Website javascript security pitfall detected...

Scanned: -http://843-healthandbeauty.com-7mg.net/
Detected libraries:
jquery - 1.11.0 : (active1) -http://843-healthandbeauty.com-7mg.net/vendor/jquery-1.11.0.min.js
(active) - the library was also found to be active by running code
No vulnerable libraries found

Scanner output:
Scanning -http://843-healthandbeauty.com-7mg.net/
Script loaded: -http://843-healthandbeauty.com-7mg.net/vendor/jquery-1.11.0.min.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/vendor/underscore-min.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/site.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/analytics.js
Script loaded: -http://843-healthandbeauty.com-7mg.net/templates.js
Script loaded: -http://www.google-analytics.com/analytics.js
Status: success
Detected library: jquery - 1.11.0 * → http://jqueryui.com/upgrade-guide/1.10/ and beyond.
Load time: 28818ms

Took a closer look at the underscore-min.js script for vulnerabilties and bingo:
-https://code.google.com/p/mustache-security/wiki/UnderscoreJS

Analytics.js is security risky code, read here:

By referring to javascript that’s hosted elsewhere, you’re basically at the mercy of that other organization, which is in this case Google, to not do evil with it,
Quote from The Register - author = Dan Goodin.

polonus (volunteer website security analyst and website error-hunter)

Seems malware and PHISHing website: https://www.virustotal.com/nl/url/87ce7085949543b269060f9471522ad65781b55218f2c6a478cb7e0f47a629fe/analysis/1431119461/
Blacklisted: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=843-healthandbeauty.com-7mg.net
Listed in the DBL (Spam): http://www.spamhaus.org/query/domain/843-healthandbeauty.com-7mg.net

pol