Avast WEBforum
Other => Viruses and worms => Topic started by: polonus on March 28, 2017, 07:27:24 PM
-
See: http://urlquery.net/report.php?id=1490719524868
WordPress Version
4.5.7
Version does not appear to be latest 4.7.3 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
simple-share-buttons-adder 6.1.5 latest release (6.3.4) Update required
https://simplesharebuttons.com
bsk-pdf-manager 1.5.2 latest release (1.7.1) Update required
bbpress 2.5.9 latest release (2.5.12) Update required
https://bbpress.org
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
Two vulnerable jQuery libraries to be retired: http://retire.insecurity.today/#!/scan/59cf89ece9a9c4aea55ce3c15afbf67376660a1cbee8bc2f03e5b09c662d3bfa
1 issue with Stylesheet: https://sritest.io/#report/5e1864bc-762d-4132-b97f-95abdf5fd092
F-Status: https://observatory.mozilla.org/analyze.html?host=www.huddleproductions.com
GoDaddy abuse: https://urlscan.io/result/cdda285d-2507-4f73-a289-517f51f87c74#summary
Malware on same IP: https://www.scumware.org/report/stormwatcher.us.html
Vuln.: Results from scanning URL: -http://www.huddleproductions.com/wp-content/themes/enfold/js/avia.js?ver=1
Number of sources found: 26
Number of sinks found: 16
Re: -> https://urlscan.io/result/cdda285d-2507-4f73-a289-517f51f87c74/dom/
errors in script found JavaScript
error: line:4: SyntaxError: invalid assignment left-hand side:
error: line:4: window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/72x72\/","ext":".png","source":{"concatemoji":"http:\/\/wXw.huddleproductions.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=4.5.7"}};
error: line:4: ............................^
polonus (volunteer website security analyst and website error-hunter)
-
Another one presented here with 44 instances of malcode: http://urlquery.net/report.php?id=1490787142698
Quttera's flags this as potentially suspicious script: /wp-content/themes/hq/js/main.js?ver=4.1.16
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [['.moveFromLeft, .moveFromRight, .moveFromTop, .moveFromBottom, .fadeIn, .fadeFromLeft, .fadeFromRight']] of length 131 which may point to obfuscation or shellcode.
(script) platform.twitter.com/widgets.js
status: (referer=-http:/www.ask.com/web?q=puppies)saved 115585 bytes d0b4f241d1c4285709d032b3ee3ea65de5883ace
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
file: d0b4f241d1c4285709d032b3ee3ea65de5883ace: 115585 bytes
file: 2c07d11cd0c3af6b6b6a6c0966763b1d55bddb58: 115801 bytes
file: 0678b7d40071ba155fcc76185527985890fecea2: 115807 bytes
file: f10cd9aa9acadb31e5f14e0d8a2e25f818105009: 116016 bytes
file: 08f98498bbe46e337ecf40f24e7ff3aa31651da6: 116208 bytes
file: 88322cf42e4f3fcd3ace00dfd6770d0a4b213e45: 115922 bytes
file: 50f6341066895f249d4ede982dba5114d79a7b57: 116046 bytes
Threat dump MD5: 2200EA0B37F930CC4BB32B8AB23ABCD1
File size[byte]: 197271
File type: ASCII
Page/File MD5: EED27F57F2B663657929E57568E3177F
Scan duration[sec]: 22.701000 -> http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftethysresorts.com
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress under 4.7.3 Word-Press self-hosted -> http://toolbar.netcraft.com/site_report?url=+tethysresorts.com
3 jQuery libararies to be retired: http://retire.insecurity.today/#!/scan/c60dca7896fd64e178eee977174e7ae13a2e69456580e39ba3242b84210b8fcd
C-status 5 issues: https://sritest.io/#report/59114b92-9f4f-40a1-964d-4120aad7b953
F-status: https://observatory.mozilla.org/analyze.html?host=tethysresorts.com
polonus (volunteer website security analyst and website error-hunter)