing page is designed to make some dude in Pakistan money via a CPA affiliate company and the website generates it's traffic by forcing users to Like and Share the URL on Facebook. A very common tactic in the cpa offer spam scene. I would love to see your evidence that the page exists to spread malware.
In the Advanced Reading section of my 1st comment I put more information about how content locking pages like this work.
Cheers
Edit:
You can tell the websites get a lot of traffic by checking out the views on the images used in the landing page:
imgur.com/xzmclDm - 52,865,976 views
imgur.com/7FesHcD - 30,900,812 views
imgur.com/bsRA7ip - 3,546,875 views
imgur.com/x557web - 62,299,883 views
There isn't any confusion. As I mentioned, I said it was inclusive. Again, I also said I couldn't be sure. Based on the traffic I saw, it collected browser information along with some other tracking things. That kind of behavior can be found to be consistent with malware delivery. Also, I didn't regurgitate anything from Virus Total or SiteCheck, I only shared the links. You're taking something I did out of boredom and making it quite serious for no other reason than to be right on the internet, which is fine if that's how you feel but I'm not sure what you think is gained by arguing with me about it. Especially considering the majority of the article discusses the backend of the page and its behaviors. If you're taking issue with a few lines at the end of the page, then duly noted.
The internet is srs bizness. I'm just pointing out what I found VS you.
Cheers
And I appreciate your addition. Thank you.
Also, I will update my article with your additions.. However, I should mention that perhaps it would be in your best interest not to approach people with hostility when trying to present an opposing view point. It immediately puts people on the defense and invalidates anything you want to share, no matter how relevant. This exchange could have gone differently. Just food for thought. Unless you just like fighting with people.. in which case, do you.