See:
http://urlquery.net/report.php?id=7323919and
https://www.virustotal.com/nl/url/fd1de2c61b9b5595f6bf3a461cce88c24a7f2b40d82f867708edba43a99936a0/analysis/1383174487/Potentially suspicous files detected by Quttera's
/plugins/system/rokbox/rokbox.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar1173617662 = write; <code/>
Threat dump: View code
File size[byte]: 22076
File type: ASCII
MD5: 764636E4B741E13F6D3BCED66420A102
Scan duration[sec]: 0.180000
/plugins/system/rokbox/rokbox.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write <code> __tmpvar1262036121 = write; <code/>
Threat dump: View code
File size[byte]: 22076
File type: ASCII
MD5: 764636E4B741E13F6D3BCED66420A102
Scan duration[sec]: 0.123000
/images/kbdn/application_form.pdf
Severity: Potentially Suspicious
Reason: Detected PDF file containing potentially suspicious embedded file
Details: PDF contains embedded file with suspicious entropy level similar to shellcode payload.
File size[byte]: 61812
File type: PDF
MD5: 59429E01AE54E225E31F3560F2A97713
Scan duration[sec]: 0.552000
kbdn dot ca/plugins/system/rokbox/rokbox.js benign
[nothing detected] (script) kbdn dot ca/plugins/system/rokbox/rokbox.js
status: (referer=kbdn dot ca/)saved 22076 bytes 9837fadde68f6435eda50481709e09401681aeca
info: [decodingLevel=0] found JavaScript
suspicious: m
Eecommended scan results:
http://sitecheck.sucuri.net/results/kbdn.ca/The web site contains a remote javascript or iframe that is currently blacklisted. That can be used to infect visitors of your own web site and generate cross-site warnings. If you don't have access to the remote site, remove the link (or iframe or javascript) from your site pointing to it.
Also consider:
http://www.reversemx.com/mxip/66.209.177.194/Browser difference: Not identical
Google: 2543 bytes Firefox: 30963 bytes
Diff: 28420 bytes
First difference:
="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="kelowna, business, referral, group, oka...
External link to bad behaviour site:
http://wordpress.org/support/topic/site-hacked-tonight-info-and-questions e.g.
htxp://www.ioerror.us/bb2-support-key?key=f1182195 --> 'this url'
htxp://www.ioerror.us/bb2-support-key?key=f1182195 --> 'this url'
htxp://www.ioerror.us/bb2-support-key?key=f1182195 --> 'this url'
pol