« previous next »
Pages: [1]   Go Down

Author Topic: Insecure log-in connection?  (Read 1648 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Insecure log-in connection?
« on: August 06, 2021, 04:33:03 PM »
See: https://urlscan.io/result/88be2008-f387-42b9-a6a8-29fddcfd63be/
See: https://sitecheck.sucuri.net/results/https/professio.server114.login-server.net  (all green)
Quote
Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell login-server.net to fix it.
See also: https://login-server.net.ipaddress.com/

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

-r53XXXXX2p6j7p0jgelkvbqhiq
professio.server114.login-server.net  php.session-id
SRC Quick Source Review
Quote
HTML
-professio.server114.login-server.net/login.php?target=&client_id=professio&auth_stat=
20,170 bytes, 214 nodes

Javascript 28   (external 24, inline 4)
INLINE: /* * This entire block is wrapped in an IIFE to prevent polluting the scope of
496,325 bytes

-professio.server114.login-server.net/libs/bower/bower_components/jquery/dist/​jquery.js
-professio.server114.login-server.net/libs/bower/bower_components/jquery-migrate/​jquery-migrate.min.js
-professio.server114.login-server.net/libs/bower/bower_components/jquery-ui/​jquery-ui.js
-professio.server114.login-server.net/libs/bower/bower_components/bootstrap/dist/js/​bootstrap.min.js
-professio.server114.login-server.net/Services/JavaScript/js/​Basic.js
-professio.server114.login-server.net/src/GlobalScreen/Client/dist/​GS.js
-professio.server114.login-server.net/libs/bower/bower_components/maphilight/​jquery.maphilight.min.js
-professio.server114.login-server.net/src/UI/templates/js/Core/​ui.js
-professio.server114.login-server.net/src/UI/templates/js/Page/​stdpage.js
-professio.server114.login-server.net/src/UI/templates/js/MainControls/​mainbar.js
-professio.server114.login-server.net/src/UI/templates/js/MainControls/​metabar.js
-professio.server114.login-server.net/src/UI/templates/js/MainControls/​footer.js
-professio.server114.login-server.net/src/UI/templates/js/Button/​button.js
-professio.server114.login-server.net/libs/bower/bower_components/moment/min/​moment-with-locales.min.js
-professio.server114.login-server.net/libs/bower/bower_components/eonasdan-bootstrap-datetimepicker/build/js/​bootstrap-datetimepicker.min.js
-professio.server114.login-server.net/src/UI/templates/js/MainControls/​slate.js
-professio.server114.login-server.net/src/UI/templates/js/Counter/​counter.js
-professio.server114.login-server.net/libs/bower/bower_components/yui2/build/yahoo-dom-event/​yahoo-dom-event.js
-professio.server114.login-server.net/libs/bower/bower_components/yui2/build/animation/​animation-min.js
-professio.server114.login-server.net/Services/Form/js/​Form.js
-professio.server114.login-server.net/libs/bower/bower_components/yui2/build/connection/​connection-min.js
-professio.server114.login-server.net/Services/Help/js/​ilHelp.js
-professio.server114.login-server.net/Services/Accordion/js/​accordion.js
-professio.server114.login-server.net/Services/COPage/js/​ilCOPagePres.js
INLINE: il.Util.addOnLoad( function () { if (typeof
2,147 bytes

INLINE: <!-- if (document.formlogin.username && document.formlogin.password) { if(docu
203 bytes

INLINE: il.Util.addOnLoad(function() { try { il.GS.Client.init('{"hashing":true,
9,834 bytes

CSS 10   (external 5, inline 5)
INLINE:
5 bytes INJECTED

-professio.server114.login-server.net/Services/COPage/css/​content.css
INJECTED

-professio.server114.login-server.net/Services/COPage/css/​syntaxhighlight.css
INJECTED

-professio.server114.login-server.net/libs/bower/bower_components/Yamm3/yamm/​yamm.css
INJECTED

-professio.server114.login-server.net/templates/default/​delos.css?vers=6-10-2021-06-25-$Id$
INJECTED

-professio.server114.login-server.net/templates/default/​delos_cont.css?vers=6-10-2021-06-25
INJECTED

INLINE: -a.gootranslink:link {color: #0000FF !important; text-decoration: underline !impo
2,944 bytes INJECTED

INLINE: .BDTLL_icon_ok { background-image: url(data:image/png;base64,iVBORw0KGgoAAAA
31,825 bytes INJECTED

INLINE: .BDTLL_status { cursor: pointer; display: inline; margin-right: 3px;
595 bytes INJECTED

INLINE: -a.gootranslink:link {color: #0000FF !important; text-decoration: underline !impo
2,944 bytes INJECTED
   Connection =
a 200 then JS * redirect to: 302, then 307
-https://professio.server114.login-server.net/  * indexable by every bot!

polonus (volunteer 3rd party cold recon website-security analyst and website error-hunter)
« Last Edit: August 07, 2021, 01:35:07 AM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »