See: http://urlquery.net/report.php?id=1449619463299
IP badness info: http://www.tcpiputils.com/browse/ip-address/217.9.143.94
See: https://www.virustotal.com/nl/ip-address/217.9.143.94/information/
See: http://samesites.com/ip/217.9.143.94
Web application version:
WordPress version: WordPress 4.3.1
Wordpress Version 4.1 based on: -http://www.enroute.is//wp-includes/js/autosave.js
All in One SEO Pack version: 2.2.7.4
WordPress theme: -http://www.enroute.is/wp-content/themes/altair/
Execcive Webserver Header Info Proliferation: Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 (Please, do not lett your headers speak that loud!).
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
revslider
wpclef 2.3.0 latest release (2.3.1) Update required
http://wordpress.org/extend/plugins/wpclef
all-in-one-seo-pack 2.2.7.4 latest release (2.2.7.4)
http://semperfiwebdesign.com
theme-blvd-responsive-google-maps 1.0.2 latest release (1.0.2)
contact-form-7 4.3 latest release (4.3.1) Update required
http://contactform7.com/
Warning User Enumeration is possible. It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
-http://enroute.is
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.enroute.is/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://www.enroute.is/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected
Example of malcode -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.enroute.is%2Fwp-includes%2Fjs%2Fwp-emoji-release.min.js%3Fver%3D4.3.1 (to see scan launch link minus -, only for advanced security apt users).
polonus (volunteer website security analyst and website error-hunter)