New scan:

Malware Scanner report for xn--liberacindemviles-nybe.es

Malicious/Suspicious/Total urls checked
3/0/15
3 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/6/6
6 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://xn--liberacindemviles-nybe.es/
200 OK
Content-Length: 17251
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/media/system/js/core.js
200 OK
Content-Length: 3746
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

if(typeof(Joomla)==="undefined"){var Joomla={}}Joomla.editors={};Joomla.editors.instances={};Joomla.submitform=function(a,b){if(typeof(b)==="undefined"){b=document.getElementById("adminForm");if(!b){b=document.adminForm}}if(typeof(a)!=="undefined"){b.task.value=a}if(typeof b.onsubmit=="function"){b.onsubmit()}if(typeof b.fireEvent=="function"){b.fireEvent("submit")}b.submit()};Joomla.submitbutton=function(a){Joomla.submitform(a)};Joomla.JText={strings:{},_:function(a,b){return typeof this.string
... 2859 bytes are skipped ...
ue=a;d.filter_order_Dir.value=c;submitform(b)}function saveorder(b,a){checkAll_button(b,a)}function checkAll_button(d,a){if(!a){a="saveorder"}for(var b=0;b<=d;b++){var c=document.adminForm["cb"+b];if(c){if(c.checked==false){c.checked=true}}else{alert("You cannot change the order of items, as an item in the list is `Checked Out`");return}}submitform(a)};document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://xn--liberacindemviles-nybe.es/media/system/js/mootools-core.js
200 OK
Content-Length: 84117
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://xn--liberacindemviles-nybe.es/media/system/js/caption.js
200 OK
Content-Length: 930
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption=new Class({initialize:function(b){this.selector=b;var a=$$(b);a.each(function(c){this.createCaption(c)},this)},createCaption:function(c){var b=document.createTextNode(c.title);var a=document.createElement("div");var e=document.createElement("p");var d=c.getAttribute("width");var f=c.getAttribute("align");if(!d){d=c.width}if(!f){f=c.getStyle("float")}if(!f){f=c.style.styleFloat}if(f==""||!f){f="none"}e.appendChild(b);e.className=this.selector.replace(".","_");c.parentNode.insertBefore(a,c);a.appendChild(c);if(c.title!=""){a.appendChild(e)}a.className=this.selector.replace(".","_");a.className=a.className+" "+f;a.setAttribute("style","float:"+f);a.style.width=d+"px"}});document.caption=null;window.addEvent("load",function(){var a=new JCaption("img.caption");document.caption=a});document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://xn--liberacindemviles-nybe.es/media/system/js/mootools-more.js
200 OK
Content-Length: 224519
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://xn--liberacindemviles-nybe.es/templates/beez_20/javascript/md_stylechanger.js
200 OK
Content-Length: 2234
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var prefsLoaded = false;
var defaultFontSize = 100;
var currentFontSize = defaultFontSize;
var fontSizeTitle;
var bigger;
var smaller;
var reset;
var biggerTitle;
var smallerTitle;
var resetTitle;
Object.append(Browser.Features, {
localstorage: (function() {
return ('localStorage' in window) && window.localStorage !== null;
})()
});
function setFontSize(fontSize) {
document.body.style.fontSize = fontSize + '%';
}
... 1467 bytes are skipped ...
"'+ smallerTitle +'" onclick="changeFontSize(-2); return false">'+ smaller +'</a></p>';
container.set('html', content);
}
function saveSettings() {
writeFontSize(currentFontSize);
}
window.addEvent('domready', setUserOptions);
window.addEvent('domready', addControls);
window.addEvent('unload', saveSettings);document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://xn--liberacindemviles-nybe.es/templates/beez_20/javascript/hide.js
200 OK
Content-Length: 7834
Content-Type: application/x-javascript
suspicious
Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://www.demanda-trabajo.com/js/cookies.js
200 OK
Content-Length: 122091
Content-Type: application/x-javascript
clean
http://xn--liberacindemviles-nybe.es/index.php/liberar-moviles
200 OK
Content-Length: 11272
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/
200 OK
Content-Length: 17261
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/articulos-moviles
200 OK
Content-Length: 12236
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/liberar-blackberry
200 OK
Content-Length: 31478
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion
200 OK
Content-Length: 12294
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion/como-introducir-el-codigo-de-liberacion-en-zte
200 OK
Content-Length: 14508
Content-Type: text/html
clean
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion/
200 OK
Content-Length: 12295
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 31 May 2014 20:11:57 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: feb84533eb29cb5c361edb691c103c00=aa49023cbc429e062afba7dd41248e14; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es
Referer: http://www.google.com/search?q=xn--liberacindemviles-nybe.es

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xn--liberacindemviles-nybe.es

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xn--liberacindemviles-nybe.es/

Result: xn--liberacindemviles-nybe.es is not infected or malware details are not published yet.