A 404 not found on an insecure connection...

Where: -http://tcmwindow.com/acupuncture/DermatologyAcupuncture-Single-Points-for-eczema.shtml
Page is indexable and links can be followed.

Unencrypted - no meta security headers cookie asp.net secure. wts. 1.6.4. IIS 7.5
Re: https://sitereport.netcraft.com/?url=http://tcmwindow.com

Insecure: 100% of the trackers on this site could be protecting you from NSA snooping. Tell -tcmwindow.com to fix it.

All trackers
At least 2 third parties know you are on this webpage.

-ajax.googleapis.com -Google

Retire.js retirable code found.
jquery 1.6.2 Found in -https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js _____Vulnerability info:
Medium CVE-2011-4969 XSS with location.hash
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

polonus

Information for me from the browser console - errors and failed to load ((temp.)blocked by me)

Uncaught (in promise) TypeError: Cannot redefine property: globalPrivacyControl at Function.defineProperty () at defineProperty (:814:17) at init$4 (:1388:10) at :924:14 at Array.forEach () at Object.initProtections (:922:26) userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:236 Starting AdRemover 8.5 on hxtp://tcmwindow.com/acupuncture/DermatologyAcupuncture-Single-Points-for-eczema.shtml ... userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:760 AdRemover 8.5 has finished it's work! [86 ms] VM42:69 Syntax error @ "Malware Script Detector v 1.1 Enhanced"! (tamper monkey script enhanced by me, pol). ########################## JSHINT output: ##########################

SyntaxError: Unexpected string
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Syntax error @ “Translate_This”!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected token ‘&’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Uncaught SyntaxError: Unexpected string
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
-ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
VM42:69 Syntax error @ “FireHol Fossies”!
##########################
JSHINT output:
##########################

SyntaxError: Invalid or unexpected token
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Syntax error @ “Bro IDS”!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected identifier
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Syntax error @ “Secure.js”!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected token ‘<’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Syntax error @ “DNS Rebinding Protection Script”!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected strict mode reserved word
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Syntax error @ “My Bootstrap_Variant.JS”!
##########################
JSHINT output:
##########################

SyntaxError: Unexpected token ‘<’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (:2:115), :67:477)
at Object.create (eval at exec_fn (:2:115), :69:193)
at c (eval at exec_fn (:2:115), :7:231)
at :4:80
at i (eval at exec_fn (:2:115), :5:165)
at eval (eval at exec_fn (:2:115), :5:292)
eval @ VM42:69
VM42:69 Uncaught SyntaxError: Unexpected token ‘&’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
VM42:69 Uncaught SyntaxError: Invalid or unexpected token
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
DermatologyAcupunctu…-for-eczema.shtml:1 Uncaught SyntaxError: Unexpected end of JSON input
at JSON.parse ()
at XMLHttpRequest.xhr.onreadystatechange (VM65 app.js:21)
-shaaaaaaaaaaaaa.com/api/check/tcmwindow.com:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
VM42:69 Uncaught SyntaxError: Unexpected identifier
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
VM42:69 Uncaught SyntaxError: Unexpected token ‘<’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
VM42:69 Uncaught SyntaxError: Unexpected strict mode reserved word
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
VM42:69 Uncaught SyntaxError: Unexpected token ‘<’
at eval ()
at :4:80
at Object.t [as F_c] (:3:191)
at Object.E_u (:4:244)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :67:477)
at Object.create (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :69:193)
at c (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :7:231)
at :4:80
at i (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:165)
at eval (eval at exec_fn (DermatologyAcupuncture-Single-Points-for-eczema.shtml:2), :5:292)
userscript.html?name=AdRemover.user.js&id=2e3eadc0-39e9-4512-bab0-1e350c99d118:260 Starting AdRemover 8.5 on htxp://tcmwindow.com/acupuncture/DermatologyAcupuncture-Single-Points-for-eczema.shtml 4 seconds after page load …
/favicon.ico:1 Failed to load resource: the server responded with a status of 404 (Not Found)
DermatologyAcupunctu…-for-eczema.shtml:1 Uncaught SyntaxError: Unexpected end of JSON input
at JSON.parse ()
at XMLHttpRequest.xhr.onreadystatechange (VM65 app.js:21)
shaaaaaaaaaaaaa.com/api/check/tcmwindow.com:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
DermatologyAcupunctu…-for-eczema.shtml:1 Uncaught SyntaxError: Unexpected end of JSON input
at JSON.parse ()
at XMLHttpRequest.xhr.onreadystatechange (VM65 app.js:21)
shaaaaaaaaaaaaa.com/api/check/tcmwindow.com:1 Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
DermatologyAcupuncture-Single-Points-for-eczema.shtml:1 Failed to load resource: the server responded with a status of 404 (Not Found)

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Just additionally scan results; F-grade: https://observatory.mozilla.org/analyze/httptcmwindow.com
T-grade: https://www.ssllabs.com/ssltest/analyze?d=tcmwindow.com
and https://observatory.mozilla.org/analyze/tcmwindow.com#third-party
No SNI 2 Server sent fatal alert: internal_error,
Website has invalid certificate chain.

Avarage common pages on that website has the following retire.JS issues:

Retire.js jquery 1.6.2 Found in -https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js _____Vulnerability info: Medium CVE-2011-4969 XSS with location.hash Medium CVE-2012-6708 11290 Selector interpreted as HTML Medium 2432 3rd party CORS request may execute CVE-2015-9251 Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS jquery 1.9.1.min Found in -http://tcmwindow.com/Scripts/jquery-1.9.1.min.js _____Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123 Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution 123 Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

pol