Website was hacked via bootstrap - now still with vulnerability...

See: http://killmalware.com/platformpro.ru/# & http://toolbar.netcraft.com/site_report?url=http://platformpro.ru
Re: -http://platformpro.ru/
Detected libraries:
jquery - 1.11.1 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

pol

Another blacklisted website with a bootstrap,js issue, related with appeum dot net → https://retire.insecurity.today/#!/scan/decdd5ecc63f46f8bf2388f66bbef4420a36bd9c0d2bee1e2db7b434821dbd95
https://urlquery.net/report/19656166-9456-463a-9624-da090475cdc5
blacklisted for js/bootstrap.min.js
See: https://github.com/twbs/bootstrap/issues/20184
→ Results from scanning URL: -http://appeum.com/js/bootstrap.min.js
Number of sources found: 43 ; number of sinks found: 19
The data-target attribute is vulnerable to Cross-Site Scripting attacks.
Existing vulnerabilities in bootstrap according to SNYK: https://snyk.io/vuln/npm:bootstrap
Compare http://jsbin.com/qalekeroke/edit?html,output
see tokenization proposed here: https://bugs.jquery.com/ticket/11290
8 security recommendations: https://webhint.io/scanner/b4146fdc-f6a7-4adb-8e85-a36020220412#Security

polonus (volunteer website security analyst and website error-hunter)

Another instance where bootstrap seems involved. Flagged because of suspicious *.tk domain:
https://urlquery.net/report/45a7829c-fc2a-400a-8a55-6455027a552f

Detections based on IP: https://checkphish.ai/ip/195.20.46.36 (128 instances in last 30 days).

Where found listed: https://cymon.io/195.20.46.244

And on the redirection code on page: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3tiXmh1fG4udGs%3D~enc
Checked: -hxtp://domain.dot.tk/p/?d=WEBCHUAN.TK&i=198.71.230.24&c=1&ro=0&ref=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26source%3Dweb%26cd%3D3%26cad%3Drja%26uact%3D8%26ved%3DNychHGgvN%26url%3Dhttp%253A%252F%252Fwebchuan.tk%26ei%3DdTTUJXxApikvQ1PN3b8%26usg%3D167hRXVc4AeNyFCod33&_=1548020116641

Results from scanning URL: -hxtp://domain.dot.tk/js/searchr.js
Number of sources found: 42 ; number of sinks found: 2

Given as not vulnerable: https://retire.insecurity.today/#!/scan/98c32d5dbab9d187a9a6d031835ac1f370fc42c83ca397597bf1c99ec50bb9b2

Notwithstanding these 4 vulnerabilities → : https://snyk.io/test/npm/bootstrap/3.3.7 (outdated version to be updated to 3.4.0)
While this is inside the code

polonus (volunteer website security analyst and website error-hunter)

More bootstrap misery, here detected on this Joomla website, because of a Joomla malware installation alert, site is being blacklisted:
https://sitecheck.sucuri.net/results/turkeytoday.org

See also: https://urlquery.net/report/99b46003-13a0-4792-be4d-dcc005062d6e

Loaded: Loaded Resources
Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.

-http://turkeytoday.org/installation/index.php
OK
Load:
574ms Server: 188.68.51.155
nginx ASN: 197540 Germany
netcup GmbH Reverse DNS:
-intracenter.de

-hxtp://turkeytoday.org/A.media,_jui,_css,_chosen.css,qea92daf5b32f43ae64261db2de9541a4+media,_jui,_css,_bootstrap.min.css,qea92daf5b32f43ae64261db2de9541a4+media,_jui,_css,_bootstrap-responsive.min.css,qea92daf5b32f43ae64261db2de9541a4+media,_jui,_css,_bootstrap-extended.css,qea92daf5b32f43ae64261db2de9541a4+installation,_template,_css,_template.css,qea92daf5b32f43ae64261db2de9541a4,Mcc.Iwu_HzWkyq.css.pagespeed.cf.AWbXxOxDys.css
OK
Load:
187ms Server: 188.68.51.155
nginx ASN: 197540 Germany
netcup GmbH Reverse DNS:
-intracenter.de
-http://turkeytoday.org/media/jui/js/jquery.min.js,qea92daf5b32f43ae64261db2de9541a4.pagespeed.jm.29OAZzvhfX.js
OK
Load:
275ms Server: 188.68.51.155
nginx ASN: 197540 Germany
netcup GmbH Reverse DNS:
-intracenter.de
-http://turkeytoday.org/media/jui,_js,_jquery-noconflict.js,qea92daf5b32f43ae64261db2de9541a4+jui,_js,_jquery-migrate.min.js,qea92daf5b32f43ae64261db2de9541a4+system,_js,_html5fallback.js,qea92daf5b32f43ae64261db2de9541a4+jui,_js,_bootstrap.min.js,qea92daf5b32f43ae64261db2de9541a4+jui,_js,_chosen.jquery.min.js,qea92daf5b32f43ae64261db2de9541a4+system,_js,_core.js,qea92daf5b32f43ae64261db2de9541a4.pagespeed.jc.1znDzhNYqW.js
OK
Load:
290ms Server: 188.68.51.155
nginx ASN: 197540 Germany
netcup GmbH Reverse DNS:
-intracenter.de
-hxtp://turkeytoday.org/media,_system,_js,_keepalive.js,qea92daf5b32f43ae64261db2de9541a4+media,_system,_js,_punycode.js,qea92daf5b32f43ae64261db2de9541a4+media,_system,_js,_validate.js,qea92daf5b32f43ae64261db2de9541a4+installation,_template,_js,_installation.js,qea92daf5b32f43ae64261db2de9541a4.pagespeed.jc.A7z2gdhyGB.js
OK
Load:
197ms Server: 188.68.51.155
nginx ASN: 197540 Germany
netcup GmbH Reverse DNS:
-intracenter.de No Google Safebrowsing alert.

1 retirable jQuery library: https://retire.insecurity.today/#!/scan/b2730c739adb8993201689359cdf96726cabc4186695df06b2bfc6221a3494d7

Results from scanning URL: -http://turkeytoday.org/media/jui/js/bootstrap.min.js?641709a47bd83234771fa78cf61a0250
gives a

jQuery.noConflict();

but sources and sinks here for the same URL: hxtp://turkeytoday.org/media/jui/js/bootstrap.min.js?641709a47bd83234771fa78cf61a0250
Number of sources found: 5 ; number of sinks found: 10 and also various in core.js and installation.js
in the Joomla installation package - malware entry warning: https://labs.sucuri.net/db/malware/warning?joomla_install_page.1

polonus (volunteer website security analyst and website error-hunter)

Checking for retirable jQuery code libraries is ongoing.
One has also to look out not to miss anything.

Another retirable detected on that same website (found via DrWeb’s URL-scanner - credits where credits due :)): https://retire.insecurity.today/#!/scan/7187586fc2d44df7e5693019bd9efadbcd8530630d21e8eec7986cfba644e704
Re: -http://turkeytoday.org/media/jui/js/jquery.min.js/JSTag_1[c8fd][b28e]
Number of sources found: 41 ; Number of sinks found: 17

polonus