New scan:

Malware Scanner report for wedozerona.com

Malicious/Suspicious/Total urls checked
2/0/16
2 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/5
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

Hacked by KkK1337  (99 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://wedozerona.com/
200 OK
Content-Length: 465
Content-Type: text/html
suspicious
Deface/Content modification. The following signature was found: Hacked by KkK1337


<title>Hacked by KkK1337</title>
<body bgcolor="000000">
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Tangerine">
<style>
body {
font-family: 'Tangerine', serif;
font-size: 48px;
}
</style>
<center>
<p><img src="http://s27.postimg.org/5vsdrf8df/Umbrella_Security_Hackers_Cover_Image.png">
<p><font color="lime"><font size="8">Hacked by<font color="red"> KkK1337</font></text>


http://wedozerona.com/test404page.js
HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Sat, 21 Feb 2015 23:00:08 GMT
Pragma: no-cache
Location: http://www.wedozerona.com/test404page.js
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
X-Pingback: http://www.wedozerona.com/xmlrpc.php
clean
http://www.wedozerona.com/test404page.js
404 Not Found
Content-Length: 21674
Content-Type: text/html
clean
http://www.wedozerona.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
200 OK
Content-Length: 96402
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
200 OK
Content-Length: 7200
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/themes/zerona/js/jquery-ui-effects.js?ver=3.9.3
200 OK
Content-Length: 28079
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.9.3
200 OK
Content-Length: 33
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=3.9.3
200 OK
Content-Length: 24995
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=3.9.3
200 OK
Content-Length: 5337
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=3.9.3
200 OK
Content-Length: 891
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jquery.nivo.slider.pack.js?ver=2.4
200 OK
Content-Length: 16055
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)



(function($){var NivoSlider=function(element,options){var settings=$.extend({},$.fn.nivoSlider.defaults,options);var vars={currentSlide:0,currentImage:'',totalSlides:0,randAnim:'',running:false,paused:false,stop:false};var slider=$(element);slider.data('nivo:vars',vars);slider.css('position','relative');slider.addClass('nivoSlider');var kids=slider.children();kids.each(function(){var child=$(this);var link='';if(!child.is('img')){if(child.is('a')){child.addClass('nivo-imageLink');lin
... 3144 bytes are skipped ...
humbsFromRel:false,controlNavThumbsSearch:'.jpg',controlNavThumbsReplace:'_thumb.jpg',keyboardNav:true,pauseOnHover:true,manualAdvance:false,captionOpacity:0.8,prevText:'Prev',nextText:'Next',beforeChange:function(){},afterChange:function(){},slideshowEnd:function(){},lastSlide:function(){},afterLoad:function(){}};$.fn._reverse=[].reverse;})(jQuery);document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jquery.jj_ngg_shuffle.js?ver=3.9.3
200 OK
Content-Length: 541
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/jj-nextgen-jquery-slider/script/jjnggutils.js?ver=3.9.3
200 OK
Content-Length: 893
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


var JJNGGUtils = {

wordpressThumbs: function(html_id, use_thumbs) {
var nivo_images = jQuery("div#" + html_id + " img.nivo_image");
var src = null;
var i = null;
jQuery("div#" + html_id + " div.nivo-controlNav img").each(function(index, item) {
src = jQuery(nivo_images[index]).attr("src");
if(use_thumbs) {
i = src.lastIndexOf("/");
jQuery(item).attr("src", src.substr(0, i) + "/thumbs/thumbs_" + src.substr(i+1));
}else{
jQuery(item).attr("src", src);
}
});
},

wordpressThumbsCenterFix: function(html_id) {
jQuery("div#" + html_id + " div.nivo-controlNav img:first").addClass("first_thumb");
}

}document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>');

Antivirus reports:

ESET-NOD32
HTML/Iframe.B.Gen

http://www.wedozerona.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=3.9.3
500 timeout
Content-Length: 30
Content-Type: text/plain
clean
http://www.wedozerona.com/wp-content/plugins/gravityforms/js/jquery.json-1.3.js?ver=1.8.9
200 OK
Content-Length: 4884
Content-Type: text/javascript
clean
http://www.wedozerona.com/wp-content/plugins/gravityforms/js/jquery.placeholders.2.1.1.min.js?ver=1.8.9
200 OK
Content-Length: 4038
Content-Type: text/javascript
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: wedozerona.com

Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 21 Feb 2015 23:00:07 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 465
Content-Type: text/html
Last-Modified: Sun, 25 Jan 2015 14:01:11 GMT

...465 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: wedozerona.com
Referer: http://www.google.com/search?q=wedozerona.com

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=wedozerona.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wedozerona.com/

Result: wedozerona.com is not infected or malware details are not published yet.