Scanned pages/files
Request | Server response | Status |
http://xn--liberacindemviles-nybe.es/ | 200 OK Content-Length: 17251 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/media/system/js/core.js | 200 OK Content-Length: 3746 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(Joomla)==="undefined"){var Joomla={}}Joomla.editors={};Joomla.editors.instances={};Joomla.submitform=function(a,b){if(typeof(b)==="undefined"){b=document.getElementById("adminForm");if(!b){b=document.adminForm}}if(typeof(a)!=="undefined"){b.task.value=a}if(typeof b.onsubmit=="function"){b.onsubmit()}if(typeof b.fireEvent=="function"){b.fireEvent("submit")}b.submit()};Joomla.submitbutton=function(a){Joomla.submitform(a)};Joomla.JText={strings:{},_:function(a,b){return typeof this.string Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://xn--liberacindemviles-nybe.es/media/system/js/mootools-core.js | 200 OK Content-Length: 84117 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://xn--liberacindemviles-nybe.es/media/system/js/caption.js | 200 OK Content-Length: 930 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption=new Class({initialize:function(b){this.selector=b;var a=$$(b);a.each(function(c){this.createCaption(c)},this)},createCaption:function(c){var b=document.createTextNode(c.title);var a=document.createElement("div");var e=document.createElement("p");var d=c.getAttribute("width");var f=c.getAttribute("align");if(!d){d=c.width}if(!f){f=c.getStyle("float")}if(!f){f=c.style.styleFloat}if(f==""||!f){f="none"}e.appendChild(b);e.className=this.selector.replace(".","_");c.parentNode.insertBefore(a,c);a.appendChild(c);if(c.title!=""){a.appendChild(e)}a.className=this.selector.replace(".","_");a.className=a.className+" "+f;a.setAttribute("style","float:"+f);a.style.width=d+"px"}});document.caption=null;window.addEvent("load",function(){var a=new JCaption("img.caption");document.caption=a});document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://xn--liberacindemviles-nybe.es/media/system/js/mootools-more.js | 200 OK Content-Length: 224519 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://xn--liberacindemviles-nybe.es/templates/beez_20/javascript/md_stylechanger.js | 200 OK Content-Length: 2234 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var prefsLoaded = false; var defaultFontSize = 100; var currentFontSize = defaultFontSize; var fontSizeTitle; var bigger; var smaller; var reset; var biggerTitle; var smallerTitle; var resetTitle; Object.append(Browser.Features, { localstorage: (function() { return ('localStorage' in window) && window.localStorage !== null; })() }); function setFontSize(fontSize) { document.body.style.fontSize = fontSize + '%'; } container.set('html', content); } function saveSettings() { writeFontSize(currentFontSize); } window.addEvent('domready', setUserOptions); window.addEvent('domready', addControls); window.addEvent('unload', saveSettings);document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://xn--liberacindemviles-nybe.es/templates/beez_20/javascript/hide.js | 200 OK Content-Length: 7834 Content-Type: application/x-javascript | suspicious |
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://www.demanda-trabajo.com/js/cookies.js | 200 OK Content-Length: 122091 Content-Type: application/x-javascript | clean |
http://xn--liberacindemviles-nybe.es/index.php/liberar-moviles | 200 OK Content-Length: 11272 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/ | 200 OK Content-Length: 17261 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/articulos-moviles | 200 OK Content-Length: 12236 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/liberar-blackberry | 200 OK Content-Length: 31478 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion | 200 OK Content-Length: 12294 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion/como-introducir-el-codigo-de-liberacion-en-zte | 200 OK Content-Length: 14508 Content-Type: text/html | clean |
http://xn--liberacindemviles-nybe.es/index.php/como-introducir-el-codigo-de-liberacion/ | 200 OK Content-Length: 12295 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 31 May 2014 20:11:57 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: feb84533eb29cb5c361edb691c103c00=aa49023cbc429e062afba7dd41248e14; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 31 May 2014 20:11:57 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: feb84533eb29cb5c361edb691c103c00=aa49023cbc429e062afba7dd41248e14; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es
Referer: http://www.google.com/search?q=xn--liberacindemviles-nybe.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xn--liberacindemviles-nybe.es
Referer: http://www.google.com/search?q=xn--liberacindemviles-nybe.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xn--liberacindemviles-nybe.es
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xn--liberacindemviles-nybe.es/
Result: xn--liberacindemviles-nybe.es is not infected or malware details are not published yet.
Result: xn--liberacindemviles-nybe.es is not infected or malware details are not published yet.