See: https://urlscan.io/result/2e851c6d-0f32-448d-9460-a68b76c2df08/
See: -a104-75-89-177.deploy.static.akamaitechnologies.com
Country Germany
City Frankfurt am Main
Organization Akamai Technologies
Re on effective URL: Results from scanning URL:
-https://wwwapps.ups.com/WebTracking/processInputRequest?HTMLVersion=5.0&loc=en_US&Requester=UPSHome&tracknum=1ZY53V19A802496140+&AgreeToTermsAndConditions=yes&ignore=&track.x=42&track.y=14
Number of sources found: 3
Number of sinks found: 143
&
Results from scanning URL: -https://ups.inq.com/chatskins/launch/inqChatLaunch10005649.js
Number of sources found: 7
Number of sinks found: 1
&
Results from scanning URL: -https://wwwapps.ups.com/assets/mnm/mnm.js
Number of sources found: 7
Number of sinks found: 1
&
Results from scanning URL:
-https://wwwapps.ups.com/track/client/polyfills.c3bda3f66fdf1a109141.bundle.js
Number of sources found: 10
Number of sinks found: 2
&
Results from scanning URL: -https://wwwapps.ups.com/assets/resources/scripts/ups.scripts.bdef21.js
Number of sources found: 202
Number of sinks found: 119
For the main page JavaScript errors: File not found:
-https://tags.tiqcdn.com/utag/ups/maestro/prod/utag.js *
File not found: -https://tags.tiqcdn.com/utag/ups/maestro/prod/utag.sync.js **
XSS-DOM scan results:
Number of sources found: 160
Number of sinks found: 40
- & ** Understandable as blocked by client because of uBlock Origin has prevented the following page from loading:
-https://tags.tiqcdn.com/ because of Ad tracking content of page [Akamai] Tealium.com Inc tracking.
On libraries: Retire.js
angularjs 1.6.9 Found in
-https://www.ups.com/assets/resources/scripts/vendor/ups.vendor.7f56e3.js
Vulnerability info:
Medium XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith, JQLite.append, new JQLite and angular.element. CVE-2020-7676
Medium angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. CVE-2020-7676
Medium Prototype pollution 12
bootstrap 3.3.7 Found in
-https://www.ups.com/assets/resources/scripts/vendor/ups.vendor.7f56e3.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 1
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
AkamaiMPulse and Akamai Bot Manager active on site…
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Also consider the blocked ad tracker’s DNS visualization:
https://dnsviz.net/d/tags.tiqcdn.com/dnssec/
Warnings
com to -tiqcdn.com: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the com zone): -dns5.c01.nsone.net.cn, -dns2.c01.nsone.net.cn, -dns3.c01.nsone.net.cn, -dns4.c01.nsone.net.cn, -dns1.c01.nsone.net.cn
net to -akamaiedge.net: Authoritative AAAA records exist for -a11-192.akamaiedge.net, but there are no corresponding AAAA glue records.
net to -edgekey.net: Authoritative AAAA records exist for -a13-65.akam.net, but there are no corresponding AAAA glue records.
net to -edgekey.net: Authoritative AAAA records exist for -a5-65.akam.net, but there are no corresponding AAAA glue records.
net to edgekey.net: The following NS name(s) were found in the authoritative NS RRset, but not in the delegation NS RRset (i.e., in the net zone): -a11-65.akam.net, -ns1-2.akam.net,
-a9-6-5.akam.net, -a3-65.akam.net
net to -edgekey.net: The following NS name(s) were found in the delegation NS RRset (i.e., in the net zone), but not in the authoritative NS RRset: -ns1-66.akam.net, -ns4-66.akam.net,
-ns5-
Could this mitigate the reasons for such alerts here: https://blog.cloudflare.com/oblivious-dns/
pol
Additionally we then will compare the following DNS/ Certification results:
See: https://crt.sh/?q=tags.tiqcdn.com
together with
these results: https://dnsviz.net/d/s5.wac.edgecastcdn.net/dnssec/ (with 2 errors on a zone.transfer)
Insecure SSL snooping see report-> https://sitereport.netcraft.com/?url=https%3A%2F%2Fwac.edgecastcdn.net%2F
Consider approachable…/.akamai-cli/.netstorage/auth (excessive info proliferation on server), see:
“atom?q=tags.tiqcdn.com%2F.akamai-cli%2F.netstorage%2Fauth”…Sectigo Limited 2015-2020.
A minus 2 score on privacy and security here: https://webcookies.org/cookies/tags.tiqcdn.com/31197262?353831
giving away this info proliferation: → https://github.com/akamai/cli-netstorage/blob/master/bin/akamaiNetstorage
for manipulating on Akamai CDN using a.o. things JSON.stringify. (N.B. Why not use twice times faster JSON.startify?).
So Google may well know what, where and who
→ Certificate Transparency
Signed Certificate Timestamps (SCTs)
Source Log Timestamp Signature Verification
Certificate Google Skydiver
u9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YU= 2019-01-29 04:43:08 Success
Certificate DigiCert 2
h3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8= 2019-01-29 04:43:08 Success
Certificate Sectigo Mammoth (Sectigo once was known under the name Comodo certs.)
b1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RM= 2019-01-29 04:43:08 Success
all coming from London, courtesy of Verizon.
It now might dawn upon the technology savvy end-user among us here,
that there really is no hiding from Big Dataslurping Corporations,
like Google and the really big global CDNs as here mentioned Akamai.
For little old me at least this wasn’t a big surprise after diving into the data available.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)