Another candidate: http://toolbar.netcraft.com/site_report?url=https://tutanota.com
Re: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp - BEast vulnerable.
Script running and where it lands: http://www.domxssscanner.com/scan?url=https%3A%2F%2Ftutanota.com%2Fjs%2Fbundle.js
WARNING: Name servers software versions are exposed:
195.253.51.245: “ironDNS Name Server (nameserver-1.3.18, nameserver-1.3.18, r3767) pr-201”
195.253.54.31: “ironDNS Name Server (nameserver-1.3.18, nameserver-1.3.18, r3767) pr-203”
2a01:5b0:0:126::1f: “ironDNS Name Server (nameserver-1.3.18, nameserver-1.3.18, r3767) pr-203”
2a01:5b0:2:56::f5: “ironDNS Name Server (nameserver-1.3.18, nameserver-1.3.18, r3767) pr-201”
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system. Learn how to hide version. See: http://www.dnsinspect.com/tutanota.com/1459431615
This should not be online: https://piwik.tutanota.de/ E-status: https://securityheaders.io/?q=https%3A%2F%2Fpiwik.tutanota.de%2F
See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fpiwik.tutanota.de%2F
lands at jquery.smartbanner.js … associated with the “exploit kit approach,”
Results from scanning URL: -https://piwik.tutanota.de/libs/jquery/jquery.smartbanner.js?cb=0446a2b87d4d94f247cd10a7a3fbb85a
Number of sources found: 18
Number of sinks found: 5
Unique IDs about your web browsing habits have been insecurely sent to third parties.
csedlrdxxxxxxxxxxxxqf0dfg7 piwik.tutanota.de piwik_sessid
Tracker could be tracking safely if the site was secure.
polonus