GoDaddy abuse on website: http://killmalware.com/peridotpictures.com/#
-peridotpictures.com/test/wp-content/themes/berliner5-v1.4/panel/scripts/jquery.fitvids.js?ver=1.1 benign but with undefined variable $
Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to:htxp://top-24h-can-store.com/redirect.php?z=viagra
WordPress scan: WordPress Version
4.4.3
Version does not appear to be latest 4.5.1 - update now.
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 Brent brent
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Vulnerable jQuery: -http://peridotpictures.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://peridotpictures.com/test/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery.prettyPhoto - 3.1.6 : (active1) -http://peridotpictures.com/test/wp-content/themes/wp_berliner5-v1.4/js/jquery.prettyPhoto.js?ver=3.1.6
jquery - 1.11.3 : (active1) -http://peridotpictures.com/test/wp-includes/js/jquery/jquery.js?ver=1.11.3
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to hxtp://top-24h-can-store.com/redirect.php?z=viagra.
File size[byte]: 0
index.html
Severity: Potentially Suspicious
Reason: Detected unconditional redirection to external web resource.
Details:
also link to https://www.mywot.com/scorecard/visit-x.net?utm_source=addon&utm_content=rw-viewsc
(adults only - search engine Pr0n-spam). Also blacklisted site because of exploit-kit malcode…
polonus