Defacement rightly detected by Avast as HTML:Defacement-N[Trj]

What was detected? → http://copcourt.co.uk/mscor.php
Check that code here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fcopcourt.co.uk%2Fmscor.php
We get a ‘forbidden’ going here: http://toolbar.netcraft.com/site_report?url=https://securendn.a.ssl.fastly.net
See: https://securendn.a.ssl.fastly.net/newpanel/css/singlepage.css
Through mscor all running processes become listed…
Read: https://secure.php.net/manual/en/class.dotnet.php & https://stackoverflow.com/questions/152506/what-does-this-do-tasklist-m-mscor

polonus

Here we detect the following on an external link from a defaced website: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fid-pemula-javascript.googlecode.com%2Ffiles%2Fefek-salju.js
landing at: -http://www.milanobrotherslandscaping.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.milanobrotherslandscaping.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.12.2 : (active1) -http://www.milanobrotherslandscaping.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery-ui-dialog - 1.11.4 : (active1) -http://www.milanobrotherslandscaping.com/wp-includes/js/jquery/ui/dialog.min.js?ver=1.11.4
(active) - the library was also found to be active by running code
1 vulnerable library detected

Also Wordpress insecurity: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

Ultimate_VC_Addons
revslider
js_composer
mega_main_menu
LayerSlider
twitter-follow-me-box 2.1 latest release (2.0)
http://www.cirolini.com.br/wordpress-plugin-twiiter-follow-me-box/
contact-form-7 4.4 latest release (4.4.1) Update required
http://contactform7.com/

Warning User Enumeration is possible ::slight_smile:
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 milanobrothersla milanobrothersla

Warning Directory Indexing Enabled :o
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Insecure IDs tracking: 5% of the trackers on this site could be protecting you from NSA snooping. Tell milanobrotherslandscaping.com to fix it.

Tweet
All trackers
At least 4 third parties know you are on this webpage.

-Google
-Google
-shaaaaaaaaaaaaa.com
-www.milanobrotherslandscaping.com -www.milanobrotherslandscaping.com

Re: http://toolbar.netcraft.com/site_report?url=http://www.milanobrotherslandscaping.com

pol

Another hacked website correctly identified as JS:Defacement - Trojan

https://www.al-behar.com/oldwebsite/

Break that live link as this site comes blacklisted here: https://sitecheck.sucuri.net/results/www.al-behar.com
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.al-behar.com%2Foldwebsite%2F&ref_sel=GSP2&ua_sel=ff&fs=1
GoDaddy abuse, excessive server version info proliferation: Web Server:
Apache/2.4.18 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 and here: PHP/5.5.35

So earlier problems were mainly associated with weak hosting for Al Behar Group website at GoDaddy, LCC.

Linked: Externally Linked Host Hosting Provider Country

-hiddenymouz.or.id CloudFlare United States

Site is tracking mainly via facebook and google.apis

Nameserver soa issues and issues here - 8 problems wit a trust problem: https://mxtoolbox.com/domain/ns57.domaincontrol.com/

Privacy score status: https://privacyscore.org/site/36734/

Site does not redirect automatically to https while https version is available, no HSTS,
vulnerable to LUCKY13 attack and has RC4 outdated and insecure ciphers, no security headers set.

polonus (volunteer website security analyst and website error-hunter)