« previous next »
Pages: [1]   Go Down

Author Topic: Outdated WP plug-in software and counter malcode on Russian website!  (Read 1769 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Outdated WP plug-in software and counter malcode on Russian website!
« on: October 21, 2015, 04:13:30 PM »
See: http://urlquery.net/report.php?id=1445435832773
Fortinet alerts twice for counter malware.
66% of the trackers on website are insecurely sent.
Like id-tracking by  -VKontakte, -w.uptolike.com, -0.gravatar.com , -Automattic, -Automattic, -Google & -LiveInternet.
Outdated WordPress plug-in software detected:    featured-posts-grid 1.3   latest release (1.7) Update required
-http://chasepettit.com
SPOF check: Possible Frontend SPOF from:

-vk.com - Whitelist
(76%) - <script type="text/javascript" src="//vk.com/js/api/openapi.js?86">

Badtrackers and counter tracking all blocked by Disconnect for me inside the Google Chrome browser!
website Netcraft risk status: http://toolbar.netcraft.com/site_report?url=http://webrecepty.info

AOS allows the Web Analysis scripts there  ??? Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwebrecepty.info
Going here is insecure by default qua tracking -https://feedburner.google.com/fb/a/myfeeds?gsessionid=ebfUTvmfKM88-P_0ioLWBA 

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Outdated WP plug-in software and counter malcode on Russian website!
« Reply #1 on: October 21, 2015, 05:06:18 PM »
Website has outdated PHP code: PHP Version: 5.3.29 (Outdated)
Quttera detects a potentially suspicious file on that site: /pageear/pageear.js
Severity:   Potentially Suspicious
Reason:   Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['C%FFFFFFC1%FFFFFF83%FFFFFFE0%FFFFFF81%FFFFFF83l%FFFFFFC1%FFFFFFAC%FFFFFFE0%FFFFFF81%FFFFFFACo%FFFFFF']] of length 230 which may point to obfuscation or shellcode.
Threat dump:   http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwebrecepty.info%2Fpageear%2Fpageear.js
Threat dump MD5:   81C8E301F48970801439DD362107F360
File size[byte]:   8436
File type:   ASCII
Page/File MD5:   04532F5049858F56D80C6CD6AA9FDA8F
Scan duration[sec]:   0.090000

Request see: /pageear/pageear_s.swf?pagearSmallImg=-http%3A//webrecepty.info/pageear/pageear_s.jpg&pagearBigImg=http%3A//webrecepty.info/pageear/pageear_b.jpg&pageearColor=ffffff&jumpTo=http%3A//webrecepty.info/kuplju-vashi-recepty/&openLink=new&mirror=true&copyright=Webpicasso%20Media%2C%20www.webpicasso.de&speedSmall=1&openOnLoad=3&closeOnLoad=3&setDirection=rt&softFadeIn=1&playSound=false&playOpenSound=false&playCloseSound=false&closeOnClick=false&closeOnClickText=Close&lcKey=0.5864989017332484&bigWidth=297&thumbWidth=85 HTTP/1.1
Host: webrecepty.info
IP malcode history: https://www.virustotal.com/nl/ip-address/46.30.40.95/information/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »