See: https://www.virustotal.com/en/url/06db21e71b8991e23352525cd6b7d911affbf1a0033904c743fff5f6a26c8dfa/analysis/1455232295/
and see here for the file analysis: https://www.virustotal.com/en/file/9b6db13b52a7d4cceee047695862eb838d144917c89991742c6667bbfe60f6aa/analysis/1455185830/
Not flagged here: https://urlquery.net/report.php?id=1455232473567
Scan here OK: https://sritest.io/#report/2ca60af0-386a-40f8-8d83-85c4030c44a5
Retirable code flagged: -http://obatsirosishati.com/obat-herbal-ampuh-sembuhkan-sirosis-hati/
Detected libraries:
jquery-migrate - 1.2.1 : -http://obatsirosishati.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 2.1.3 : http://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
jquery - 1.11.3 : (active1) -http://obatsirosishati.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
angularjs - 1.3.5 : http://ajax.googleapis.com/ajax/libs/angularjs/1.3.5/angular.min.js
(active) - the library was also found to be active by running code
1 vulnerable library detected
Blocked by scriptblocker link to:
-http://dsms0mj1bbhn4.cloudfront.net/v2/c583ee95b4cd4d90f006e909aa60e15f526c7f3c/shrMain.min.js
& -http://s10.histats.com/js15.js 7 -http://px.owneriq.net/j/?pt=sholic&t=d|"Books%2520%2526%2520Magazines"&s=inte
WordPress CMS issues: WordPress Version
4.3.3
Version does not appear to be latest 4.4.2 - update now.
Check plug-in: simplecart
Warning User Enumeration is possible :o
user = Daniel log-in = Daniel
Warning Directory Indexing Enabled :o
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.
-//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FMaxidoid-Indonesia%2F527540334019967&width=620&height=290&colorscheme=light&show_faces=true&header=true&stream=false&show_border=true
-//www.facebook.com/plugins/likebox.php?href=https%3A%2F%2Fwww.facebook.com%2Fpages%2FMaxidoid-Indonesia%2F527540334019967&width=240&height=290&colorscheme=light&show_faces=true&header=true&stream=false&show_border=true
polonus (volunteer website security analyst and website error-hunter)