Less vulnerabilities and configuration errors, still with recommendations for improvement:
IDS alert for dot ga domain:
https://urlquery.net/report/488df649-90ab-43de-b1d3-ffce36b0f675Re:
https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I318cF0uZ3w%3D~encReputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
nginx
X-Powered-By:
PHP/7.2.13, PleskLin
IP Address:
-160.16.137.239
Hosting Provider:
SAKURA Internet Inc.
Shared Hosting:
1 sites found on -160.16.137.239
Externally Linked Host Hosting Provider Country
-dorapo.ga Verza Facility Management BV Netherlands
-ja.wordpress.org SingleHop United States
-dorapo.ml Verza Facility Management BV Netherlands
-dorapo.gq Verza Facility Management BV Netherlands
-dorapo.cf Verza Facility Management BV Netherlands
-drapo.gq SAKURA Internet Inc. Japan
-dorapo.tk Verza Facility Management BV Netherlands
-drapo.cf SAKURA Internet Inc. Japan
-drapo.ml SAKURA Internet Inc. Japan
DOM-XSS : htxps://drapo.ga/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 41
Number of sinks found: 17
204 recommendations for improvement:
https://webhint.io/scanner/98d9ff66-7744-491f-83c5-0b40252d007dSecurity Checks for https://drapo.ga
(6) Susceptible to man-in-the-middle attacks
Insecure SSL/TLS versions available
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Secure cookies not used
Vulnerabilities can be uncovered more easily
X-Powered-By header exposed
Vulnerable to cross-site attacks
HttpOnly cookies not used
(2) Unnecessary open ports
Mail ports open
File sharing ports open
DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled
1 vuln. jQuery library detected:
https://retire.insecurity.today/#!/scan/13e341dde7a7dd0ea570bdf1347626a51e752d678ad02ff8774a1a69bc8c2ed3from this a vuln. in Results from scanning URL: hxtp://p-tweets.com/ClaudFirman76
Number of sources found: 16
Number of sinks found: 36
polonus (volunteer 3rd party cold reconnaissance website security analyst and website-error-hunter)