tokenview.io

HTML metadata

Technology

Third-party hosts loaded (1)

• challenges.cloudflare.com×1

DNS records live

NS

• ns1cnb.name.com
• ns2fjz.name.com
• ns3cna.name.com
• ns4blx.name.com

MX

• 10 mx1.titan.email
• 20 mx2.titan.email

TXT

• google-site-verification=o6HuRMt3KcLAwExfO8vsR3lSRgggtqblVkdgoKACedU
• google-site-verification=kjfLj4K_YUD0tRQX4CE0f7VBtmCdgmVejRqQCgsT37w
• v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdNfYN50t0U0c6ZRt34pESimASdHZje0zJfUTZSF9GDzdYKJugqxu9PAYadkFxBFSIxN29XQGOQJ+Zwo6ghRnJOWtRpWX3DanPuCWM/KTGLN0FhJcm+bit/3sk2d5/FO1RAAPNtvHnCAMrwNmzfIT21TA/NC9t2gBPkSZfxJEwJwIDAQAB

Email authentication weak

SPF

v=spf1 include:spf.titan.email ~all

softfail (~all)

DMARC

not published

DKIM

no key found at common selectors

Certificate (current)

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 50/100 Checked live page: https://tokenview.io/challendge.html?redirect=/

present

• content-security-policy
• x-frame-options

findings

• missing HSTS
• CSP allows unsafe inline scripts/styles
• CSP uses wildcard sources
• missing content type protection
• missing Referrer Policy
• missing Permissions Policy

Linked from (3)

• coincarp.com×4
• navzh.com×3
• bidaka.com×2