https://quttera.com/detailed_report/noscript.net
Quite lot of detected files have description:
Severity: Potentially Suspicious Reason: Detected hidden potentially suspicious instructions Details: Detected hidden CSS declaration
Like AV, quttera probably use some kind of detection algorithm that trigger a suspicious warning from that code
anyway somone at quttera is probably best to answer
For me the site resolves to the https version and there I see no alerts given, again results when the site falls back to http:// in the scan.
SRI scan: A-Status. SSL scan: A-Status. The suspicious code (fixed placeholder links) that Quttera comes up with are also blocked as XSS attack by Netcraft’s. See sinks and sources here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fnoscript.net
and analysis here: https://aw-snap.info/file-viewer/?tgt=https%3A%2F%2Fnoscript.net&ref_sel=GSP2&ua_sel=ff&fs=1
pol
According to user comment on mywot.com about noscript.net, Quttera report for suspicious files seems to be at least almost 6 months old.
Hi Pernaman,
At noscript net they mentioned the fixed placeholder links code could have been open to (XSS)-abuse, so they have come up with a patch.
The script element
display: none;
is commonly used with JavaScript to hide and show elements without deleting and recreating them.
<style type=“text/css”>body { display: none !important }</style>
Simply commenting out fixes it.
So it could well be that Quttera is crying over spilled milk here. It was the only one to flag at VT results.
This external link has insecure tracking: This website is insecure.
50% of the trackers on this site could be protecting you from NSA snooping. Tell -letsencrypt.org to fix it.
All trackers
At least 2 third parties know you are on this webpage.
-shaaaaaaaaaaaaa.com
-ocsp.int-x3.letsencrypt.org -ocsp.int-x3.letsencrypt.org → http://toolbar.netcraft.com/site_report?url=http://ocsp.int-x3.letsencrypt.org
And this is going via CloudFlare, see: http://toolbar.netcraft.com/site_report?url=https://api.flattr.com as a PositiveSSL Multi-Domain
5 problems here: https://mxtoolbox.com/domain/noscript.net/
polonus (volunteer website security analyst and website error-hunter)
These suspicious files still seem to be on Quttera’s report, but by now probably not a real threat?
EDIT: I went to check noscript.net’s IP info at VT and it showed wuite lot of alers for both noscript.net and informaction.com. Some of alerts are wuite old, but some are still from this year.
https://www.virustotal.com/fi/domain/noscript.net/information/
https://www.virustotal.com/fi/domain/informaction.com/information/
Hi Pernaman,
The question about the seriousness of these Quttera reported potential suspicious code;
Reason: Detected hidden potentially suspicious instructions
Details: Detected hidden CSS declaration
I don't think fancybox represents any threat to any website, however any file(s) including fancybox files can be tampered by malicious scripts. You may want to get your site checked but I don't see that warning as dangerous (but don't trust me or anybody else for that matters ;)quoted reply on Google groups by JFK (credits due to JFK). Then we had to evaluate whether malicious script could indeed tamper, and it seems it is properly protected through SRI hashes.
Stylesheets OK Tag Result Same originQuote from: https://sritest.io/#report/4f07b7c7-2c85-411a-bf13-952de39de0d7
So there is an alert for potential insecurity but the insecurity has been properly been mitigated via the right SRI hash.
There is a remote chance this could be effected by : htxps://noscript.net/oss.css e.g.
Results from scanning URL: htxp://s7.addthis.com/js/250/addthis_widget.js?ver=1444984857#async=1&pubid=ra-4f59cccf485d86d4
Number of sources found: 213
Number of sinks found: 86
Re: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fnoscript.net%2Foss.css
polonus