Scanned pages/files
Request | Server response | Status |
http://mela-news.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 19 Apr 2014 18:18:05 GMT Location: http://www.mela-news.com/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.mela-news.com/xmlrpc.php X-Powered-By: PHP/5.2.17 X-Powered-By: PleskLin | clean |
http://www.mela-news.com/ | 200 OK Content-Length: 43070 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/scrollto.js | 200 OK Content-Length: 4458 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(d){var k=d.scrollTo=function(a,i,e){d(window).scrollTo(a,i,e)};k.defaults={axis:'xy',duration:parseFloat(d.fn.jquery)>=1.3?0:1};k.window=function(a){return d(window)._scrollable()};d.fn._scrollable=function(){return this.map(function(){var a=this,i=!a.nodeName||d.inArray(a.nodeName.toLowerCase(),['iframe','#document','html','body'])!=-1;if(!i)return a;var e=(a.contentWindow||a).document||a.ownerDocument||a;return d.browser.safari||e.compatMode=='BackCompat'?e.body:e.documentElement Antivirus reports:
| ||
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/grigo.js | 200 OK Content-Length: 5137 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { $('.sid_left_inside li a, .sid_right_inside li a, .first_footer_center li').hover(function() { $(this).stop().animate({'paddingLeft': '5px'},200); },function() { $(this).stop().animate({'paddingLeft': '0'},200); }); $('.my_thumb').hover(function() { $(this).find("a.thumb_shadow").stop(); $(this).find("a.thumb_shadow").css("background-position","-110px 0"); $(this).find("a.thumb_shadow").animate({backgroundP Antivirus reports:
| ||
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/banner.js | 200 OK Content-Length: 4343 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(6($){$.1g.1w=6(o){o=$.1f({r:n,x:n,N:n,17:q,J:n,L:1a,16:n,y:q,u:12,H:3,B:0,k:1,K:n,I:n},o||{});8 G.R(6(){p b=q,A=o.y?"15":"w",P=o.y?"t":"s";p c=$(G),9=$("9",c),E=$("10" Antivirus reports:
| ||
http://www.mela-news.com/wp-content/themes/grigo/grigo/js/jcarousellite.js | 200 OK Content-Length: 16176 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.jCarouselLite = function(o) { o = $.extend({ btnPrev: null, btnNext: null, btnGo: null, mouseWheel: false, auto: null, speed: 200, easing: null, vertical: false, circular: true, visible: 3, start: 0, scroll: 1, beforeStart: null, afterEnd: null }, o || {} Antivirus reports:
| ||
http://www.mela-news.com/wp-includes/js/jquery/jquery.js?ver=1.4.2 | 200 OK Content-Length: 72194 Content-Type: application/x-javascript | clean |
http://static.addtoany.com/menu/page.js | 200 OK Content-Length: 55948 Content-Type: application/javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 97628 Content-Type: application/javascript | clean |
http://static.ak.connect.facebook.com/connect.php/it_IT | 200 OK Content-Length: 165604 Content-Type: application/x-javascript | clean |
http://www.bloggeritaliani.it/mrx/bi/bi20antipixel.js | 404 Not Found Content-Length: 18164 Content-Type: text/html | clean |
http://www.bloggeritaliani.it/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://www.bloggeritaliani.it/wp-content/plugins/sharebar/js/sharebar.js?ver=3.3.1 | 200 OK Content-Length: 1802 Content-Type: application/javascript | clean |
http://www.bloggeritaliani.it/wp-content/themes/bi20/js/audio-player.js?ver=20110823 | 200 OK Content-Length: 11738 Content-Type: application/javascript | clean |
http://www.bloggeritaliani.it//www.google.it/jsapi/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 19 Apr 2014 18:18:14 GMT Pragma: no-cache Location: http://www.bloggeritaliani.it/www.google.it/jsapi/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Sat, 19 Apr 2014 18:18:14 GMT Set-Cookie: 60gpBAK=R1224225179; path=/; expires=Sat, 19-Apr-2014 19:18:05 GMT Set-Cookie: 60gp=R4109772328; path=/; expires=Sat, 19-Apr-2014 19:25:21 GMT X-Pingback: http://www.bloggeritaliani.it/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.bloggeritaliani.it/www.google.it/jsapi/ | 404 Not Found Content-Length: 11856 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mela-news.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 19 Apr 2014 18:18:05 GMT
Location: http://www.mela-news.com/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.mela-news.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
X-Powered-By: PleskLin
...0 bytes of data.
GET / HTTP/1.1
Host: mela-news.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 19 Apr 2014 18:18:05 GMT
Location: http://www.mela-news.com/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.mela-news.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
X-Powered-By: PleskLin
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mela-news.com
Referer: http://www.google.com/search?q=mela-news.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mela-news.com
Referer: http://www.google.com/search?q=mela-news.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mela-news.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mela-news.com/
Result: mela-news.com is not infected or malware details are not published yet.
Result: mela-news.com is not infected or malware details are not published yet.