Where we stumbled upon it? https://urlscan.io/result/edaf6426-455b-4401-abb7-19663635829d/
Where it was being flagged: https://www.virustotal.com/gui/url/3f7087b173b07ddbcff2e1e254237b5ad0aef62ee0e3215155336fad25338f3c/detection
Why? → https://sitereport.netcraft.com/?url=https://confirmatie-ontvangst.net/
Retire.JS issues →
jquery 1.11.3.min Found in -https://confirmatie-ontvangst.net/js/jquery-1.11.3.min.js _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
JS error-
File not found: /js/master.jsFile not found: /js/match-height.js
File not found: /js/mmenu.js
File not found: /js/mmenu.polyfills.js
File not found: /js/jquery-1.11.3.min.js
SyntaxError: Unexpected string
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :67:477)()
Object.create (eval at exec_fn (:2:115), :69:193)()
c (eval at exec_fn (:2:115), :7:231)()
:4:80()
i (eval at exec_fn (:2:115), :5:165)()
eval (eval at exec_fn (:2:115), :5:292)()SyntaxError: Invalid regular expression flags
eval ()()
:4:80()
Object.t [as F_c] (:3:191)()
Object.E_u (:4:244)()
eval (eval at exec_fn (:2:115), :67:477)()
Object.create (eval at exec_fn (:2:115), :69:193)()
c (eval at exec_fn (:2:115), :7:231)()
:4:80()
i (eval at exec_fn (:2:115), :5:165)()
eval (eval at exec_fn (:2:115), :5:292)()
Why should this website be hosted in Chicago? 14% tracking blocked from -financien.belgium dot be
Consider: https://sitereport.netcraft.com/?url=financien.belgium.be (Could this still be a respectable website from 2013 henceon?)
Not really, I guess, as avast webshield flags Cyber Security Assessment and Management (CSAM) as not to be trusted.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)