See:
https://urlhaus.abuse.ch/url/257572/ (where it has been reported);
Scan on IP:
https://maltiverse.com/search;query=160.153.133.153;page=1;sort=query_scorewhere ten flags for generic malware are being given for that particular IP.
The vulnerabilities where that IP is being hosted:
https://www.shodan.io/host/160.153.133.153secureserver dot net, not really "living up to" that name.
Code for the website:
https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=aHt9c158fXsubnt0~encSite now says "closed".
Retirable code there: Retire.js
bootstrap 3.0.3 Found in -http://herscare.net/wp-content/plugins/coming-soon/themes/default/bootstrap/js/bootstrap.min.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
jquery 1.12.4 Found in
http://herscare.net/wp-includes/js/jquery/jquery.jsVulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Site is now SpamHaus blacklisted - Outdated Software Detected
WordPress under 5.2.3/5.1.2/5.0.6/4.9.11
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache
X-Powered-By:
PHP/7.2.20
IP Address:
-160.153.133.153
Hosting Provider:
-GoDaddy.com
Shared Hosting:
500 sites found on 160.153.133.153
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
