Malware IP, CMS issues and script issues galore...

polonus · 2017-08-19T18:48:39.000Z

See IDs alerets: https://urlquery.net/report/3c05c666-4da8-41bd-a9e5-5ae2bf09a2b5
On IP: https://www.malwares.com/report/ip?ip=104.27.176.67 → https://www.projecthoneypot.org/ip_104.27.176.94
Not detected here: http://isithacked.com/check/avid4.com
4 vulnerable jQuery libraries: http://retire.insecurity.today/#!/scan/b916e183d477335c24342402287f6c6b62eeef4c1954feb9cb0084043e513fac
code: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.avid4.com&ref_sel=GSP2&ua_sel=ff&fs=1
On CMS: Web application version:
WordPress version from source: 4.8
WordPress version: 4.8
WordPress directory: -http://www.avid4.com/wp-content
WordPress theme: -http://www.avid4.com/wp-content/themes/avid-v2/

The following plugins were detected by reading the HTML source of the WordPress sites front page.

photo-gallery 1.3.28 latest release (1.3.51) Update required
https://web-dorado.com/products/wordpress-photo-gallery-plugin.html
photonic latest release (1.64)
https://aquoid.com/plugins/photonic/
print-o-matic 1.6.5 latest release (1.7.9) Update required
https://plugins.twinpictures.de/plugins/print-o-matic/
pinterest-pin-it-button 2.1.0.1 latest release (2.1.0.1)
http://pinplugins.com/pin-it-button-pro/
tablepress 1.6.1 latest release (1.8) Update required
https://tablepress.org/
contact-form-7 4.4 latest release (4.9) Update required
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

See: https://zulu.zscaler.com/submission/f5933af4-da36-4df6-8261-ecf55dfe7c16

F-Grade and recommendations: https://observatory.mozilla.org/analyze.html?host=www.avid4.com

B-status: https://sritest.io/#report/0ed7c76f-5712-4ffa-b535-a9b3809b87b2 (site has Open Graph status)
-my.hellobar.com/6401459ad8796884132ddda2429b34624881c5cf.js given as benign…

polonus (volenteer website security analyst and website error-hunter)

polonus · 2017-08-19T19:15:03.000Z

Nameserver -asp.reflexion.net
Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Domain Control Validated - RapidSSL(R),See www.rapidssl.com/resources/cps (c)14,GT53011388
Host name:
-outbound-mail-211-233.reflexion.net https://blog.skullsecurity.org/2010/watch-out-for-exim (on open netqmail smtpd 1.04)
Server type:
Apache-Coyote/1.1 ssl/http Apache Tomcat/Coyote JSP engine 1.1 Unix-gnu-linux
Open to account scanner exploit: https://www.exploit-db.com/exploits/18619/

polonus (volunteer website secruity analyst and website error-hunter)

Announcements