Is this site safe?

[TuckerX]

Sorry to ask so many questions(I dont know that much about redirects). But what about the site that soes the redirecting?(the eebsite that i typed in that you said redirects you to a hijack) is that site safe or does it just does te redirecting to the bad site?(the one with the search default changer).     And After seeing your post just now, i asked more then two questions and what do you mean by the check is safe?

[polonus]

That site is doing the redirecting, yes, but only if you perform the typo to be redirected to the wrong typo site. So the redirect is only valid there where you go to the typo site. That is how devious it is. A normal domain parked site can be used for parking an undemanded  search site to score a couple of additional ad click dollars. This is not so here,  this is a domain park for a typo site. If you would have given in the site without a typo, no problem would have occurred. Ask a touchscreen pencil for Xmas and feel safer...
The check is safe is that that redirect only changed your default search settings (without your approval of course), that is all the "malware hijacker"did to let you go to their searchsite and earn on fraudulous clicks. It is all about money, you know...

polonus

[TuckerX]

thanks for the help polonus! But I also visited a site before that seemed to be malicious. when i scanned the site, it said that there were malicious javascripts. Website is checkwebsitesafe dot com without the www. It also had annoying popups that were probably pay per click ads. All the info was either outdated or wrong also. I visited the site on my Macbook laptop but I spilled coffee/hot chocolate on it and it broke. I dont remember if i visited the site on this iMac so i want to be sure. I also scanned the iMac with sophos and clamxav(i had them on this computer already) and it found nothing. Links to scan of website are first and then links to scan of the websites scan that I visited.(the website does scans to see if a site is safe or not using webutation,google safe browsing diagnostic etc.)
http://urlvoid.com/scan/checkwebsitesafe.com/
http://sitecheck.sucuri.net/results/checkwebsitesafe.com
http://zulu.zscaler.com/submission/show/a13f04f447c7457b42b5378d7d2a75bd-1354372705
http://urlquery.net/report.php?id=265499

and the 2nd one:
http://urlvoid.com/scan/checkwebsitesafe.com/
http://urlquery.net/report.php?id=265540
http://zulu.zscaler.com/submission/show/cb2e443ca64a247e91b0e93f92e550f3-1354372797

Could someone tell me if its safe? It didnt seem safe. I dont know why google would put that site on the second page when i searched for a website that could let me see if a link was safe or not.

[polonus]

Hi TruckerX,

What I get on that site is that it is a known scam and phish: http://www.mywot.com/en/scorecard/checkwebsitesafe.com?utm_source=addon&utm_content=popup-donuts
I get document.writeln(''); from htxp://bdv.bidvertiser.com/BidVertiser.dbm?pid%E2%89%88%20451302&bid%E2%89%88%201125316%22%20type%E2%89%88%20%22text/javascript%22 on that site
On BidVertiser hijacker, see: http://forum.avast.com/index.php?topic=98455.0
Read: http://khiaao.blogspot.nl/2011/03/virus-and-malware-in-bidvertiser-ads.html  article author khiaao

Suspicious recently and now given clean: http://zulu.zscaler.com/submission/show/6804f063be09fd245f0b61bd8d9ae923-1354380473

Quttera has 1 potentially suspicious file:
 Potentially Suspicious files: 1
all-include.js
File size[byte]:   
141000
Threat type:   
Potentially Suspicious
Details:   
Detected potentially suspicious content.
Reason:   
Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar20438881 = write; <code/>  (this is linux code malware  paths include /tmp, /var/tmp as we see here (remark from polonus)
MD5:   
2FBC99E74E3C107DAFB60F637BEB1755
Scan duration[sec]:   
1.017000   data from online Quttera scan for above website...

polonus

[TuckerX]

So what can you figure out about the site? Do you think i might have any malware from it? I never clicked on the bidvertiser ads from what i know

[TuckerX]

Also I did those seven steps you told me to so for chrome. The only thing waw that dsparking wasn even in my search options. I just had google chrome/google. I deleted the other search options(bing,yahoo,some sites that i use that were under there for search options) just in case because I dont even use them. Also does what you just said mean that i have malware on my iMac? I have scanned with two antiviruses and they disnt find anything malicious(clamXav and Sophos for mac home edition)

[polonus]

Hi TuckerX,

I think you just were startled a bit and not became in any way  infested or what. Just be aware of typo's. You know now why. Think you had a lucky escape. Thanks for reporting this anyway and for us having the privilege to dive into this issue. Certainly if it helps towards everyone's awareness,

polonus

[TuckerX]

Wait what about my question about checkwebsitesafe sot com?

[polonus]

If you are not redirected to specific sites you are free of this.

Try to search Google for something and click on the various search results that show up, if none of the results allow you to go to the appropriate site, you are infected. Instead you'll be redirected to sites like:
icityfind.com
scour.com
fastsfind.com
amusede.in
1freefiledownload.com
find-quick-results.com
bidvertiser.com

If not so you are not affected,

polonus

[TuckerX]

Ok so I guess i dont have anything. The bidvertiser redirect works on all plarforms right(windows,osx,linux) or does it only effect windows?. If it is only windows then I wont know if I have it or not.(i use a mac with no windows installed?

[polonus]

I would not worry one bit. It is an IE issue and windows related,

polonus

[TuckerX]

But can i send this to windows computers? I have a computer with windows on the same network and in the same house. I also send things to windows computers. This cant be spread to other computers/computers on the same network/in the same house, right?

[TuckerX]

So I should have no malware/something malicious on my iMac right? And if I did, it wouldnt effect me and be able to transfer itself to other conputers?

[!Donovan]

Hi TuckerX,

I think you are overreacting a bit... Was there any explicit differentiation after visiting the misspelled site? Did you readily find something new and unwanted upon the visit of this site?

~!Donovan

[TuckerX]

No i did not find anything new or strange on my computer. Like you said, i do tend to overreact about things. But is the bidvertiser thing also just a redirect? I dont seem ro get redirwcted when using google however. I just want to make sure my computer is clean of anything bad even if it doesnt effect me. I guess i am safe?