We started from: http://urlquery.net/report.php?id=1491233976210
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fvidbitfuture.co
On the script therein:
wXw.gstatic.com/hosted/modernizr/v2_8_3/basic.js benign* undefined variable j going back to -http://vidbitfuture.co/recoverpass.php
[nothing detected] (script) wXw.gstatic.com/hosted/modernizr/v2_8_3/basic.js
status: (referer=www.google-analytics.com/)saved 8187 bytes 0ef7cec9e2183ac29794ced1f32551197dcd006f
info: [decodingLevel=0] found JavaScript
error: undefined variable j
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
and affecting open stream for -http://vidbitfuture.co/js/video_queue.js
with a hidden download and the following error
found JavaScript
error: undefined variable $
error: undefined function $
Retirable code: -http://vidbitfuture.co
Detected libraries:
jquery - 1.11.0 : (active1) -http://vidbitfuture.co/js/jquery-1.11.0.min.js
Info: Severity: medium
(active) - the library was also found to be active by running code
1 vulnerable library detected
F-F-X insecurity status: https://observatory.mozilla.org/analyze.html?host=vidbitfuture.co
B-ststus with two script issues: https://sritest.io/#report/43bbfb62-8623-43bf-98ea-8a88d9aff972
Site is neither malicious nor suspicious, but could do with some security mitigation for the issues set out here.
Consider also: https://urlscan.io/result/b104ec95-5612-4045-a115-236060f3e40e#summary
polonus (volunteer website secruity analyst and website error-hunter)
P.S. Would be interesting to check that recoverpass. php using http://www.dvwa.co.uk/