Privacy issues and security issues are often related.How to scan for them?1. Rendering as a normal browser would - extensive report:
https://webcookies.org/cookies/dmstreeremoval.com.au/27913092?6624022. 2 vulnerable and retirable jQuery libraries detected:
https://retire.insecurity.today/#!/scan/875a8bdadc0d2f7b324b9f54c858fd715e6306b13b290027a63c362f60401a123. Data Layer check: 2{data} Show (2)
{
"0": "config",
"1": "UA-109165814-1"
}
&
{
"0": "js",
"1": "2019-07-11T14:12:41.413Z"
}
4. Trackers: Track From To Action
-dmstreeremoval.com.au -dmstreeremoval.com.au
-dmstreeremoval.com.au -dmstreeremoval.com.au
-dmstreeremoval.com.au -dmstreeremoval.com.au
-fonts.googleapis.com -fonts.googleapis.com
- fonts.gstatic.com
5. Always considerate these scan results:
https://www.virustotal.com/gui/url/9fafcfbfa5bdd5456d5c525427d8808cb17b9d8c09697cafd03c5a1bbcb809036. Overall warnings:
https://privacyscore.org/site/141978/cache control, x-frame-options, content-security-policy headers not set or not following best policies.
No form autocomplete settings set. source RECX Security Analyser extension results.
7. 1 out of 10 risk on
https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fdmstreeremoval.com.au%2F8. detections on IP relations:
https://www.virustotal.com/gui/ip-address/162.243.29.224/relations9. Mainly check for cloaking and weird redirects, not here:
http://isithacked.com/check/https%3A%2F%2Fdmstreeremoval.com.au%2F10. DOM-XSS results:
Results from scanning URL: -https://dmstreeremoval.com.au
Number of sources found: 4
Number of sinks found: 249
Results from scanning URL: -https://dmstreeremoval.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 32
Number of sinks found: 13
Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/photoswipe-masonry/photoswipe-masonry.js?ver=4.9.8
Number of sources found: 14
Number of sinks found: 4
Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/photoswipe-masonry/photoswipe-dist/photoswipe-ui-default.min.js?ver=4.9.8
Number of sources found: 12
Number of sinks found: 2
Results from scanning URL: -https://dmstreeremoval.com.au/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
Number of sources found: 44
Number of sinks found: 33
Results from scanning URL: -https://dmstreeremoval.com.au/wp-content/plugins/kiwi-logo-carousel/third-party/jquery.bxslider/jquery.bxslider.js?ver=4.9.8
Number of sources found: 12
Number of sinks found: 12
11. Also a scan for PHP driven Word Press CMS at
https://hackertarget.com/wordpress-security-scan/Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Abuse CC: OK
Dshield Blocklist: OK
Cisco Talos Blacklist: OK
Web Server:
Apache/2.4.6
X-Powered-By:
PHP/7.1.8
IP Address:
-162.243.29.224
Hosting Provider:
DigitalOcean
Shared Hosting:
276 sites found on -162.243.29.224
12. Outdated software on webserver and for Word Press and missing security headers qualified a a High Risk site at:
https://sitecheck.sucuri.net/results/https/dmstreeremoval.com.au13. Total of 13 direct threats detected here:
https://app.upguard.com/webscan#/https://dmstreeremoval.com.auSecurity Checks for -https://dmstreeremoval.com.au
(2) Vulnerabilities can be uncovered more easily
(4) Susceptible to man-in-the-middle attacks
Vulnerabilities
(2) Emails can be fraudulently sent
(3) Unnecessary open ports
DNS is susceptible to man-in-the-middle attacks
14.
https://urlscan.io/result/9cf81b77-d79f-4aa5-9d65-ce5be4f715c8Verdict non-malicious non-suspicious site, outdated software and server software, so High Risk website,
various security issues and missing best policies being implemented. Looks good, less secury.
As security is often a last resort thing in website developing and also maintaining websites.
Enjoy checking your websites, folks,
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)