What is out on this site?

See: http://urlquery.net/report.php?id=3153852 But VW gives unknown_html_google_malware
detected here: https://www.virustotal.com/en/url/1b6b1947740c0cd59a452d9456bc1b1da17665d211306b796f1c617993fa5b26/analysis/1371387621/
Also flagged here: http://scanurl.net/?u=http%3A%2F%2Ftvdata.be%2F&uesb=Check+This+URL#results
This is no longer responding on that IP: http://support.clean-mx.de/clean-mx/viruses.php?domain=panoland.net&response=

polonus

With a script blocker active and request policy extension, this script can be seen script src=“htxp://tvdata.be/script/script.js”
This was not found: script src=“http://tvdata.be/script/html5ie8.js” resulting in a 404 error
Poor Reputation – Web of Trust reports that this website has some degree of a poor reputation. This may include “scammy” behavior, technical dangers such as malware, or various other forms of low trust. Please review detailed ratings below for more info.
Domain: tvdata.be(comments)
Trustworthiness: Very Poor
Very Poor (3/100) [ weight: low (2/5) (14/100) ]
Vendor Reliability: Very Poor
Very Poor (2/100) [ weight: low (2/5) (14/100) ]
Privacy: Very Poor
Very Poor (2/100) [ weight: low (2/5) (14/100) ]
Child Safety: Very Poor
Very Poor (1/100) [ weight: low (2/5) (14/100) ] see: http://www.mywot.com/en/scorecard/tvdata.be
Site software seems vulnerable to these attacks, like: http://www.brianhaddock.com/2011/gaining-shell-access-via-local-file-inclusion-vulnerabilities
link article author is brian hadd

polonus

See: https://www.virustotal.com/en/url/b0e1c8ede51af34a80e83c38e608148d9103f92d6ae442358356517abf5b014e/analysis/1371398950/
Potential suspicious code: http://quttera.com/detailed_report/www.elblogderigo.info
Quettra scan results:

index
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details: Detected HTTP redirection to htxp://www.elblogderigo.info/.
File size[byte]: 4294967295
File type: Unknown
MD5: 00000000000000000000000000000000

Also see: http://jsunpack.jeek.org/?report=d41f82e021518fc95e24390fdd48831cbab60936 (visit with script blocker active and in a VM)
suspicious: maxruntime exceeded 10 seconds (incomplete) 39 bytes
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

 /*@cc_on!@*/
false 
  • code is a browser check using a IE feature called something along the lines of conditional comments. Basically, in IE /@cc_on!@/ will “evaluate” to ! thereby making var stIsIE = !false; which is true, of course. All other browsers will ignore the comment and set var stIsIE = false;.
    (*info from MrMoo from WebDeveloper dot com Forum)

polonus

Avast one of the few to detect: https://www.virustotal.com/en/url/b57669e481100abbba4f5b3b4fa95fcdd9608a02b3271373c5411170057b40f0/analysis/1371402254/
See: https://www.virustotal.com/en/file/75afda038141c4d36d657b5594013ef75baf0e62e539f91319514df17defe24a/analysis/1366271097/
Detected as HTML:RedirME-inf [Trj]
http://quttera.com/detailed_report/ww186.inboxmsg.com

pol