What is the site and service (do not go there):
htxps://scatteredsecrets.com/
Insecure bootstrap.js - Bootstrap, script - 3.3.7
4.3
GHSA-3MGP-FX93-9XV5
Low severity vulnerability that affects bootstrap
4.3
GHSA-PJ7M-G53M-7638
Moderate severity vulnerability that affects bootstrap
4.3
GHSA-FXWM-579Q-49QQ
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
4.3
GHSA-4P24-VMCR-4GQJ
Low severity vulnerability that affects bootstrap
4.3
GHSA-PH58-4VRJ-W6HR
Low severity vulnerability that affects bootstrap
4.3
GHSA-WH77-3X4M-4Q9G
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
4.3
About hosting:
https://www.shodan.io/host/104.27.170.137Tracking and privacy related implications:
https://webcookies.org/cookies/scatteredsecrets.com/30473261?456253Twitter connection - inline code
/* a.onclick = */
if (!window.__cfRLUnblockHandlers) return false;
window.open('htxps://twitter.com/intent/tweet?text=Find%20Your%20Hacked%20Passwords%20at%20ScatteredSecrets.com!', 'twitter', 'resizable,height=260,width=370');
return false;
facebook link:
/* a.onclick = */
if (!window.__cfRLUnblockHandlers) return false;
window.open('htxps://www.facebook.com/sharer/sharer.php?u=scatteredsecrets.com', 'facebook', 'resizable,height=260,width=370');
return false;
Content Security Policy bypasses: -errorcdnjs.cloudflare.com
cdnjs.cloudflare.com is known to host Angular libraries which allow to bypass this CSP.
-erroross.maxcdn.com
-oss.maxcdn.com is known to host Angular libraries which allow to bypass this CSP.
I for one would not go there nor register,
polonus
