See: https://www.virustotal.com/en/url/1d55a67e1da3089b769d318e181c1824f1d52f329e9b91caf63a09ace475392f/analysis/1454770664/
31 malicious files: http://quttera.com/detailed_report/www.courtyardmansions.com
Web application version:
WordPress version: WordPress 3.6.1
All in One SEO Pack version: 2.0.3.1
WordPress theme: -http://www.courtyardmansions.com/wp-content/themes/twentyeleven/
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2
WordPress Version
3.6.1
Version does not appear to be latest 4.4.2 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
nextgen-nivoslider latest release (3.2.7)
polylang latest release (1.8.1)
http://polylang.wordpress.com/
nextgen-gallery latest release (2.1.23)
http://www.nextgen-gallery.com
tablepress latest release (1.7)
https://tablepress.org/
nextgen-galleryview2 latest release (1.3.5)
http://www.nextgen-galleryview.com
contact-form-7 latest release (4.3.1)
http://contactform7.com/
all-in-one-seo-pack latest release (2.2.7.6.2)
http://semperfiwebdesign.com
Warning User Enumeration is possible User login - ericadmincourty ericadmincourty
-http://www.courtyardmansions.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.courtyardmansions.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.10.2 : (active1) -http://www.courtyardmansions.com/wp-includes/js/jquery/jquery.js?ver=1.10.2
(active) - the library was also found to be active by running code
1 vulnerable library detected
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.courtyardmansions.com%2Fwp-content%2Fplugins%2Fnextgen-galleryview2%2Fgalleryview%2Fjs%2Fjquery.galleryview.js
landing at: htxp://www.freeinstagramfollowershq.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
For part of that malcode see image attached.
General IP badness history: https://www.virustotal.com/en/ip-address/69.195.124.180/information/
Threat events: https://cymon.io/69.195.124.166
polonus (volunteer website security analyst and website error-hunter)