My website has been infected (malware help!)

alejandrolopez269908 · June 18, 2020, 10:02am

Hello,

Thank you very much for your help. Currently I have a website created in Wordpress. My website is it.cuberspremium.com
When visitors enter they are redirected to misleading advertising. Giveaways, coupons, prizes. I need help to solve this problem. Some tips are appreciated.

Thanks!

Asyn · June 18, 2020, 10:23am

→ https://sitecheck.sucuri.net/results/https/it.cuberspremium.com

polonus · June 18, 2020, 11:53am

This is being flagged and blocked by uMatrix for me: link to -https://www.googletagmanager.com/ns.html?id=GTM-NDLJLP5
hence JavaScript error: File not found: -https://www.googletagmanager.com/gtm.js?id=GTM-NDLJLP5
Re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=W3QuXnVie31zcH17bVt1bS5eXW0%3D~enc
What is the external redirection to URL: -https://www.faithendowment.net/
XSS-DOM scan resulted in:
Number of sources found: 41
Number of sinks found: 17

So the "interference"may come from https://www.shodan.io/host/208.91.197.132
Confluence Networks → not secure: -http://unifwd.com/

Retirabl;e jQuery library detected

jquery 1.12.4 Found inhttps://it.cuberspremium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

SSL-grade = A

Quicksource Review:

HTML
-it.cuberspremium.com/
102,286 bytes, 683 nodes

Javascript 142 (external 106, inline 36)
-s.ytimg.com/yts/jsbin/www-widgetapi-vflwbnX7L/www-widgetapi.js
INJECTED

-www.youtube.com/iframe_api
-www.googletagmanager.com/gtm.js?id=GTM-NDLJLP5
INLINE: (function() { let alreadyInsertedMetaTag = false function __insertDappDete
1,238 bytes

INLINE: (function(w,d,s,l,i){w[l]=w[l]||;w[l].push({‘gtm.start’: new Date().getTime(),
341 bytes

INLINE: window._wpemojiSettings = {“baseUrl”:"https://s.w.org/images/core/emoji
2,223 bytes

-it.cuberspremium.com/wp-includes/js/wp-emoji-release.min.js?ver=5.3.4
-it.cuberspremium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
-it.cuberspremium.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
INLINE: var doc = document.documentElement; doc.setAttribute( ‘data-useragent’, n
104 bytes

