SE redirect on website and with insecurities? Malware detected.

Viruses and worms
1

See: http://toolbar.netcraft.com/site_report?url=https://flavors.me
Let us check on the certicate: Certificate is installed correctly
flavors.me
Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
RSA remove cross certificates
The certificate chain contains a cross root (primary intermediate) certificate that should be removed. Use Symantec CryptoReport to remove cross root certificates.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.
Certificate information
This server uses an Extended Validation (EV) certificate. Information about the site owner has been fully validated by GeoTrust Inc. to help secure personal and financial information.
Common name:
secure.moo.com
SAN:
moo.com, uk.moo.com, flavors.me, www.moo.com, secure.moo.com
Valid from:
2014-Nov-24 00:00:00 GMT
Valid to:
2016-Nov-23 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Moo Print Ltd
Organizational unit:
Technical Operations
City/locality:
London
State/province:
London
Country:
GB
Certificate Transparency:
Not embedded in certificate
Serial number:
0c5b605d824a28f7c5973a02978e61db
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
GeoTrust Primary Certification AuthorityIntermediate certificate
GeoTrust EV SSL CA - G4Intermediate certificate
secure.moo.comTested certificate
Server configuration
Host name:
85.133.69.198
Server type:
nginx/1.2.1
IP address:
85.133.69.198
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Enabled
OCSP stapling:
Not Enabled

See: http://toolbar.netcraft.com/site_report?url=laadsmagazine.com → redirecting: https://validator.w3.org/nu/?doc=http%3A%2F%2Fflavors.me%2F (not following standards).See: https://validator.w3.org/nu/?doc=http%3A%2F%2Flaadsmagazine.com

Scan failed: Scanner output:
Scanning http://laadsmagazine.com
{“date”:“2016-08-01T12:37:36.856Z”,“timeout”:“http://laadsmagazine.com/”}
{“date”:“2016-08-01T12:37:36.856Z”,“timeout”:“http://laadsmagazine.com/”}
Status: fail
Load time: 61623ms
Load time: 61623ms

What gets acquired eventually must be retired: Detected libraries:
jquery - 1.10.2 : (active1) -https://flavors.me/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.10.2 : (active1) -https://flavors.me/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

Scanner output:
Scanning -https://flavors.me/
Script loaded: -https://flavors.me/static-54e7f4aea50b5b497c9e957a163e90e722c1a64a/build/scripts/external_combined.js
Script loaded: -https://flavors.me/static-54e7f4aea50b5b497c9e957a163e90e722c1a64a/build/scripts/homepage_combined.js
Script loaded: -https://static.getclicky.com/js
Script loaded: -https://ssl.google-analytics.com/ga.js
Script loaded: -https://ssl.google-analytics.com/ga.js
Status: success
Script loaded: -https://in.getclicky.com/in.php?site_id=100694298&res=1024x768&lang=C&secure=1&type=pageview&href=%2F&title=Flavors.me%20%3A%20Create%20and%20share%20your%20digital%20world&jsuid=1290818007&mime=js&x=0.3511985812801868
Detected library: jquery - 1.10.2
Detected library: jquery - 1.10.2
Load time: 1855ms

The location line in the header above has redirected the request to: -http://flavors.me/ not https etc.
Re: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Flaadsmagazine.com&ref_sel=GSP2&ua_sel=ff&fs=1
For requested no content returned.

Probably hacked:
Web Server Details
Scan for: http://flavors.me/
Hostname: flavors.me
IP address: 184.73.237.244

System Details:
Running on: nginx/1.0.15
Cached from: denver
Via proxy: 1.1
Outdated Web Server Nginx Found: nginx/1.0.15

Domain blacklisted by Sucuri Malware Labs: -flavors.me
Malware details: http://labs.sucuri.net/?details=flavors.me
Malware history from IP: https://www.virustotal.com/en-gb/ip-address/184.73.237.244/information/

polonus (volunteer website security analyst and website error-hunter)

2

See how a guestbook was abused for pharma-spam messages via phishing:
-http://www.pondertone.nl/guestbook/view.php?beginningEntry=1635&endingEntry=1639
This site was being abused: -http://www.tadalafilrss.com/ → -http://www.tadalafilcitratemd.com/ Spamsite listed at WOT.
A rogue pharmacy website listed at ws.surbl.org: https://www.mywot.com/en/scorecard/tadalafilcitratemd.com?utm_source=addon&utm_content=rw-viewsc
uMatrix also prevented this uri found there inside the code from loading: uMatrix heeft voorkomen dat de volgende pagina werd geladen:
-http://c26.statcounter.com/counter.php?sc_project=2573048&java=0&security=2a892cf6&invisible=0

Consider also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.pondertone.nl%2Fguestbook%2Fview.php%3FbeginningEntry%3D1655%26endingEntry%3D1659
And then why this comes blocked by a script blocker: -http://www.statcounter.com/counter/counter_test.js?cb=0987231478

Header.php was hackecd with a redirect javascript code- Word Press CMS has issues:
WordPress Version
3.9.13
Version does not appear to be latest 4.5.3 - update now.

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 admin admin
2 Patrick patrick
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

How to remove a spam hack from a Word Press website: https://aw-snap.info/articles/spam-hack-wordpress.php
Info credits go to Redleg.

What is acquired should also be retired: http://retire.insecurity.today/#!/scan/7f832885e415d556d81ea8a534ceb717d611c52aa4af9078c380b33dd6818069
6 vulnerable jQuery libraries vulnerable.

One issue for SRI hashes not being generated here: Missing SRI hash
Vulnerability: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fconnect.facebook.net%2Fen_US%2Fall.js%23xfbml%3D1
with an undefined iFrame and

  found JavaScript
     error: undefined variable Image
     error: line:4: TypeError: Image is not a constructor

Image object is overriding the default Image constructor, now when some internal code is trying to create an image object using new Image() it is throwing the error. info credits: Arun P Johny - Use FILES in stead of FILE in the code.

polonus (volunteer website security analyst and website error hunter)