See: https://www.virustotal.com/nl/url/8387f566dac098639e185efe820a15dc0f33e0bdceb27e707ab311db712ec49e/analysis/1449328132/
See:
19 instances of Detected encoded JavaScript code commonly used to hide malicious behaviour.
For instance: wp-content/uploads/2014/04/lose-weight-011.mp3?_=1
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fyoucansuccess.com%2Fwp-content%2Fuploads%2F2014%2F04%2FLose-Weight-011.mp3
landing here: -https://www.security.nl/js/dfp.js?1375741199 has been blocked by Adguard for me -
as it re-loads ads without having to refresh that page: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.security.nl%2Fjs%2Fdfp.js%3F1375741199
→ https://techpunch.co.uk/development/refresh-google-dfp-ads
WordPress issues: Wordpress version from source: 4.2.5
Wordpress Version 4.1 based on: -http://youcansuccess.com/wp-includes/js/autosave.js
WordPress Version
4.2.5
Version does not appear to be latest 4.3.1 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
wp-super-cache latest release (1.4.6)
http://wordpress.org/plugins/wp-super-cache/
jetpack latest release (3.8.1)
http://jetpack.me
form-maker latest release (1.8.1)
https://web-dorado.com/products/form-maker-wordpress.html
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest
version available and check the developers plugin page for information about security related updates and fixes.
Important security vulnerability warnings: Warning User Enumeration is possible & Directory Indexing Enabled (uploads)
Library to be retired:
-http://youcansuccess.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://youcansuccess.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.2 : -http://youcansuccess.com/wp-includes/js/jquery/jquery.js?ver=1.11.2
1 vulnerable library detected
Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v282.2
polonus