Author Topic: Tests and other Media topics  (Read 325361 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32953
  • malware fighter
Re: Tests and other Media topics
« Reply #870 on: February 20, 2021, 04:37:38 PM »
Another of this tracking survey for a particular website. Browser console info ->
Quote
CSP errors
checkdefault-src
expand_more
errorscript-src
expand_more
help_outline'self'
'self' can be problematic if you host JSONP, Angular or user uploaded files.
help_outlinehttps://cdn.polyfill.io
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
help_outlinehttps://connect.facebook.net
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
errorhttp://www.google-analytics.com
Allow only resources downloaded over HTTPS.
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
errorhttps://www.google.com
www.google.com is known to host JSONP endpoints which allow to bypass this CSP.
errorhttps://www.gstatic.com
www.gstatic.com is known to host Angular libraries which allow to bypass this CSP.
errorhttp://static.ads-twitter.com
Allow only resources downloaded over HTTPS.
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
help_outlinehttps://analytics.twitter.com
No bypass found; make sure that this URL doesn't serve JSONP replies or Angular libraries.
info_outline'nonce-**CSP_NONCE**'
Nonces should only use the base64 charset.
errordata:
data: URI in script-src allows the execution of unsafe scripts.

checkconnect-src
expand_more
checkframe-src
expand_more
errorimg-src
expand_more
check'self'
check*.blockchain.com
check*.blockchain.info
checkdata:
check*.cryptocompare.com
check*.googleusercontent.com
checkhttps://www.facebook.com
errorhttp://www.google-analytics.com
Allow only resources downloaded over HTTPS.
checkhttps://www.google.com
errorhttp://t.co/i/adsct
Allow only resources downloaded over HTTPS.

Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell blockchain.com to fix it.

Identifiers | All Trackers
 Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d17fa83ec3d5590b861c1273eee8795121613819917 www.blockchain.com__cfduid
Legend

 Tracking IDs could be sent safely if this site was secure.

 Tracking IDs do not support secure transmission.

Help Icon
Click the icons in the tables below for a more detailed explanation.

HTTP security headers
Name

Value

Setting secure

content-security-policy

default-src 'none'; script-src 'self' https://cdn.polyfill.io https://connect.facebook.net http://www.google-analytics.com https://www.google.com https://www.gstatic.com http://static.ads-twitter.com https://analytics.twitter.com 'nonce-**csp_nonce**' data:; connect-src 'self' *.blockchain.com *.blockchain.info *.cryptocompare.com https://blockchain.info https://api.greenhouse.io https://www.google-analytics.com https://stats.g.doubleclick.net https://script.google.com https://script.googleusercontent.com; frame-src 'self' *.blockchain.com *.blockchain.info https://www.google.com https://www.youtube.com; img-src 'self' *.blockchain.com *.blockchain.info data: *.cryptocompare.com *.googleusercontent.com https://www.facebook.com http://www.google-analytics.com https://www.google.com http://t.co/i/adsct; style-src 'self' 'unsafe-inline' https://rsms.me https://fonts.googleapis.com 'nonce-**csp_nonce**'; font-src 'self' https://rsms.me https://fonts.gstatic.com data:; manifest-src 'self'; object-src 'self';

https://csp-evaluator.withgoogle.com/?csp=https://www.blockchain.com/
https://webcookies.org/cookies/www.blockchain.com/19138296
https://html.spec.whatwg.org/multipage/input.html#valid-e-mail-address

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32953
  • malware fighter
« Last Edit: February 24, 2021, 10:23:41 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32953
  • malware fighter
Re: Tests and other Media topics
« Reply #872 on: March 01, 2021, 03:03:23 PM »
Test for EMOTET: Check here: https://www.haveibeenemotet.com/

Fake sender and recipient meant both mail results and address was spoofed,
and was sent through anonymailer or deadfake email service.

There is no legit reason to do so or use such services,
to send mails in name of another user, it is just pure evil,
and there is no excuse for it than being banned right away.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32953
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32953
  • malware fighter
Re: Tests and other Media topics
« Reply #874 on: Yesterday at 11:52:56 PM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!