ET CNC Feodo Tracker Reported CnC Server group 18 alert & security issues...

[polonus]

Re: https://urlquery.net/report/4040f81a-ffb6-4762-a666-578f8ecf66db
Rep Warning from Shadowserver -

Warning on WordPress security scan for that particular CMS alerted:
Warning  User Enumeration is possible

The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   scsadmin   scsadmin
2   Johnboy Baker   jpbaker-dev
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Code: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll58fSNbbnxsc3V9dnt5W25nLl5dbQ%3D%3D~enc

96 security errors detected here: https://webhint.io/scanner/a4526d89-6696-4217-a446-5cd6df5f842b
1 vuln. jQuery library flagged here: https://retire.insecurity.today/#!/scan/a555732066805aa85668fc2355efcf589718a20c420f9d42e26f1331c5be2aeb
equals that described here -> https://snyk.io/vuln/npm:jquery -> https://snyk.io/vuln/npm:jquery:20150627  (Cross Site Scripting)
jQuery@1.12.4' has 1 known vulnerability (1 medium). Check on that vuln. from the unminified code -> discussed here: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc  (info credits go to dmethvin).

error in code

[script] -www.cardinalsurveying.com/wp-includes/js/wp-embed.min.js?ver=4.9.8
     info: [decodingLevel=0] found JavaScript
     error: undefined function b.attachEvent
     error: undefined variable b
     info: [element] URL=-www.cardinalsurveying.com/undefined
     info: [1] no JavaScript
     file: a94410e63195718f8d8b21b268155494be5147e1: 43175 bytes
     file: 9bbba02326099b6cf3cb93bde03e7055c34e8325: 75 bytes
&
[script] -www.cardinalsurveying.com/wp-includes/js/wp-embed.min.js?ver=4.9.8
     info: [decodingLevel=0] found JavaScript
     error: undefined function b.attachEvent
     error: undefined variable b
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
&
-www.cardinalsurveying.com/wp-content/themes/Divi/js/custom.js?ver=3.14 benign
- (script) -www.cardinalsurveying.com/wp-content/themes/Divi/js/custom.js?ver=3.14
     status: (referer=-www.cardinalsurveying.com/)saved 57995 bytes 4357d4bd5e6dd7fe2d0551c9a5b182ef025df1dd
     info: [decodingLevel=0] found JavaScript
     error: undefined variable jQuery
     error: undefined function $
     file: 4357d4bd5e6dd7fe2d0551c9a5b182ef025df1dd: 57995 bytes

Reports on shared IP: https://feodotracker.abuse.ch/host/66.228.55.240/   &    https://www.virustotal.com/pl/url/28bac3eee4b4d8a01d1edec97fe1b84c7aa9fe10e6feb60b2f5789a84c85bef4/analysis/1526480308/
and latest: https://www.virustotal.com/pl/url/28bac3eee4b4d8a01d1edec97fe1b84c7aa9fe10e6feb60b2f5789a84c85bef4/analysis/
& https://map.httpcs.com/alert/429210  & 

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[polonus]

Latest generic malware launched from above mentioned IP - https://feodotracker.abuse.ch/host/66.228.55.240/
listed here: Win32:Malware-gen as avast detects. 

pol