Nameservers: Some of the name servers’ versions found
-ns1.uniregistry-dns.net. Version IPv4: 9.8.4-rpz2+rl005.12-P1
-ns1.uniregistry-dns.com. Version IPv4: 9.8.4-rpz2+rl005.12-P1
-ns2.uniregistry-dns.net. Version IPv4: 9.8.4-rpz2+rl005.12-P1
-ns2.uniregistry-dns.com. Version IPv4: 9.8.4-rpz2+rl005.12-P1
Requested URL: htxp://brandaisy.com/ | Response URL: htxps://www.brandaisy.com/ | Page title: Brandable domain names - The marketplace for premium domains. | HTTP status code: 200 (OK) | Response size: 361,070 bytes (gzip’d) | Duration: 2,875 ms
Overview
When a website redirects the user from an HTTP address to an HTTPS one, there is a risk that an attacker could launch a man in the middle attack by intercepting the original HTTP request and returning a malicious response.
Secure cookies: Warning
Requested URL: htxps://www.brandaisy.com/trace.axd | Response URL: htxps://www.brandaisy.com/trace.axd | Page title: Page not found - Brandaisy | HTTP status code: 404 (Not found) | Response size: 47,035 bytes (gzip’d) | Duration: 603 ms
Overview
Cookies served over HTTPS but not flagged as “secure” may be sent over an insecure connection by the browser. Often this may be a simple request for an asset such as a bitmap file but if it’s on the same domain as the cookie is valid for then it will be sent in an insecure fashion. This poses a risk of interception via a man in the middle attack.
Result
It looks like a cookie is being served over HTTPS without the “secure” flag being set (name : value):
aelia_cs_selected_currency : USD
Unless the cookie needs to be sent over an insecure connection, the “secure” flag should always be set to ensure it can only be sent with an HTTPS request.
Result
The address you entered makes a request using the HTTP scheme but is then redirected by the server to an HTTPS address. Consider user education to ensure the HTTPS address is entered directly into the browser when requesting the site.
Clickjacking: Warning
Requested URL: htxp://brandaisy.com/ | Response URL: hxtps://www.brandaisy.com/ | Page title: Brandable domain names - The marketplace for premium domains. | HTTP status code: 200 (OK) | Response size: 361,070 bytes (gzip’d) | Duration: 2,875 ms
Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An “X-Frame-Options” header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.
Result
It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
In the code found script of this third party - line 4437 etc.
Website is insecure by default
80% of the trackers on this site could be protecting you from NSA snooping. Tell -optinmonster.com to fix it.
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
c22b625f94ce9b456550ebf299e3ae82 -optinmonster.com srv_id
Legend
Tracking IDs could be sent safely if this site was secure.
Tracking IDs do not support secure transmission.