Another one reported here: https://urlhaus.abuse.ch/url/194283/
Normal scans do not detect: https://sitecheck.sucuri.net/results/beansmedia.com
Vulnerabilities on Dutch hoster: https://www.shodan.io/host/149.210.131.83
Not flagged, but found suspicious: https://www.virustotal.com/en/url/a2c3460235978adeed8642e234285755fef6c6ebdec19661856f18bb1fa8cb43/analysis/
File detection by 8 parties: https://www.virustotal.com/en/file/1aa1035bf14484bc23b3a416785c947328c711113dacde652132be74fad8a8cf/analysis/1557510790/
HEUR:Trojan-Downloader.Script.Generic at a compromised website, connected to script at -https://worldclassvip.com/wp-content/themes/
…"FILE_733953041149US_May_10_2019.jsPKP
Also consider:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Ynt8bnNteyNbfC5eXW1gent1czE2YHdwLVtuXmx1I3tzYCNdXnVte250YHpucV5bQllbd2ZmR255TmxueVduXWA%3D~enc
Else one gets:
There was an error executing your search, please adjust your search-term and try again. Message:
[query_shard_exception] Failed to parse query [htxp://beansmedia.com/zeus16/wp-includes/Document/znqCiBYIwffGnyNlnyWnO/], with { index_uuid=“aYBbgOk3R4e_lF-b2ss6XQ” & index=“results-green” }
& for the main domain
'[token_mgr_error] token_mgr_error: Lexical error at line 1, column 23. Encountered: after : “”
On the hosting page:
https://urlscan.io/result/43863e69-50ac-4dd3-ae1f-b41d70f15367
polonus
According to the resources here the webite is offline: https://urlhaus.abuse.ch/url/194285/
But I get the following data here:
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
LiteSpeed
X-Powered-By:
PHP/5.6.40
IP Address:
-112.213.89.117
Hosting Provider:
SUPERDATA
Shared Hosting:
1112 sites found on -112.213.89.117
Outdated CMS: WordPress Version
4.2.23 Version does not appear to be latest
Issue: User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 admin admin
2 Vu Nguyen maypro
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Blacklisted website: https://sitecheck.sucuri.net/results/mayproduction.vn
Open to various threats (14): https://webscan.upguard.com/#/http://mayproduction.vn/
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bXx5cH1dI3VedFtdbi52bmA%3D~enc
polonus