INLINE: document.write(new Date().getFullYear());
41 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/modernizr.js?ver=3.3.1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fitvids.js?ver=1.1
INLINE: /* <![CDATA[ */ var fusionVideoGeneralVars = {“status_vimeo”:“1”,“status_yt”:"1
94 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-general.js?ver=1
INLINE: /* <![CDATA[ */ var fusionLightboxVideoVars = {“lightbox_video_width”:“1280”,"l
120 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.ilightbox.js?ver=2.2.3
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.mousewheel.js?ver=3.0.6
INLINE: /* <![CDATA[ */ var fusionLightboxVars = {“status_lightbox”:“1”,"lightbox_galle
617 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-lightbox.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/imagesLoaded.js?ver=3.1.8
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/isotope.js?ver=3.0.4
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/packery.js?ver=2.0.0
INLINE: /* <![CDATA[ */ var avadaPortfolioVars = {“lightbox_behavior”:“all”,"infinite_f
270 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-core/js/min/avada-portfolio.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.infinitescroll.js?ver=2.1
-it.cuberspremium.com/wp-content/plugins/fusion-core/js/min/avada-faqs.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/library/Chart.js?ver=2.7.1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-chart.js?ver=1
INLINE: /*
83 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-bg-image.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/cssua.js?ver=2.1.28
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.waypoints.js?ver=2.0.3
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-waypoints.js?ver=1
INLINE: /* <![CDATA[ */ var fusionAnimationsVars = {“status_css_animations”:“desktop”};
91 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=1
INLINE: /* <![CDATA[ / var fusionEqualHeightVars = {“content_break_point”:“1200”}; /
87 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-equal-heights.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fade.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-parallax.js?ver=1
INLINE: /* <![CDATA[ */ var fusionVideoBgVars = {“status_vimeo”:“1”,“status_yt”:“1”}; /
89 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1
INLINE: /* <![CDATA[ */ var fusionContainerVars = {“content_break_point”:“1200”,"contai
209 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-container.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-content-boxes.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countdown.js?ver=1.0
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-countdown.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countTo.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.appear.js?ver=1
INLINE: /* */
81 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-box.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easyPieChart.js?ver=2.1.7
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-circle.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-flip-boxes.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-gallery.js?ver=1
INLINE: /* <![CDATA[ */ var fusionMapsVars = {“admin_ajax”:"https://it.cuberspremium.
123 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fusion_maps.js?ver=2.2.2
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-google-map.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.event.move.js?ver=2.0
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-image-before-after.js?ver=1.0
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.modal.js?ver=3.1.1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-modal.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-progress.js?ver=1
INLINE: /* <![CDATA[ */ var fusionRecentPostsVars = {“infinite_loading_text”:"Loadi
184 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-recent-posts.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-syntax-highlighter.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.transition.js?ver=3.3.6
it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tab.js?ver=3.1.1
INLINE: /* */
79 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-tabs.js?ver=1
t.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.cycle.js?ver=3.0.3
INLINE: /* <![CDATA[ / var fusionTestimonialVars = {“testimonials_speed”:“4000”}; / ]
86 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-testimonials.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.textillate.js?ver=2.0
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-title.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.collapse.js?ver=3.1.1
-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-toggles.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/vimeoPlayer.js?ver=2.2.1
INLINE: /* */
71 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-video.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverintent.js?ver=1
-it.cuberspremium.com/wp-content/plugins/fusion-core/js/min/fusion-vertical-menu-widget.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/lazysizes.js?ver=4.1.5
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tooltip.js?ver=3.3.5
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.popover.js?ver=3.3.5
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.carouFredSel.js?ver=6.2.1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easing.js?ver=1.3
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.flexslider.js?ver=2.2.2
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverflow.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.placeholder.js?ver=2.0.7
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.touchSwipe.js?ver=1.6.6
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-alert.js?ver=1
INLINE: /* <![CDATA[ */ var fusionCarouselVars = {“related_posts_speed”:“2500”,"carouse
108 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-carousel.js?ver=1
INLINE: /* <![CDATA[ */ var fusionFlexSliderVars = {“status_vimeo”:“1”,"slideshow_autop
198 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-flexslider.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-popover.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-tooltip.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-sharing-box.js?ver=1
INLINE: /* <![CDATA[ */ var fusionBlogVars = {“infinite_blog_text”:"Cargando el gru
290 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-blog.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-button.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-general-global.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion.js?ver=2.2.2
INLINE: /* <![CDATA[ */ var avadaHeaderVars = {“header_position”:“top”,“header_sticky”:
535 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-header.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var avadaMenuVars = {“site_layout”:“wide”,“header_position”:"to
467 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-menu.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var fusionScrollToAnchorVars = {“content_break_point”:“1200”,"c
179 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-scroll-to-anchor.js?ver=1
INLINE: /* <![CDATA[ */ var fusionTypographyVars = {“site_width”:“1300px”,"typography_s
174 bytes

-it.cuberspremium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography.js?ver=1
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-skip-link-focus-fix.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/library/bootstrap.scrollspy.js?ver=3.3.2
INLINE: /* <![CDATA[ */ var avadaCommentVars = {“title_style_type”:“single dashed”,"tit
142 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-comments.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-general-footer.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-quantity.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-scrollspy.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-select.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var avadaSidebarsVars = {“header_position”:“top”,"header_layout
296 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-sidebars.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/library/jquery.sticky-kit.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-tabs-widget.js?ver=6.2.2
INLINE: /* */
80 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/library/jquery.toTop.js?ver=1.2
INLINE: /* <![CDATA[ */ var avadaToTopVars = {“status_totop”:“desktop”,“totop_position”
130 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-to-top.js?ver=6.2.2
INLINE: /* */
74 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-drop-down.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-gravity-forms.js?ver=6.2.2
-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/library/jquery.elasticslider.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var avadaElasticSliderVars = {“tfes_autoplay”:“1”,"tfes_animati
165 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-elastic-slider.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var avadaLiveSearchVars = {“live_search”:“1”,“ajaxurl”:"https:
300 bytes

