I am working on a customers website (wp), and i found something in the header that looks malicious - i have searched the web for what it is, but i cannot seem to find any answers - will you help me. The code that i found is
<script type="text/javascript" src="http://www.djkeun1bal.com/js/xxxx.js"></script>
<noscript><img src="http://www.djkeun1bal.com/xxxxx.png" style="display:none;" /></noscript>
I hope that you can help me here.
This tracking code is from a company called Lead Forensics - I added it a while ago to a customer site when they signed up to a trail with them.
I came across this question when searching for the djkeun1bal.com domain as I spotted the js when auditing their site and forgot I'd added it. They've done a good job of making it look malicious!
The number in the URLs is likely a customer ID with Lead Forensics - you may want to remove if from the SO question for privacy reasons.
Edited to add: www.djkeun1bal.com and tracker.leadforensics.com both resolve to lfvmeuw.cloudapp.net [104.40.215.103]. I'm not sure why they use two different domains. I guess one may be for privacy reasons, which I've just blown for them. Sorry!