See: https://sitecheck.sucuri.net/results/tube-hosting.de (api.mapbox being blocked in the browser)
Hosted at see: https://www.shodan.io/host/104.21.5.66 & https://www.shodan.io/host/188.114.96.3
Listed at several blacklists: https://whatismyip.live/blacklist-check for IP 188.114.96.3
Blacklist Description Status
-cbl.abuseat.org Composite Blocking List Listed
-dnsrbl.org DNSRBL - The Real-time Blackhole List Listed
-dnsbl.spfbl.net DNSBL SPFBL List Listed
-rd.uribl.com URIBL red Listed
-uribl.com URIBL grey Listed
-black.uribl.com URIBL black Listed
-multi.uribl.com URIBL multi Listed
Scan gives too many redirects …
Hardening Improvements Security Headers Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.Missing security header to prevent Content Type sniffing.
Missing Strict-Transport-Security security header.
Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
File name /index
Threat name PS.Redir.gen
File type Unknown
Reason Detected unconditional redirection to external web resource.
Details Detected HTTP redirection to hxtps://tube-hosting.com/.
Read on re-writing rules and errors here: https://security.stackexchange.com/questions/29573/sucuri-giving-false-positive-with-their-free-online-scanner-because-of-an-htacc (example of such a site, see scan = https://sitecheck.sucuri.net/results/www.blingjewelrys.shop
Not flagged here: https://zulu.zscaler.com/submission/eeb3c49e-57b8-4eba-8966-b3943420483f
3 WordPress issues found with that page:
outdated plug-ins: woocommerce 7.8.0 Warning latest release (8.1.1)
-https://woocommerce.com/
woo-variation-swatches Unknown latest release (2.0.26)
-https://wordpress.org/plugins/woo-variation-swatches/
yith-woocommerce-wishlist 3.22.0 Warning latest release (3.25.0)
-https://yithemes.com/themes/plugins/yith-woocommerce-wishlist/
User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.
Username Name
ID: 1 admin admin
ID: 2 not found
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation. Luckily for us all avast flag and blocks this site as with malicious program code.
polonus