Blocked for me by an extension in Google Chrome was: https://js-agent.newrelic.com/nr-100.js e.g. KissPrivacy blocks
A script I found here on this site, see: http://jsunpack.jeek.org/?report=0a474dc1fcf643f738ee4e2980ec39f3645d5457
See all the way down, link for security researchers only with NoScript active and in a VM!
http://fetch.scritch.org/%2Bfetch/?url=http://dmssalaries.herokuapp.com/salaries
See that thee site’s server here is Cowboy, a small, fast, modular HTTP websocket server written in erlang using the cowboy framework. I went through the header security config. with following results:
Number of Happy Findings: 6
Number of Not As Happy Findings: 4
Percentage Happy Findings: 60%
Strict-Transport-Security does not appear to be found in the site’s HTTP header, so browsers will not try to access your pages over SSL first.
We did not detect Content-Security-Policy , x-webkit-csp, or even x-webkit-csp-report-only in the site’s HTTP header, making XSS attacks more likely to succeed.
All scanners miss the malcode on site but AutoShun that flags it as a malcious site.
Server: was found in this site’s HTTP header, possibly making it easier for attackers to know about potential vulnerabilities that may exist on your site!
Not Sucuri’s nor Quttera’s see anythPermitted-Cross-Domain-Policies does not appear to be found in the site’s HTTP header, so it’s possible that cross domain policies can be set by other users on your site and be obeyed by Adobe Flash and pdf files.ing wrong with that site: http://sitecheck.sucuri.net/results/dmssalaries.herokuapp.com
http://quttera.com/detailed_report/dmssalaries.herokuapp.com
The site can be found inside a malicious IP environment, re: https://www.virustotal.com/nl/ip-address/54.235.95.213/information/ together with 316 other somains on that IP: http://sameid.net/ip/54.235.95.213/
IDS alerts from that IP here: http://m.urlquery.net/report.php?id=1411715634642
Netcraft risk for site: http://toolbar.netcraft.com/site_report?url=http://dmssalaries.herokuapp.com
pol