Google Safebrowsing blacklisted website with spammy links ....

Re: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fmarkkotchsres.com&ref_sel=GSP2&ua_sel=ff&fs=1
and http://killmalware.com/markkotchsres.com/http://www.freeformatter.com/html-validator.html;jsessionid=066FEDCF9F80939F328CF66F370065D5


     error: line:3: SyntaxError: invalid label:
          error: line:3: 1: < !DOCTYPE html> < html lang="en" dir="ltr"> < head> < title> Home< /title> < meta http-equiv="content-type" content="text/html; charset=UTF-8"> < meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> < link rel="stylesheet" type="text/css" hr
          error: line:3: ^ 
 file: 82b23703d7a8de0811a30e30c1789308a5abb176: 24078 bytes  

Spammy looking links
Any links with funky anchor text? Yes there are:

View on Mobile

DOM XSS source found: window.location.reload(true)

the interesting part: javascript: and vbscript: URIs. These are the ones that will bite you. The JavaScript and VBScript URI schemes are non-standard URI schemes that can be used to execute code in the context of the currently open web page. Sounds bad, doesn’t it? Well, it should. Consider our attacker-controlled variable foo: all an attacker has to do to launch an attack against your users is inject a script URI into the variable. When you assign it to location.href, it’s basically the same as calling eval on the script.
Quote-info credits go to: Stackoverflow’s jupinur
However the URL encoding of the message will give the attacker away easily…

Example: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.markkotchsres.com

Good Google Safebrowsing blocked that website for us all.

polonus (volunteer website security analyst and website error-hunter)