Hacked and defaced url - non-detect - non-malicious?

Viruses and worms
1

See: https://oscarotero.com/embed/demo/index.php?url=http://english4swp.com/nero.php
Mirrors on the same ( 119.31.234.193 ) Ip
Total Defacement:1
Recent Mirrors of 119.31.234.193 IP → http://toolbar.netcraft.com/site_report?url=http://english4swp.com
Source see: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenglish4swp.com%2Fnero.php
Origin Data

Other Meta	
{
    "html-title": "Hacked by 1337 h@x0r & Xyb3r D3vil",
    "charset": "UTF-8"
}

Nothing: http://isithacked.com/check/http%3A%2F%2Fenglish4swp.com%2Fnero.php
Powered by: PHP/5.3.29 vulnerable, so read: http://www.theregister.co.uk/2014/12/31/want_to_have_your_server_pwned_easy_run_php/
and http://w3techs.com/technologies/details/pl-php/5/all
Hack based on Google Font API bad request…

-http://english4swp.com/
Detected libraries:
jquery - 1.8.2 : -http://english4swp.com/templates/greenster/javascript/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-migrate - 1.2.1 : -http://english4swp.com/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : (active1) -http://english4swp.com/media/jui/js/jquery.min.js
(active) - the library was also found to be active by running code
2 vulnerable libraries detected → http://toolbar.netcraft.com/site_report?url=http://english4swp.com

Vulnerable Joomla code: -http://english4swp.com/components/com_k2/js/k2.js?v2.6.8&sitepath=/
See where it lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenglish4swp.com%2Fcomponents%2Fcom_k2%2Fjs%2Fk2.js%3Fv2.6.8%26sitepath%3D%2F
Dangerous link: -http://119.31.234.193/centrora/administrator/index.php
with script loading: Script loaded: -http://119.31.234.193/centrora/media/system/js/core.js
Script loaded: -http://119.31.234.193/centrora/media/system/js/mootools-core.js

Similar landing: http://www.domxssscanner.com/scan?url=http%3A%2F%2F119.31.234.193%2Fcentrora%2Fmedia%2Fsystem%2Fjs%2Fcore.js

and then we can get at: -http://119.31.234.193/centrora/administrator/templates/bluestork/favicon.ico
with Origin Meta Data:

 {
    "generator": "Joomla! - Open Source Content Management",
    "html-title": "Centrora Security - Administration",
    "shortcut icon": {
        "href": "-http://119.31.234.193/centrora/administrator/templates/bluestork/favicon.ico",
        "type": "image/-vnd.microsoft.icon" ***
    },
    "charset": "UTF-8"
}

Enjoy this somewhat more extended website security analysis, friends. *** which can be overwritten, read: http://forum.joomla.org/viewtopic.php?f=642&t=716099

polonus (volunteer website security analyst and website error-hunter)