Quite some magenta webshops still open to brute force attacks, here's one...

Seen in the light of recent Magecart attacks, the following Magenta site is not overtly secure:
https://www.magereport.com/scan/?s=https://store.ipced.com/
See what recommendations could be given: 615 of which 102 directly security related:
https://webhint.io/scanner/5a445322-2724-4d9d-9fb7-1f9eef1d2ccc#category-Security
Also consider: https://toolbar.netcraft.com/site_report?url=https://store.ipced.com/

Sad situation really with all this JavaScript insecurity, not applying best policy header settings
and a B-grade SSL security status.

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

The website now produces a redirect: URLs that redirect found in: -https://store.ipced.com/

1: -http://www.careandcompliance.com/media/images/online-training-login.png → -https://www.careandcompliance.com/media/images/online-training-login.png

with even more recommendations: 911 in all: https://webhint.io/scanner/96bf9b6a-3745-48ca-99cd-e24bd7c1cc96#category-Security
of which 279 security related issues.

All sorts of issues reported here: https://www.magereport.com/scan/?s=https://www.careandcompliance.com/

Was this a website developing project launched by shadow IT developers or just incompetent amateurs?
It is a shame to produce such vulnerable services towards your end-users/visitors.

Re: https://sitecheck.sucuri.net/results/https/www.careandcompliance.com
Outdated server software with excessive info proliferation risks: https://www.shodan.io/host/40.70.65.178
A whole listing of vulnerablities on this MS Azure IP address.
Domain siblings: https://www.virustotal.com/nl/domain/partner.careandcompliance.com/information/

Results from scanning URL: -https://www.careandcompliance.com Number of sources found: 4 ; number of sinks found: 436

Results from scanning URL: -https://www.careandcompliance.com/js/at/at.js
Number of sources found: 36 ; number of sinks found: 11

Results from scanning URL: -https://service.force.com/embeddedservice/5.0/esw.min.js
Number of sources found: 24 ; number of sinks found: 9
Consider: https://retire.insecurity.today/#!/scan/d3034b9761a7ba80b6b7b20e71b94537ff94d118af3ff6c5eca89a48f062b9b5

Blocked for me on there through uMatrix comes -https://cdn.krxd.net/controltag/rzjyb3v08.js (linked to -etorox.com/wp-includes)
which is being flagged at VT by 2 parties: https://www.virustotal.com/nl/url/9217a91c45ba85f0a929b29c6decaa85525dfae05937f7f10791f8639853bc89/analysis/

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

This one looks safe, but still has issues according to mage report:
https://www.magereport.com/scan/?s=https://www.maisonbirks.com/
Consider: https://retire.insecurity.today/#!/scan/b362dc5bcf89611d69900f96cf48ecce7566dde5b046f316e1d23b60df5c8177
Direct threats: https://webscan.upguard.com/#/maisonbirks.com

Read on vulnerable webshop websites: https://blog.netlab.360.com/ongoing-credit-card-data-leak/
See: https://publicwww.com/websites/magento-analytics.com%3A80%2F5c330014a67ac.js+depth%3Aall/

Here we see a high risk webshop scan report: https://www.magereport.com/scan/?s=http://lightoffaith.com/
and another one with this xxxxxxxxxxac.js script there: https://www.magereport.com/scan/?s=https://www.liquorishonline.com/
Researches found up some 105 webshop sites vulnerable to date…consider -https://jsfiddle.net/BF7fF

polonus

Round 15-04-2019 magento-analytics.com:80/gate.php became abused…
see: https://www.shodan.io/host/93.187.129.249
But not only magenta websites were being abused in this way through gate.php
Malicious: -http://jakqorigds.ru.net/zb/panel/gate.php
through social engineering: https://urlscan.io/result/b1456653-0bdb-4a06-8d50-e2ed81c548d2/#behaviour
Not a magenta site, site suspended https://www.virustotal.com/en/url/31a5d8ca9ea225abd94124a4a45bab5c1fa3bdf63fc3adce72822327aa6e07e9/analysis/
Maliicious redirect found: https://sitecheck.sucuri.net/results/jakqorigds.ru.net

This page redirects to -http://jakqorigds.ru.net/cgi-sys/suspendedpage.cgi that is blacklisted by Google Safe Browsing, see -ttps://transparencyreport.google.com/safe-browsing/search?url=http%3A%2F%2Fjakqorigds.ru.net%2Fcgi-sys%2Fsuspendedpage.cgi

Also see: https://zeustracker.abuse.ch/blocklist.php?download=compromised

List of various dropzones given here: https://zeustracker.abuse.ch/monitor.php?browse=dropzones

polonus

PHP scripts can be a can of worms on magento, like for instance abuse of powermusic.js
Checked at mage report we find a high risk website here:
https://www.magereport.com/scan/?s=http://workoutmusic.com/
2 vulnerable libraries: https://retire.insecurity.today/#!/scan/f9bfecba252d752f209bc54512baace4507630c734c91414e52df9f0f060322b

6 instances of being susceptable to MiM attacks
4 instances of domain being at risk of being hijacked
DNS is susceptible to man-in-the-middle attack, because not enabled.

Malicious code found, you are vulnerable. Indicators:

-magento-analytics.com/

We recommend eComscan to find malicious code in your store.

Malware found and site issue: https://sitecheck.sucuri.net/results/workoutmusic.com
Resource from a blacklisted domain -https://magento-analytics.com/powermusic.js
7 dectect this now: https://www.virustotal.com/en/url/ddd8263181eed169c07e46e41d7ecba226ac4efcb85acb2bc039568c22efe2b6/analysis/1557438154/

CloudFlare abuse, see https://www.shodan.io/host/104.31.74.51

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Via a search on 0181227 20190113 for -magento-analytics.com:80/emersonstreetclothing.js
(info credits should go to researchers XU YANG & BA0JY)

Another High Risk site on Magento: https://www.magereport.com/scan/?s=https://emersonstreetclothing.com/
See: https://urlscan.io/result/82e7ae79-d548-4eee-a73e-5cf7e40c92a1
Re: latest detected 2: https://www.virustotal.com/en/domain/emersonstreetclothing.com/information/
Site blacklisted host not found: https://sitecheck.sucuri.net/results/https/emmersonstreetclothing.com/information/

Retire.js bootstrap 3.2.0 Found in -https://emersonstreetclothing.com/skin/frontend/mgstheme/default/js/bootstrap.min.js Vulnerability info: High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041 Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040 Medium 20184 XSS in data-container property of tooltip CVE-2018-14042 jquery-ui-dialog 1.11.1 Found in -https://emersonstreetclothing.com/skin/frontend/mgstheme/default/js/jquery-ui.js Vulnerability info: High CVE-2016-7103 281 XSS Vulnerability on closeText option jquery 1.11.0 Found in -https://emersonstreetclothing.com/skin/frontend/mgstheme/default/js/jquery.min.js Vulnerability info: Medium 2432 3rd party CORS request may execute CVE-2015-9251 Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
error notifier: gtag is not defined... Tracking: 100% of the trackers on this site could be protecting you from NSA snooping. Tell -emersonstreetclothing.com to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

-kmxg4ilXXXXXXzps -emersonstreetclothing.com frontend_cid

Known

content.js:19 Loaded script with known vulnerabilities:
-https://emersonstreetclothing.com/skin/frontend/mgstheme/default/js/jquery-ui.js

polonus (volunteer website security analyst and website error-hunter)