Re: see all big alerts!' in the sacn results here:
https://privacyscore.org/site/112202/moment.js jQuery library to be retired:
https://retire.insecurity.today/#!/scan/d86ed7a0b5e5944e4444258f094c96008ab4fd5684d8a850f79f8a5d7c98946917 potential problems detected here:
https://aw-snap.info/file-viewer/?protocol=secure&tgt=www.washingtonpost.com&ref_sel=GSP2&ua_sel=ff&fs=1Facebook snooping: -https://ml314.com/utsync.ashx?pub=748&adv=&et=0&eid=&ct=js&pi=5978151423848599290&fp=&clid=&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fcdn.krxd.net%2Fpartnerjs%2Fxdi%2Fproxy.3d2100fd7107262ecb55ce6847f01fa5.html%23!kxcid%3DIbWIJ0xh%26kxt%3Dhttps%253A%252F%252Fwww.washingtonpost.com%26kxcl%3Dcdn%26kxp%3D&pv=1533905619373_1oym77k93&bl=en-us&cb=48166&return=%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D%5BPersonID%5D&ht=&d=&dc=&si=1533905619373_1oym77k93&cid=&s=1024x768&rp=https%3A%2F%2Fwww.washingtonpost.com%2F%3Fnoredirect%3Don
Rather block this also: -https://mb.moatads.com/yi.js?ud=false&ue=false&uu=false&qm=0&qn=(%2BIb%7Cj8o%3FJ(jkkeL07ta_*JRM!6t9B%2CN%3Ey)%2ChXbvU37_*NhSfBghz%5DAOz3W*FZlNW%3D2W%7B*TZm%24pD7X%3Ai%3C%3FdKHapzrIw(%60*MVu%2Fs1S*qks!o%7B25jAbj19SUF%60(a~M%3Ai%60K%25_9.rV0%2F%60E%60%60tN%24%26x%5E%2F8%7BiI%3Df%3Cc%2CekO2m%2F%26u~q%60RP%3CG.FTVGX%5E8Y.Nl5*ZRoRd%7BDI%3F5B7LUUOhBUFj8V&qp=00000&qq=000000000000&qr=0&is=BBBBBBB5BBCBBBBBBBBBBCCCBBBBBCCCcB7BBBCBBCBBBCCCCBBBCg4BCFCRCBOZBBBSBBBBBBBBBBBBBBBBBBCBipBBCBBmBBBCBBBBBBBxCCBBqCv1CfCCJiMeiCCCCCCCCVMCBBBBBBBBQBBBeBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCEB5BBC9CBBBCpnICyRBBBBBBBBBBBBBBBC9ThFF3cBBBCBBBBBBB7BBdBz1BCBBPBBpCBJUBBBBBBICCCCCCCCCDDDDCCCBBh2eBBBGI57kNBBBBoBBByseBBBBB&iv=6&gz=0&hh=0&hn=0&qt=1&tw=null&url=https%3A%2F%2Fwww.washingtonpost.com%2F%3Fnoredirect%3Don&confidence=2&pcode=washpostprebidheader710741008563&callback=MoatNadoAllJsonpRequest_83771976
Moatads is an adware server, that one day may start to show ads on your screens, folks. Better be without it.
and then these Fastly links:
1. -https://c.go-mpulse.net/api/config.json?key=W8234-EWWKH-SQWJU-EAC6K-7AE5Z&d=www.washingtonpost.com&t=5113019&v=1.571.0&if=&sl=0&si=9uooqyf6oyb-NaN&plugins=DuplicateTimersToBeacon,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,LOGN&acao=
& this one also from Fastly:
2. -https://cdn.krxd.net/controltag?confid=IbWIJ0xh
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
But spamming via DOM-XSS for Results from scanning URL: hxtps://www.cialisfordailyuse.store
Number of sources found: 78
Number of sinks found: 534 (coming in via moatads?).
Sinks and sources galore here: Results from scanning URL: htxps://www.washingtonpost.com/pb/gr/ro/default/rGUfFF1AVUgk0r/load_immediately/1688178829.js?_=5186d
Number of sources found: 191
Number of sinks found: 127
I ask you in all honesty, good people, how many telemetry monitoring do you end-user want to allow?
Big Data wins and rules on all fronts now, and it also is threatening your privacy and security online.
Take back your free Interwebs.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
