11 malicious files in wp-content and wp-includes: http://quttera.com/detailed_report/www.ecoplastcorp.com
Severity: Malicious
Reason: Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Detected malicious JavaScript code
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.ecoplastcorp.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://www.ecoplastcorp.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected
Known javascript malware in this code. Details: http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v305
Script blockers will block this external link: -http://www.statcounter.com/ - sources and sinks:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.statcounter.com%2Fcounter%2Fcounter.js
external link risk status: http://toolbar.netcraft.com/site_report?url=http://pon.belayadama.info
Warning Directory Indexing Enabled :o
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
polonus
