Thanks to Be Secure for reporting. Indeed the website has quite some insecurity besides being a PHISH..Submission #5221822 is currently ONLINE
Submitted Sep 17th 2017 10:31 AM by verifrom (Current time: Sep 17th 2017 2:15 PM UTC) according to Phish Tank...
This https site falls back to http and therefore is insecure: the secure URL you submitted was redirected to:
htxp://courrier-vocal-orange.weebly.com/
No alerts given here:
https://urlquery.net/report/cfa6fafe-e31a-4095-b5bf-762fb1e4d49cVarious domains on one and the same weebly dot net IP:
https://www.reasoncoresecurity.com/ip-address-199.34.228.54.aspxThreat detected: Win32/RemoteAdmin.Ammyy.B potentially unsafe application Riskware with low impact and low number of reported infections.
Aliases
Dr. Web: Program.RemoteAdmin.701
G Data: Win32.Riskware.RemoteAdmin.A
Kaspersky Lab: not-a-virus:RemoteAdmin.Win32.Ammyy.an
ESET: Win32/RemoteAdmin.Ammyy.B potentially unsafe application
Files The following files are created:
%DISKDRIVE%\Documents and Settings\All Users\Application Data\AMMYY\hr
%DISKDRIVE%\Documents and Settings\All Users\Application Data\AMMYY\hr3
%DISKDRIVE%\Documents and Settings\All Users\Application Data\AMMYY\settings3.bin
The following files are changed:
%temporary internet files%\Content.IE5\index.dat
%USERPROFILE%\Cookies\index.dat
%USERPROFILE%\Local Settings\History\History.IE5\index.dat
Registry The following registry entries are added:
HKEY_CURRENT_USER\Software\Ammyy\Admin ("hr": %hex values%; "hr3": %hex values%)
HKEY_LOCAL_MACHINE\SOFTWARE\Ammyy\Admin ("hr": %hex values%; "hr3": %hex values%)
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
HTTP Requests
rl.*****.com/
https://www.scumware.org/report/199.34.228.54.html ->
http://cyberwarzone.com/malicious-history-of-199-34-228-54/1 error and 9 warnings:
https://mxtoolbox.com/domain/courrier-vocal-orange.weebly.com/F-Grade status:
https://observatory.mozilla.org/analyze.html?host=courrier-vocal-orange.weebly.comInformation Loaded Resources
Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.
http://courrier-vocal-orange.weebly.com/GoogleSafe:
OK Load:
186ms Server: 199.34.228.54
Apache ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://fonts.googleapis.com/css?family=Karla:400,700%7COswald:700%7CRoboto+Mono:400,400i,700,700iGoogleSafe:
OK Load:
33ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://courrier-vocal-orange.weebly.com/files/theme/MutationObserver.jsGoogleSafe:
OK Load:
139ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://cdn2.editmysite.com/css/sites.css?buildTime=1504829463GoogleSafe:
OK Load:
34ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://cdn2.editmysite.com/css/old/fancybox.css?1504829463GoogleSafe:
OK Load:
36ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://cdn2.editmysite.com/css/social-icons.css?buildtime=1504829463GoogleSafe:
OK Load:
38ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://courrier-vocal-orange.weebly.com/files/main_style.css?1505116580GoogleSafe:
OK Load:
263ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://fonts.googleapis.com/css?family=Karla:400,700,400italic,700italic&subset=latin,latin-extGoogleSafe:
OK Load:
44ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://fonts.googleapis.com/css?family=Oswald:400,300,700&subset=latin,latin-extGoogleSafe:
OK Load:
46ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://fonts.googleapis.com/css?family=Actor&subset=latin,latin-extGoogleSafe:
OK Load:
45ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://fonts.googleapis.com/css?family=PT+Sans:400,700,400italic,700italic&subset=latin,latin-extGoogleSafe:
OK Load:
45ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://fonts.googleapis.com/css?family=Yantramanav:400,300,700&subset=latin,latin-extGoogleSafe:
OK Load:
48ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://fonts.googleapis.com/css?family=GFS+Didot&subset=latin,latin-extGoogleSafe:
OK Load:
46ms Server: 172.217.9.202
ESF ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f10.1e100.net
http://cdn2.editmysite.com/fonts/DayPosterBlack/font.css?2GoogleSafe:
OK Load:
37ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.jsGoogleSafe:
OK Load:
36ms Server: 172.217.5.234
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s07-in-f10.1e100.net
http://cdn2.editmysite.com/js/lang/fr/stl.js?buildTime=1504829463&GoogleSafe:
OK Load:
37ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://cdn2.editmysite.com/js/site/main.js?buildTime=1504829463GoogleSafe:
OK Load:
45ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://cdn2.editmysite.com/js/site/footerSignup.js?buildTime=1505434341GoogleSafe:
OK Load:
37ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://courrier-vocal-orange.weebly.com/files/theme/plugins.js?1503954572GoogleSafe:
OK Load:
349ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://courrier-vocal-orange.weebly.com/files/theme/jquery.pxuMenu.js?1503954572GoogleSafe:
OK Load:
133ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://courrier-vocal-orange.weebly.com/files/theme/jquery.trend.js?1503954572GoogleSafe:
OK Load:
132ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://courrier-vocal-orange.weebly.com/files/theme/jquery.revealer.js?1503954572GoogleSafe:
OK Load:
148ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://courrier-vocal-orange.weebly.com/files/theme/custom-1.js?1503954572GoogleSafe:
OK Load:
349ms Server: 199.34.228.54
nginx ASN: 27647 United States
Weebly, Inc. Reverse DNS:
pages-wildcard-2.weebly.com
http://cdn2.editmysite.com/js/wsnbn/snowday261.jsGoogleSafe:
OK Load:
43ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://fonts.gstatic.com/s/robotomono/v4/hMqPNLsu_dywMa4C_DEpY4bN6UDyHWBl620a-IRfuBk.woffGoogleSafe:
OK Load:
60ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/robotomono/v4/N4duVc9C58uwPiY8_59FzzqR_3kx9_hJXbbyU8S6IN0.woffGoogleSafe:
OK Load:
60ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/yantramanav/v2/HSfbC4Z8I8BZ00wiXeA5bIUt79146ZFaIJxILcpzmhI.woffGoogleSafe:
OK Load:
61ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/yantramanav/v2/E1Z7InSGFB89Npehsy0O7NIh4imgI8P11RFo6YPCPC0.woffGoogleSafe:
OK Load:
61ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/yantramanav/v2/HSfbC4Z8I8BZ00wiXeA5bLsuoFAk0leveMLeqYtnfAY.woffGoogleSafe:
OK Load:
63ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/actor/v6/gZ8EM_Gzaq4WRjCimioyzQ.woffGoogleSafe:
OK Load:
63ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/karla/v5/69xcvahA6o9RE5_Tmt9HT_esZW2xOQ-xsNqO47m55DA.woffGoogleSafe:
OK Load:
60ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/karla/v5/3nZS3BKzlvhkwl4yjCQcjPesZW2xOQ-xsNqO47m55DA.woffGoogleSafe:
OK Load:
59ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/karla/v5/_ddpdtd1ofP9Ocd2RnhWXA.woffGoogleSafe:
OK Load:
62ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/karla/v5/azR40LUJrT4HaWK28zHmVA.woffGoogleSafe:
OK Load:
62ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://cdn2.editmysite.com/fonts/Proxima-Semibold/267447_5_0.woff?123596GoogleSafe:
OK Load:
53ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://cdn2.editmysite.com/fonts/Proxima-Light/267447_4_0.woff?123596GoogleSafe:
OK Load:
55ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
http://fonts.gstatic.com/s/robotomono/v4/mE0EPT_93c7f86_WQexR3NkZXW4sYc4BjuAIFc1SXII.woffGoogleSafe:
OK Load:
62ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://fonts.gstatic.com/s/robotomono/v4/1OsMuiiO6FCF2x67vzDKAwRV2F9RPTaqyJ4QibDfkzM.woffGoogleSafe:
OK Load:
61ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
http://www.google-analytics.com/ga.jsGoogleSafe:
OK Load:
50ms Server: 172.217.9.206
Golfe2 ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f14.1e100.net
http://cdn2.editmysite.com/js/wsnbn/snowday262.jsGoogleSafe:
OK Load:
47ms Server: 151.101.33.46
nginx ASN: 54113 United States
Fastly Reverse DNS:
https://secure.quantserve.com/quant.jsGoogleSafe:
OK Load:
106ms Server: 66.150.118.24
QS ASN: 27281 United States
Quantcast Corporation Reverse DNS:
pixel.quantserve.com
https://www.google.com/recaptcha/api.js?_=1505656590254GoogleSafe:
OK Load:
127ms Server: 172.217.10.68
GSE ASN: 15169 United States
Google Inc. Reverse DNS:
lga34s14-in-f4.1e100.net
http://rules.quantcount.com/rules-p-0dYLvhSGGqUWo.jsGoogleSafe:
OK Load:
209ms Server: 13.32.176.68
AmazonS3 ASN: 16509 United States
Amazon.com, Inc. Reverse DNS:
server-13-32-176-68.zrh50.r.cloudfront.net
https://www.gstatic.com/recaptcha/api2/r20170915175810/recaptcha__en.jsGoogleSafe:
OK Load:
22ms Server: 172.217.9.195
sffe ASN: 15169 United States
Google Inc. Reverse DNS:
iad30s14-in-f3.1e100.net
Content is not visible via cross-origin resource sharing (CORS) files or headers, but Subresource Integrity (SRI) is not implemented, and external scripts are loaded over http...
OpenSSL Padding Oracle: Possibly vulnerable
F-Grade security status:
https://securityheaders.io/?followRedirects=on&hide=on&q=courrier-vocal-orange.weebly.com2 vuln. jQuery libraries detected:
http://retire.insecurity.today/#!/scan/53c27cfa95f390560f4b125c676aaf43fea69008569ca7907302cf416b64d7d947% score for use of modern technology and/or best policies maintained:
https://en.internet.nl/domain/courrier-vocal-orange.weebly.com/95524/polonus (volunteer website security analyst and website error-hunter)
