Detected is a variant of Win32/Bundled.Toolbar.Google.C here: https://www.virustotal.com/nl/url/616a85b068efd31bc2afed439ec17e39496365524261a4722ab4fcd7eae8e770/analysis/1406490473/
and https://www.virustotal.com/nl/file/abb999b5f901471eab2692a5beed9ba9a8005577d23f22ea7fb9603007e2de51/analysis/1400082501/

Verdict here is inconclusive: http://app.webinspector.com/public/reports/23452471

Well the pcap files certainly flag some alerts here: https://www.virustotal.com/nl/file/8791a9c7e1a39a7e8e459f3e76afc829dc76e503f2dfd672613394e0feff955d/analysis/
Snort 3 alerts
Suricata 10 alerts

Could not be realized here: http://urlquery.net/report.php?id=1406491071730
see here: http://urlquery.net/report.php?id=1401864231838

Interesting for what comes down to us from there: http://www.herdprotect.com/domain-global-shared-files-l3.softonic.com.aspx

For users that have to wrestle with Win32/Toolbar.Conduit, Win32/Wajam (variant), Win32/Kryptik.BVVE (variant), Win3etc.
to leave their devices, this is no fun, I can assure you - one needs AdwareCleaner, JRT removal software and reset the browser settings to their defaults. Better avast! was to flag this crap dealer. 8)

polonus

Anything from softonic is suspect, imo. Softpedia is a different story.

SE redirect on scam site?

See: http://killmalware.com/producers-council.org/#
See under scripts at http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fproducers-council.org%2F&useragent=Fetch+useragent&accept_encoding=
Google browser Diff.: Not identical

Google: 22467 bytes Firefox: 528 bytes
Diff: 21939 bytes

First difference:
dif]–> fertilizer producer<!–[if lt ie 9]> <script src="http:…

External links to be checked: htxp://studenthealth.uiowa.edu/wellness → ‘htxp://studenthealth.uiowa.edu’
htxp://www.sph.umd.edu/hlsa/programs/phd_program.cfm → ‘htxp://www.sph.umd.edu/hlsa/pr’ benign
htxp://statcounter.com/free-hit-counter/ → ''blocked by one of my extensions"

Scam site because of code see attached fetch3 (non-visible statcounter code - reported at scammed.by forums

polonus

P.S. IP badness history exposed here: https://www.virustotal.com/nl/ip-address/173.237.137.21/information/

SE spam injection here? Site having a suspicious status for over 4 hrs now: http://killmalware.com/balconesdebentomiz.com/#
Blacklisted by Yandex and flagged thrice: https://www.virustotal.com/nl/url/4557f43a48000c161bc959711d4aec9eeecf66dc3d168caf45eef7a96d9bcc8c/analysis/1406581850/
The recommended scan at Sucuri’s gives all the details: http://sitecheck.sucuri.net/results/balconesdebentomiz.com/
Website Malware mwjs-include-suspicious?v14 htxp://balconesdebentomiz.com/
Website Malware mwjs-include-suspicious?v14 htxp://balconesdebentomiz.com//main.html
Website Malware mwjs-include-suspicious?v14 htxp://balconesdebentomiz.com//main.html
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-include-suspicious?v14
Given as malcious with 4 files at Quttera’s http://quttera.com/detailed_report/balconesdebentomiz.com
Site is vulnerable to attack: System Details:
Running on: Apache/2.2.26
System info: (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5
Outdated Web Server Apache Found: Apache/2.2.26
Javascript check:
Suspicious

título-2) →

Included script check: Suspect - please check list for unknown includes
htxp://www.aafencing.co.uk/count.php?id=5732232 => htxp://www.spiderline.net/fetch.php?q=site%3Awww.aafencing.co.uk&page=10 (!ink broken by me because of questionable WOT web rep. pol)

polonus

I generated the code for htxp://balconesdebentomiz.com/js/swfobject.js (uri found to be suspicious} using the online bobby van der sluis generator, see the results attached:
Very interesting for those into comparing the actual uri code and what should be generated there ;D
See URI Debugger actual injected code

polonus

Hi folks,

Great pleasure that I can report that avast! Webshield detects and blocks access to the site as infested with JS:Includer-BVV[Trj].
We are being protected.

polonus