Re: https://urlquery.net/report/3cabf3dd-7be4-418b-87d2-6ded877dbd59
PHISHING detected on -/wp-includes/Text/ble/indexa.php HTTP/1.1

CMS insecurity: Outdated: WordPress Version 4.7
Version does not appear to be latest 4.8.2 - update now.

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

revslider
js_composer
contact-form-7 4.6 latest release (4.9) Update required
https://contactform7.com/
LayerSlider
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Retirable jQuery: http://retire.insecurity.today/#!/scan/7e0c459e338f73dcdd2853675a14e9eea158b5aaeece23693c6b263a0b1d5dbb

Vulnerability errors

found JavaScript
error: undefined function b.attachEvent
error: undefined variable b
info: [element] URL=jugueterapia.com/wp-content/plugins/contact-form-7/includes/js/undefined

suspicious: maxruntime exceeded 10 seconds…
error

(script) jugueterapia.com/wp-content/themes/betheme/js/menu.js?ver=14.1
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable $.fn
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var $.fn = 1;
error: line:1: …^

errors

(script) jugueterapia.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined variable a.ui
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var a.ui = 1;
error: line:1: …^

Warning User Enumeration is possible

The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None dropalia
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

All scripts from see: http://toolbar.netcraft.com/site_report?url=http://ns3029648.ip-149-202-91.eu

F-status and site defaulting over http, while https available: https://observatory.mozilla.org/analyze.html?host=jugueterapia.com

5 problems flagged here: https://mxtoolbox.com/domain/jugueterapia.com/

Re: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fjugueterapia.com

Detected or rather not detected: 2 third party embeds used; not using HSTS to prevent insecure requests; no public key pins set to prevent attackers from using invalid certificates; mixed content found; vulnerable to sweet32 and lucky13 attacks; no CSP header set;
no XFO header set, no XSS Protection header set; no X-Content-Type Options header set; no privacy-friendly Referrer Policy header set.

All reported via cold reconnaissance scanning and analyzing by,

polonus (volunteer website security analyst and website error-hunter)

DNS Fails for nameservers:

Nameservers match (parent): Some nameservers returned by the parent nameserver are not returned by your nameservers. The following differences were found:

sdns2.ovh.net
ns3029648.ip-149-202-91.eu
Fail

Some of your nameservers did not respond. The following did not respond:

sdns2.ovh.net

Your nameservers returned different nameserver records.

Got 0 records at sdns2.ovh.net… Got 2 records at ns3029648.ip-149-202-91.eu. Fail

Some of your nameservers did not respond authoritatively for your domain. The following nameservers did not respond authoritatively:

sdns2.ovh.net Warning
Number of SOA records: Each of your nameservers should return exactly one SOA record. This was not the case. The following problems were found:

sdns2.ovh.net (0 SOA records) Fail

SOA Serial Match: Your nameservers returned different SOA serial numbers. This probably means that they are not synchronised properly. Fail
SOA Master Nameserver Match: Your nameservers returned different SOA master nameservers. Fail
SOA Admin Email Match: Your nameservers returned different SOA admin email addresses. Fail
SOA Refresh Match: Your nameservers returned different SOA refresh values. Fail
SOA Retry Match: Your nameservers returned different SOA retry values. Fail
SOA Expire Match: Your nameservers returned different SOA expire values. Fail
SOA Minimum TTL Match: Your nameservers returned different SOA minimum TTL value. Fail

MX records have A records: Some of your MX servers do not have A records. I found problems with the following:
jugueterapia.com Fail

WWW record: Your domain does not have a WWW record. This means that people will not be able to find your web site at -
-http://www.jugueterapia.com. Skipping further WWW tests. Fail

Quotes from DNSsy online DNS Test for jugueterapia.com/

From MX Toolbox
Category Host Result
dmarc jugueterapia.com DNS Record not found
dns jugueterapia.com At least one name server failed to respond in a timely manner
smtp jugueterapia.com Reverse DNS does not match SMTP Banner
smtp jugueterapia.com Warning - Does not support TLS.
smtp jugueterapia.com 15.323 seconds - Not good! on Transaction Time

polonus