See: http://www.unmaskparasites.com/web-page-options/?url=http%3A//otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri/&susp=1 Suspicious Inline Script found -
Sucuri gives clean: web site: otavalosonline.com
status: Verified Clean
web trust: Not Blacklisted
Given clean here also: http://siteinspector.comodo.com/public/reports/449749
There was a Wordpress injection attack-“affiliate ping-pong”, but the one given at unmasked parasites and here: http://www.malwareblacklist.com/searchClearingHouse.php?search=otavalosonline.com
cannot be found in the actual code now:
see: -jsunpack → report=44aae7e5e24a20ce20c8f137603837a1b50a7453, see decoded file there f7d4/cd5946e03f551e06b28e4c629bb569aacaa9

polonus

Wepawet
http://wepawet.iseclab.org/view.php?hash=938f9eb63c4b266526fdfbe693786eb8&t=1319010551&type=js

Jotti - otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri BINGO :wink:
http://virusscan.jotti.org/en/scanresult/726bd61d4c152ca4e2211b2faa51b56ddd9e5b7c

Hi Pondus,

Thanks for verifying. Indeed infected: -http://otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri redirects to -http://otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri/

Checking with DrWeb’s online checker: -http://otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri/
Engine version: 5.0.2.3300
Total virus-finding records: 2686865
File size: 9435 bytes
File MD5: f293318701a11201845026766d6cdf60

-http://otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri/ - archive HTML

-http://otavalosonline.com/pawkaraymi/pr2005/basquetbyshyri//javascript.0 infected with VBS.Psyme.377 which avast detects as VBS:Malware-gen,

polonus

Hi Pondus,

Then there is this: [714166] -http://otavalosonline.com/pawkaraymi/pr2005/Inaguracion_LRosero/index.htm

URL has been seen with the following file: 8495A336F728D12EA833EEFA22E968CB
see: http://urlquery.net/queued.php?id=5492
Also infected with the same malware…VBS:Malware-gen,

polonus

yepp BINGO again

Jotti - otavalosonline.com/pawkaraymi/pr2005/Inaguracion_LRosero/index.htm
http://virusscan.jotti.org/en/scanresult/81a17dc5c07a98dbffea6a4c37a3dd0e5b914a0c