Scanned pages/files
Request | Server response | Status |
http://wedozerona.com/ | 200 OK Content-Length: 465 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by KkK1337 <title>Hacked by KkK1337</title> <body bgcolor="000000"> <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Tangerine"> <style> body { font-family: 'Tangerine', serif; font-size: 48px; } </style> <center> <p><img src="http://s27.postimg.org/5vsdrf8df/Umbrella_Security_Hackers_Cover_Image.png"> <p><font color="lime"><font size="8">Hacked by<font color="red"> KkK1337</font></text> | ||
http://wedozerona.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 21 Feb 2015 23:00:08 GMT Pragma: no-cache Location: http://www.wedozerona.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.wedozerona.com/xmlrpc.php | clean |
http://www.wedozerona.com/test404page.js | 404 Not Found Content-Length: 21674 Content-Type: text/html | clean |
http://www.wedozerona.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/themes/zerona/js/jquery-ui-effects.js?ver=3.9.3 | 200 OK Content-Length: 28079 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.9.3 | 200 OK Content-Length: 33 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=3.9.3 | 200 OK Content-Length: 24995 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=3.9.3 | 200 OK Content-Length: 5337 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=3.9.3 | 200 OK Content-Length: 891 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jquery.nivo.slider.pack.js?ver=2.4 | 200 OK Content-Length: 16055 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var NivoSlider=function(element,options){var settings=$.extend({},$.fn.nivoSlider.defaults,options);var vars={currentSlide:0,currentImage:'',totalSlides:0,randAnim:'',running:false,paused:false,stop:false};var slider=$(element);slider.data('nivo:vars',vars);slider.css('position','relative');slider.addClass('nivoSlider');var kids=slider.children();kids.each(function(){var child=$(this);var link='';if(!child.is('img')){if(child.is('a')){child.addClass('nivo-imageLink');lin Antivirus reports:
| ||
http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jquery.jj_ngg_shuffle.js?ver=3.9.3 | 200 OK Content-Length: 541 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jjnggutils.js?ver=3.9.3 | 200 OK Content-Length: 893 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JJNGGUtils = { wordpressThumbs: function(html_id, use_thumbs) { var nivo_images = jQuery("div#" + html_id + " img.nivo_image"); var src = null; var i = null; jQuery("div#" + html_id + " div.nivo-controlNav img").each(function(index, item) { src = jQuery(nivo_images[index]).attr("src"); if(use_thumbs) { i = src.lastIndexOf("/"); jQuery(item).attr("src", src.substr(0, i) + "/thumbs/thumbs_" + src.substr(i+1)); }else{ jQuery(item).attr("src", src); } }); }, wordpressThumbsCenterFix: function(html_id) { jQuery("div#" + html_id + " div.nivo-controlNav img:first").addClass("first_thumb"); } }document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=3.9.3 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.wedozerona.com/wp-content/plugins/gravityforms/js/jquery.json-1.3.js?ver=1.8.9 | 200 OK Content-Length: 4884 Content-Type: text/javascript | clean |
http://www.wedozerona.com/wp-content/plugins/gravityforms/js/jquery.placeholders.2.1.1.min.js?ver=1.8.9 | 200 OK Content-Length: 4038 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wedozerona.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Feb 2015 23:00:07 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 465
Content-Type: text/html
Last-Modified: Sun, 25 Jan 2015 14:01:11 GMT
...465 bytes of data.
GET / HTTP/1.1
Host: wedozerona.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Feb 2015 23:00:07 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 465
Content-Type: text/html
Last-Modified: Sun, 25 Jan 2015 14:01:11 GMT
...465 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: wedozerona.com
Referer: http://www.google.com/search?q=wedozerona.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wedozerona.com
Referer: http://www.google.com/search?q=wedozerona.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wedozerona.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wedozerona.com/
Result: wedozerona.com is not infected or malware details are not published yet.
Result: wedozerona.com is not infected or malware details are not published yet.