Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.minber.kz&ref_sel=GSP2&ua_sel=ff&fs=1
1 vuln. jQuery library: http://retire.insecurity.today/#!/scan/ff90466d56de847dfc236466a698e4f7f43b25d62755e70570c0c6f8006ad6a9
2 issues on/for iad23s44-in-f10.1e100.net
→ https://sritest.io/#report/8afd6f4b-fb88-45b9-b3bf-5ca0bcac5fde
On CMS: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
youtube-shortcode 1.8.5 latest release (1.8.5)
http://www.margenn.com/tubal/youtube
google-analyticator 6.5.0.0 latest release (6.5.4) Update required
http://www.videousermanuals.com/google-analyticator/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
F-Grade status and recommendation: https://observatory.mozilla.org/analyze.html?host=www.minber.kz
Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.minber.kz%2Fwp-includes%2Fjs%2Fwp-emoji-release.min.js%3Fver%3D3c90b32b61a6f71f5a8f84965786ce1b
works on base/js/blockui.js vuln.
Also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.minber.kz%2Fwp-content%2Fthemes%2Fworldwide-v1-01%2Fstyle-custom.css%3Fver%3D3c90b32b61a6f71f5a8f84965786ce1b"+type%3D"text%2Fcss"+media%3D"all"
malicious file:
/2010/01/%d0%b6%d1%8b%d0%bb%d2%9b%d1%8b-%d0%b6%d3%99%d0%bd%d0%b5-%d2%9b%d0%b0%d0%b7%d0%b0%d2%9b-%d1%80%d1%83%d1%85%d1%8b/index dot htmlDetected on Quttera's.
Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain wXw.minbermedia.kz
Blacklisted external links: List of blacklisted external links: 4
-http://www.minbermedia.kz/wp-content/uploads/2010/01/8-бетке.jpg
-http://www.minbermedia.kz/wp-content/uploads/2010/01/3.jpeg *1
-http://www.minbermedia.kz/wp-content/uploads/2010/01/11.jpeg
-http://www.minbermedia.kz/wp-content/uploads/2010/01/4.jpeg
*1 → http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.minbermedia.kz%2Fwp-content%2Fuploads%2F2010%2F01%2F3.jpeg
overflow on
-www.youtube.com/yts/jsbin/www-US-vflVgXqjk/base.js benignProbably new validate installed. The important thing here is that the prototype property of function objects is not the prototype of an object. Info credits go to StackOverflow’s T. J. Crowder (pol)
[nothing detected] -www.youtube.com/yts/jsbin/www-US-vflVgXqjk/base.js
status: (referer=-http:/www.ask.com/web?q=puppies)saved 126720 bytes 1e6fc5f5e048a4fd1a1849b869ca404bf85cae4e
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [img] -www.youtube.com/yts/jsbin/www-US-vflVgXqjk/
info: [decodingLevel=0] found JavaScript
error: undefined function Object.create
error: undefined variable a.prototype
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var a.prototype = 1;
error: line:1: …^
info: DecodedMsg detected /info.ActiveXObject ShockwaveFlash.ShockwaveFlash.6 /info.ActiveXObject ShockwaveFlash.ShockwaveFlash.7
info: [decodingLevel=1] found JavaScript
file: 1e6fc5f5e048a4fd1a1849b869ca404bf85cae4e: 126720 bytes
file: ccc13d6f7aa9980752b8697e4655da0a15c65637: 379 bytes
No best policies - only 35% security score: https://en.internet.nl/domain/www.minbermedia.kz/91228/
polonus (volunteer website security analyst and website error-hunter)