What was flagged: htxps://backend.harpersbazaar.de/graphql%22,%22NEXT_PUBLIC_ORIGIN%22:%22htxps://www.harpersbazaar.de%22,%22NEXT_PUBLIC_BACKEND_URL%22:%22htxps://backend.harpersbazaar.de%22,%22NEXT_PUBLIC_SHOP_PRODUCT_DB_HOST%22:%22htxps://www.produktdb.com%22,%22NEXT_PUBLIC_THUMBOR_URL%22:%22htxps://static.harpersbazaar.de%22,%22NEXT_PUBLIC_ENVIRONMENT%22:%22production%22,%22NEXT_PUBLIC_GTM_ID%22:%22GTM-WZ88QB2%22,%22NEXT_PUBLIC_SENTRY_DSN%22:%22htxps://551c2ebdd3f642939162962ba36f5003@tech-sentry.harpersbazaar.de/2%22,%22NEXT_PUBLIC_AMP_URL%22:%22htxps://www.harpersbazaar.de%22,%22NEXT_PUBLIC_RELEASE%22:%224.12.1%22,%22NODE_ENV%22:%22production%22,%22METRICS%22:%22%22,%22NEXT_PUBLIC_NO_NEXX_PLAYLIST%22:%22%22%7D%3C/script%3E%3Cscript%3E%20window.dataLayerPiwik%20=%20window.dataLayerPiwik%20%7C%7C
See: Results from scanning URL for DOM-XSS issues: -https://backend.harpersbazaar.de/
Number of sources found: 6
Number of sinks found: 122
Nothing alerted here: https://www.virustotal.com/gui/url/196ab0f4df29c3eb4414fa9909f39770d20b3a2f7810795c4f0d789f83627d09/detection
nor here: https://www.virustotal.com/gui/ip-address/104.17.149.85/relations
Sucuri blocks the complete uri above as attack code, also consider: https://sitereport.netcraft.com/?url=https%3A%2F%2Fbackend.harpersbazaar.de
On the server we find- next.js and node.js - website has Outbrain tracking
and various members of the avast community do not trust this website.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)