See for 6 instances of website malware here: http://sitecheck.sucuri.net/results/masterfotografo.com
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v24
document.write(‘’);
Blacklisted site: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=masterfotografo.com
and http://www.yandex.com/infected?url=masterfotografo.com&l10n=en
Live examples of such malcode: http://support.clean-mx.de/clean-mx/viruses.php?virusname=Troj/JSRedir-NZ&sort=id%20DESC
aka avast detects as: JS:Includer-BCE [Trj]
IP badness status: https://www.virustotal.com/nl/ip-address/72.167.131.28/information/

polonus

here it is
https://www.virustotal.com/en/file/9dbc9d1b2924e6172c4c1a6c56c74fa4dde90635ffd51383f40a672e5c0dd930/analysis/1421354528/

Hi Pondus,

That, JS:Includer-AUF [Trj], is just one of the two to be found there.

polonus

ga.js - 25/57
https://www.virustotal.com/en/file/9dbc9d1b2924e6172c4c1a6c56c74fa4dde90635ffd51383f40a672e5c0dd930/analysis/1421366915/

tabbing.js - 15/57
https://www.virustotal.com/en/file/fbfbb41a7d3c74360a53f1ff8984967efbd2e52fbd68ae328f03f0f559ef82f5/analysis/1421366656/

common.js - 23/57
https://www.virustotal.com/en/file/1102854ac5c0d0237df6b42769c2c434d4b90cc524ff60784a63ac7e6f337ada/analysis/1421366671/

Hi Pondus,

That is summing it all up very neatly, good to find we are being protected all around here .

polonus