-it.cuberspremium.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=6.2.2
INLINE: /* <![CDATA[ */ var avadaFusionSliderVars = {“side_header_break_point”:“1200”,"
248 bytes

-it.cuberspremium.com/wp-content/plugins/fusion-core/js/min/avada-fusion-slider.js?ver=1
-it.cuberspremium.com/wp-includes/js/wp-embed.min.js?ver=5.3.4
INLINE: jQuery( document ).ready( function() { var ajaxurl = 'https://it.cuber
348 bytes

CSS 37 (external 4, inline 33)
INLINE: @media print {#ghostery-purple-box {display:none !important}}
61 bytes INJECTED

INLINE: img.wp-smiley, img.emoji { display: inline !important; border: none !importan
283 bytes INJECTED

-it.cuberspremium.com/wp-content/themes/Avada/assets/css/style.min.css?ver=6.2.2
INJECTED

-it.cuberspremium.com/wp-content/uploads/fusion-styles/369196f61f986df334de0e029a03016e.min.css?ver=2.2.2
INJECTED

INLINE: @media screen and (max-width: 640px){body:not(.fusion-builder-ui-wireframe) .fus
416 bytes INJECTED

INLINE: .recentcomments a{display:inline !important;padding:0 !important;margin:0 !impor
86 bytes INJECTED

INLINE: body.custom-background { background-color: #004a79; }
55 bytes INJECTED

INLINE: /* Chart.js */ @-webkit-keyframes chartjs-render-animation{from{opacity:0.99}to{
276 bytes INJECTED

INLINE: .fluid-width-video-wrapper{width:100%;position:relative;padding:0;}.fluid-width-
224 bytes INJECTED

INLINE: :root #content > #center > .dose > .dosesingle, :root #content > #right > .dose
120 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-1 {border-radius:0px;}
44 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-2 {border-radius:2px;}.fusion-button.button-2 .fusion-butt
115 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-3 {border-radius:2px;}
44 bytes INJECTED

INLINE: .fusion-button.button-4 .fusion-button-text, .fusion-button.button-4 i {color:#1
1,003 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-5 {border-radius:2px;}
44 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-6 {border-radius:2px;}
44 bytes INJECTED

INLINE: .fusion-button.button-7 .fusion-button-text, .fusion-button.button-7 i {color:#1
1,003 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-8 .fusion-button-text, .fusion-button.button-8 i {color:#f
947 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-9 .fusion-button-text, .fusion-button.button-9 i {color:#f
947 bytes INJECTED

INLINE:
0 bytes INJECTED

INLINE: .fusion-button.button-10 {border-radius:0px;}.fusion-button.button-10 .fusion-bu
117 bytes INJECTED

INLINE: .fusion-gallery-1 .fusion-gallery-image {border:0px solid #e5e5e5;}
67 bytes INJECTED

-it.cuberspremium.com/wp-includes/css/dist/block-library/style.min.css?ver=5.3.4
INJECTED

-it.cuberspremium.com/wp-includes/css/dist/block-library/theme.min.css?ver=5.3.4
INJECTED

Moreover I do not see the website being blocked.

polonus (volunteer 3rd party cold recon website security analyst and website error hunter)

polonus · June 18, 2020, 12:20pm

Also consider this abuse report: https://www.abuseipdb.com/check/208.91.197.132
Abuse as to recently - take this up with your hoster.

polonus

My website has been infected (malware help!)

Announcements