A PHISH on an insecure website with Word Press CMS

Viruses and worms
1

Re: https://urlquery.net/report/cabd2d48-a558-4add-b735-4ad735083762
31 instances of PHISHING.

WordPress Version -Version does not appear to be latest
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lmt0bXN0dSNbXS5wbA%3D%3D~enc

16 direct threats: https://app.upguard.com/#/ktmstudio.pl/images/wp-admin/index.html

Dom-XSS issues: results from scanning URL: -http://www.ktmstudio.pl/wp-content/themes/monstroid2/assets/js/jquery.ui.totop.min.js?ver=1.2.0
Number of sources found: 41
Number of sinks found: 17
& results from scanning URL: -http://www.ktmstudio.pl/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=4.4.6
Number of sources found: 56
Number of sinks found: 10
Site blacklisted: https://sitecheck.sucuri.net/results/www.ktmstudio.pl

Outdated Software Detected
PHP under 7.3.1

1 vuln. library detected: https://retire.insecurity.today/#!/scan/b36ce29efbe3fd253be1ebd308dc2853e691f31968cf56a9d1e60914ae6e808b
jquery 1.12.4 Found in -http://www.ktmstudio.pl/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution

Detected 110 times during last 30 days: https://checkphish.ai/ip/195.162.24.218
195.162.24.218 · 02.04.2019 [ K ], PL, Scan Attempt: SystemKylosHack-Info. AS48505 Kylos sp. z o.o. | Kylos | Kylos sp. z o.o… Poland, Łódź. flagged at http://fackers.ru/page/31/

it’s not very smart to publish just IP addresses or ranges. It is not a secret that many IP addresses are dynamic, therefore, to search for a bully you need data on the date and time of the attack, and preferably an extract from the log file. info credits go to Инкогнито

Additional IP info can however be sought from -VT, Shodan, Censys (account), Netcraft Site Report, urlscan.io/#195.162.24.218 (11 months ago)

polonus (volunteer 3rd party cold reconnaisance website security analyst and website error-hunter)