A phish and 12 security recommendations for website...

[polonus]

Re: https://urlquery.net/report/2beee2e0-b07d-4a76-bfc3-e327abb9e78e
Various redirects found: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=e3Bdbl11c2hdcHBbbmcuXl1t~enc
Sign in Office 365 insecure log-in...
2 security recommendations - strict-transport-security: 2 hints
F-grade scan results here: https://observatory.mozilla.org/analyze/eponoushopping.com
also see: https://observatory.mozilla.org/analyze/eponoushopping.com#ssh (fails).
Site doesn't issue an HSTS header
Site is Blacklisted
by McAfee and Norton Safe Web
IP 72 times reported: https://checkphish.ai/ip/192.249.125.42
Re: https://report.any.run/44c359341f1956e45ed284befb27115db2c4ef78a123234fcbbd18948d109696/0bc676ad-8d64-466f-b9fd-ad3327963fe6#generalInfo
The VT scan results: https://www.virustotal.com/#/url/f6038feb128400f5e9e9967b10efec63b5b8802bf4eb88a25b469595355b1d87/detection

polonus (volunteer website security analyst and website error-hunter)

[polonus]

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XnxwW3R8LV5dbl57cHRzLiN7~enc
See PHISHING detected: https://urlquery.net/report/de4b7067-b883-4be5-92bf-5fb3260c500a
1 vuln. jQuery script detected: https://retire.insecurity.today/#!/scan/8be9952a6134342d245878bc22a811917761ccb92c9c06e03cd437d98fc9cf9e

Recommendations also on security: https://webhint.io/scanner/61428de7-3162-4910-9764-144730108ed2
disown-opener; no-disallowed-headers; no-protocol-relative-urls; sri hints; strict-transport-security; validate-set-cookie-header;
x-content-type-options; no-vulnerable-javascript-libraries: 2 hints (one more than retire.insecurity is reporting).

F-grade security found here and recommendations: https://observatory.mozilla.org/analyze/capita-concepts.de
Cookie-scan: https://webcookies.org/scan/20059575
Suspicious link found: -https://analyse.schillerehms.de/piwik.php?action_name=capita+concepts+consulting+-+capita+concepts+consulting%2C+Coaching%2C+Continuous+Training+-+Solutions+from+one+source&idsite=3&rec=1&r=042106&h=14&m=43&s=26&url=https%3A%2F%2Fcapita-concepts.de%2F&_id=c8bdf6d825bb3268&_idts=1540910607&_idvc=1&_idn=0&_refts=0&_viewts=1540910607&send_image=1&cookie=1&res=1024x768&gt_ms=325&pv_id=AiglLy  I did not get a valid URL - check for illegal characters etc.
Blocked as an unsafe website this above link...

No detection given here: https://www.virustotal.com/#/url/c9d70e7eee5549e7f8541e5e9cf64652939f35bb4ad1c2290a0d5d10e37b37de/detection
nor here: https://www.virustotal.com/#/domain/capita-concepts.de

This PHISHING is indeed performed by the link domain scanned here: https://www.virustotal.com/#/url/16bd3a3f0271be88d73e8599ba736a0e04cb11fd4387cf157fee1f5f4034f1e1/detection

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

[polonus]

First a webscan with weaknesses and misconfigurations of the found phishing link with a final F-grade:
https://www.htbridge.com/websec/?id=bfAMqMOe

SSL scan report of the phishing link in question: -https://analyse.schillerehms.de etc.

1. https://ssltools.digicert.com/checker/views/checkInstallation.jsp
&
2. https://www.htbridge.com/ssl/?id=k0QM3Cos

Conclusion: TLSv1.0 Non-compliant with PCI DSS requirements, Non-compliant with HIPAA guidance,
NO SUPPORT OF TLSv1.3
The server does not support TLSv1.3 which is the only version of TLS that currently has no known flaws or exploitable weaknesses.Misconfiguration or weakness

SERVER DOES NOT PROVIDE HSTS
The server does not enforce HTTP Strict Transport Security. We advise to enable it to enforce the user to browse the website in HTTPS.Misconfiguration or weakness

pol