See: http://killmalware.com/dayt.se/#
Nothing alerted for here: https://www.virustotal.com/en/url/1bf3b28ecae200f7d902a5cef400f53a8ffa0e4a5cc5e0ff458dc2becbe6bfb7/analysis/
nor here: http://quttera.com/detailed_report/dayt.se and here: https://sitecheck.sucuri.net/results/dayt.se#sitecheck-details
2 vulnerable libraries flagged here: -http://dayt.se
Detected libraries:
jquery - 1.11.1 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.11.1 : (active1) -http://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
Also consider this scan and where it lands and additionally the code issues.
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fjquery%2F1.11.1%2Fjquery.min.js
script
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: line:3: SyntaxError: missing ) in parenthetical:
error: line:3: documentElement,p=!f(e),g&&g!==g.top&&(g.addEventListener?g.addEventListener("unload",function(){m()},!1):g.attachEvent&&g.attachEvent("onunload",function(){m()})),c.attributes=ib(function(a){return a.className="i",!a.getAttribute("className")}),c.get
error: line:3: ........................................^
Suspicious URLs found in: -http://dayt.se
1: hxxp://jsc·mgid·com/g/2/g2g·fm·11531·js?t=
Note: The URL(s) listed above have been found in the page we are checking. While the URL(s) are not currently flagged as suspicious by Google they have returned malicious content, unwanted https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fdayt.se&ref_sel=GSP2&ua_sel=ff&fs=1software, deceptive content, and/or caused problems recently and should be investigated. Do they belong in that page? → https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fdayt.se&ref_sel=GSP2&ua_sel=ff&fs=1
Also consider this scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fdayt.se%2F
Also code errors here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fdayt.se%2F
script
info: [decodingLevel=0] found JavaScript
error: line:4: SyntaxError: missing } in compound statement:
error: line:4: ding a fresh object... $.cookie(key, '', $.extend({}, options, { expires: -1 })); return !$.cookie(key); }; }));
error: line:4: ...^
The syntax error could be because of one missing curly braces somewhere. See for fresh object this code example: https://codeclimate.com/github/mar10/fancytree/source_listing.js?blob_id=aebaa84fc6a7bcd9831b5a8981e0265ef87026f6&language_name=JavaScript&line_end=82&line_start=38
The https site has issues: -dayt.se
Please contact the Certificate Authority for further verification.
This server cannot be scanned for these vulnerabilities:
Heartbleed. See possible causes.
Poodle (TLS). See possible causes.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
sni41729.cloudflaressl.com
SAN:
sni41729.cloudflaressl.com, *.01454.info, *.betapdf.review, *.better-kitchen.de, *.betterkitchen.de, *.canadianstarfightermuseum.ca, *.dayt.se, *.engagethecrowd.com, *.floridaretreatvilla.com, *.k9sonly.net, *.quintb.com, *.shoe-chef.com, *.sidingsolutions.ca, 01454.info, betapdf.review, better-kitchen.de, betterkitchen.de, canadianstarfightermuseum.ca, dayt.se, engagethecrowd.com, floridaretreatvilla.com, k9sonly.net, quintb.com, shoe-chef.com, sidingsolutions.ca
Valid from:
2016-May-22 00:00:00 GMT
Valid to:
2016-Nov-27 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Organizational unit:
PositiveSSL Multi-Domain,Domain Control Validated
City/locality:
State/province:
Country:
Certificate Transparency:
Not embedded in certificate
Serial number:
0db99d43784fbbd353cc1150a99aed9f
Algorithm type:
SHA256withECDSA
Key size:
256
polonus (volunteer website security analyst and website error-hunter)
