Tests and other Media topics

[polonus]

Another of this tracking survey for a particular website. Browser console info ->

CSP errors
checkdefault-src
expand_more
errorscript-src
expand_more
help_outline'self'
'self' can be problematic if you host JSONP, Angular or user uploaded files.
help_outlinehttps://cdn.polyfill.io
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
help_outlinehttps://connect.facebook.net
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
errorhttp://www.google-analytics.com
Allow only resources downloaded over HTTPS.
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
errorhttps://www.google.com
www.google.com is known to host JSONP endpoints which allow to bypass this CSP.
errorhttps://www.gstatic.com
www.gstatic.com is known to host Angular libraries which allow to bypass this CSP.
errorhttp://static.ads-twitter.com
Allow only resources downloaded over HTTPS.
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
help_outlinehttps://analytics.twitter.com
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
info_outline'nonce-**CSP_NONCE**'
Nonces should only use the base64 charset.
errordata:
data: URI in script-src allows the execution of unsafe scripts.

checkconnect-src
expand_more
checkframe-src
expand_more
errorimg-src
expand_more
check'self'
check*.blockchain.com
check*.blockchain.info
checkdata:
check*.cryptocompare.com
check*.googleusercontent.com
checkhttps://www.facebook.com
errorhttp://www.google-analytics.com
Allow only resources downloaded over HTTPS.
checkhttps://www.google.com
errorhttp://t.co/i/adsct
Allow only resources downloaded over HTTPS.

Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell blockchain.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d17fa83ec3d5590b861c1273eee8795121613819917 www.blockchain.com__cfduid
Legend

 Tracking IDs could be sent safely if this site was secure.

 Tracking IDs do not support secure transmission.

Help Icon
Click the icons in the tables below for a more detailed explanation.

HTTP security headers
Name

Value

Setting secure

content-security-policy

default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-**csp_nonce**' data:; connect-src 'self' *.blockchain.com *.blockchain.info *.cryptocompare.com https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' *.blockchain.com *.blockchain.info https://www.google.com https://www.youtube.com; img-src 'self' *.blockchain.com *.blockchain.info data: *.cryptocompare.com *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com 'nonce-**csp_nonce**'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self';

https://csp-evaluator.withgoogle.com/?csp=https://www.blockchain.com/
https://webcookies.org/cookies/www.blockchain.com/19138296
https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address

polonus

[polonus]

Better results come as we combine resources.
Example - https://www.ipqualityscore.com/domain-reputation/grynkewich.com
with https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/68.178.213.37
and https://www.virustotal.com/gui/ip-address/68.178.213.37/relations
and https://www.abuseipdb.com/check/68.178.213.37
and https://dnslytics.com/ip/68.178.213.37
See: https://sitereport.netcraft.com/?url=https://Grynkewich.com
-> https://www.virustotal.com/#/ip-address/34.102.136.180 -> https://www.virustotal.com/gui/ip-address/34.102.136.180/detection
A Tor-address used by hackers: https://ip-46.com/34.102.136.180
Reported 127 times: https://www.abuseipdb.com/check/34.102.136.180?page=2
& https://ip-46.com/68.178.213.37 
More resources: www.liveipmap.com; www.spamrats.com ; findipv6.com ; cleantalk.org ; www.ipligence.com ;
https://www.islegitsite.com/check/ ; https://urlfiltering.paloaltonetworks.com/query/

polonus

[polonus]

Test for EMOTET: Check here: https://www.haveibeenemotet.com/

Fake sender and recipient meant both mail results and address was spoofed,
and was sent through anonymailer or deadfake email service.

There is no legit reason to do so or use such services,
to send mails in name of another user, it is just pure evil,
and there is no excuse for it than being banned right away.

polonus

[polonus]

Another combination of resources, based on a common CloudFlare IP.

https://www.ipqualityscore.com/domain-reputation/circlecloud.net  vs https://ns.tools/circlecloud.net
https://www.ipqualityscore.com/domain-reputation/truckers.com
https://ns.tools/registeredsite.com
https://www.lookip.net/ip/172.65.252.97
https://www.shodan.io/host/172.65.252.97

polonus

[polonus]

Seen in the light of recent existing and persistent CSS-Exchange Server vulnerabilities:

https://www.zdnet.com/article/check-to-see-if-youre-vulnerable-to-microsoft-exchange-server-zero-days-using-this-tool/

and https://github.com/microsoft/CSS-Exchange/tree/main/Security

For the latest download: https://github.com/microsoft/CSS-Exchange/releases/latest/download/Test-ProxyLogon.ps1

Stay safe and secure online as well as offline,

polonus