let me just say it is monitoring central.
The sites are monitoring central and there are absolutely no privacy policies on the sites despite the fact that the sites are commercial sites and Velocity Servers Inc is using six 3rd party ad networks/analytics sites to monitor user activity, and it is also allowing a 3rd party contractor to monitor activity on both LowEndTalk and LowEndBox via the contractor's personal website (lowend.io), and it is allowing the hosting company ServerMania to ad stalk LowEndBox users via AdRoll.
piwik.lowend.io = web analytics site operated by 3rd party non-employee contractor of Velocity Servers Inc
tag.perfectaudience.com = ad retargeting company PerfectAudience
intljs.rmtag.com = ad retargeting company MediaForge
pixel-geo.prfct.co = ad retargeting company PerfectAudience
secure.adnxs.com = marketing service company AppNexus
ssl.google-analytics.com = web analytics service operated by sleazy unethical company whose business plan is based on harvesting personal info
s3.buysellads.com = banner advertising service
www.google-analytics.com = web analytics service operated by sleazy unethical company whose business plan is based on harvesting personal info
It should also be pointed out again that LowEndBox is still allowing a hosting company, ServerMania Inc (a sleazy company that used a stolen database to
spam databreach victims), to monitor LowEndBox users by including ServerMania's AdRoll ad retargeting code (account
QJSDIDC4UFEMBMV27GEVT4 ) on every LowEndBox.com page which is a violation of AdRoll's terms of service (see this thread:
============
On another note, besides being monitoring central, the sites are also vulnerability central and the owner's failure to apply timely security updates to the sites is one reason I would never use any hosting service operated by ColoCrossing.
LowEndBox WordPress 4.4.2 : 10 vulnerabilities
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string.
The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.
The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.
WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.
LowEndTalk Vanilla 2.1.12p3: 5 vulnerabilities
3 newly discovered XSS vectors;
a
n Insecure Direct Object Reference that allows unauthorized comment editing;
Potential CSRF vectors , including one that could allow account hijacking;
SQL injection vector; PDO option SQL injection risk;
insecure password reset token lengths and expiration times
