See: https://www.htbridge.com/ssl/?id=oZHl4yDG
Just look at third party code alerts with F-grade security status.
Flagged by Sucuri’s IDS: https://urlquery.net/report/e01c41aa-0940-4be8-b67e-00f15babfd6f
The retirable jQuery libraries: https://retire.insecurity.today/#!/scan/6931eb57acb24050274d6027647fb34650bf10dc0d5b0cd4cdeb6fbcdad52018
DOM-XSS Scanner: sinks and sources: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fiftc.biz
polonus (volunteer website security analyst and website error-hunter)