See: https://urlscan.io/result/c65089ff-5647-432a-94b3-c556d246b0e5
See: https://urlquery.net/report/d005fdf1-3ff2-4514-8977-2a54226c5ee8
Fortinet blacklisted for PHISHING at -https://mitsun.in/.log/Docusign/docu/index.php
3 retirable jQuery libraries detected: https://retire.insecurity.today/#!/scan/db93c2cf7df1a241cdac3c9c6fda8e3a8e849371bf6312a40578f9ba37cf476d
See also: https://snyk.io/vuln/npm:jquery next to Erlund Oftedal’s retire-report.
Detected insecurity with various errors for/in: x-content-type options - strict-transport-security - disown-opener - no-disallowed-headers - sri - no-vulnerable-javascript-libraries -ssllabs. See: Google Safe Browsing
There was 1 malicious URLs contacted according to Google Safe Browsing! See report
SOCIAL_ENGINEERING / ANY_PLATFORM hxtp://www.mitsun.in/slider2/img/loading.gif
14 JavaScript Global Variables
These are the non-standard “global” variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| $Jease$ object| $JssorEasing$ object| $Jssor$ object| $JssorSlideshowFormations$ function| $JssorSlideshowRunner$ function| $JssorSlider$ function| $JssorBulletNavigator$ function| $JssorArrowNavigator$ function| $JssorThumbnailNavigator$ function| $JssorCaptionSlideo$ function| jssor_1_slider_init object| jQuery111107051799522116742
Also consider these scan results: https://privacyscore.org/site/100350/
(beta-site, therefore - “cum grano salis”)
polonus (volunteer website security analyst and website error-hunter)
L.S.
First some basics about this Google Safebrowsing alerted website - It looks like this domain/URL is currently flagged by Google under the Social Engineering (Phishing and Deceptive Sites) category. That is one.
Secondly- an underlying risk factor comes with the use of PHP-driven CMS to build websites, ike we see with Drupal, Word Press and Magento for instance. Developing PHP means steering away from many pitfalls, and using cheat sheets is almost a necessity. But we always always see PHP-driven insecurity as a red line here.
Thirdly, it is not so much well kept and updated kernel-code but outdated and left plug-in-code, but also bad configuration issues that will create these insecurities.
Finally, another persistent and important factor of constant evaluation of security risks is JavaScrip, it is at the root of many a security issue. Because at the outcome in the previous century javascript was not yet ready to be used on the Interwebs and especially in combination with HTML. We see the draw-backs almost every day.
So in this case we meet with a PHP based website, see: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.mitsun.in%2Fcoc.php&ref_sel=GSP2&ua_sel=ff&fs=1
Consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mitsun.in%2Fcoc.php
dead links come under: server_misconfigured.png
then under files there, we find investor.presentation.php; aoa.php; procedures.php; csr.php, thanking_you.php
Consider for instance: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mitsun.in%2Fthanking_you.php
decoded file with security through obscurity
wXw.mitsun.in/you.php
status: (referer=saved 122 bytes 48d4c3c45843184f9a8bb2b689fdd25b7d333c9d
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing ; before statement:
error: line:3: Please wait…
error: line:3: …^
file: 48d4c3c45843184f9a8bb2b689fdd25b7d333c9d: 122 bytes
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)