urlscan.io logo urlscan.io
SecurityTrails logo

changelog.kolide.com Open in urlscan Pro
52.0.99.66  Public Scan

Go To Rescan Add Verdict Report
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Submission: On April 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 2 countries across 17 domains to perform 25 HTTP transactions. The main IP is 52.0.99.66, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is changelog.kolide.com.
TLS certificate: Issued by R3 on March 22nd 2021. Valid for: 3 months.
This is the only time changelog.kolide.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 52.0.99.66 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
8 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 52.204.186.125 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 2 2620:119:50e1... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 108.174.10.14 14413 (LINKEDIN)
1 142.250.185.130 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
25 19
1    52.0.99.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-99-66.compute-1.amazonaws.com
changelog.kolide.com
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2606:4700:20::681a:74a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.announcekit.app
img.announcekit.app
1    2606:4700::6811:d5cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    52.204.186.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-186-125.compute-1.amazonaws.com
announcekit.app
1    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700::6812:15bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
1    2606:4700::6811:cccc (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a02:26f0:7100:18d::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2620:119:50e1:101::6cae:b25 (United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
1    108.174.10.14 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com
px4.ads.linkedin.com
1    142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net
www.googleadservices.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Domain Requested by
4 img.announcekit.app changelog.kolide.com
4 cdn.announcekit.app changelog.kolide.com
cdn.announcekit.app
2 px.ads.linkedin.com 2 redirects
1 www.google.de
1 www.google.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 px4.ads.linkedin.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com js.hsadspixel.net
1 www.googletagmanager.com js.hsadspixel.net
1 api.hubapi.com js.hsadspixel.net
1 track.hubspot.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 fonts.gstatic.com fonts.googleapis.com
1 announcekit.app cdn.announcekit.app
1 js.hs-scripts.com changelog.kolide.com
1 fonts.googleapis.com changelog.kolide.com
1 changelog.kolide.com
25 21

This site contains links to these domains. Also see Links.

Domain
kolide.com
press.avast.com
k2.kolide.com
Subject Issuer Validity Valid
changelog.kolide.com
R3		 2021-03-22 -
2021-06-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-11 -
2021-07-11		 a year crt.sh
*.announcekit.app
Amazon		 2021-02-20 -
2022-03-21		 a year crt.sh
*.gstatic.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2020-07-27 -
2021-07-27		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2020-07-03 -
2021-07-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-04-15 -
2021-10-15		 6 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
www.google.com
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh
www.google.de
GTS CA 1O1		 2021-03-23 -
2021-06-15		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Frame ID: F203FD3D108B16961DEA0928C5767945
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

25
Requests

100 %
HTTPS

80 %
IPv6

17
Domains

21
Subdomains

19
IPs

2
Countries

340 kB
Transfer

636 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2841698%26time%3D1619182681562%26url%3Dhttps%253A%252F%252Fchangelog.kolide.com%252Frecently-discovered-evil-chrome-extensions-SESRO%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true&e_ipv6=AQLaZr8_KXhgpQAAAXj-zwEmZ6mAc8g0qFTUOw75Kt_p2Pdr-9gBFD8MP9e8ZxjjYBwUUwJq

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request recently-discovered-evil-chrome-extensions-SESRO
changelog.kolide.com/ 		12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.0.99.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-99-66.compute-1.amazonaws.com
Software
/
Resource Hash
b01d0a302104ace6e83d2ad554a909d9401233bda3a9acf28be44f743563028e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

:method
GET
:authority
changelog.kolide.com
:scheme
https
:path
/recently-discovered-evil-chrome-extensions-SESRO
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 23 Apr 2021 12:58:00 GMT
strict-transport-security
max-age=300
vary
Accept-Encoding
css2
fonts.googleapis.com/ 		11 KB
825 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
78c445f4c39333ad20c71e39d214f37409fe340fdcb1a7888c4d7e98a3c1f001
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 23 Apr 2021 12:34:38 GMT
server
ESF
date
Fri, 23 Apr 2021 12:58:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 23 Apr 2021 12:58:00 GMT
8dcba0c9469cc3e957ed.css
cdn.announcekit.app/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.announcekit.app/8dcba0c9469cc3e957ed.css
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20b96fba2b91b41b9193c0f8957140c96174cee603a3ec52f2ad1993d8a06594

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
via
1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
867369
x-cache
Hit from cloudfront
content-encoding
br
cf-request-id
09a06811140000248863bf4000000001
last-modified
Tue, 23 Mar 2021 13:35:40 GMT
server
cloudflare
etag
W/"cabc3c8726b9a6c2654669d57a5b4d2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k1wP36PUXpG4AQN2VfeG4%2FUFvMjO7ANPsiV0jE68t%2BfgEZtHDUPclUX3cvV2MqTTJg6zxy3eYImcX7fb%2FuMLeIxouQPpJlmB1EIStoUWdfOu%2BbqW%2BabRybvvXzbnTbiG"}]}
content-type
text/css
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
cf-ray
644742c8280e2488-FRA
x-amz-cf-id
dZG7LgQaQMushzmyvov9fqhmKuGUrG-G2fYKHazbiVXjsiO1-tKkIA==
bfaf542c11e063cf37f2bbfa6bb971a9
img.announcekit.app/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.announcekit.app/bfaf542c11e063cf37f2bbfa6bb971a9?h=100&fit=max&s=62dcc40731126dd0d4b58df9b3bf9c8e
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8174e9d249ba49070e74dd168246c3731e2e6d06bf3703ca7b31952739fac759
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5998
x-cache
HIT, MISS
x-imgix-id
e6b4185a9891def8dc048511a12df4ef179c90d1
content-length
4636
cf-request-id
09a06811180000248859af0000000001
x-served-by
cache-sjc10064-SJC, cache-fra19161-FRA
last-modified
Thu, 15 Apr 2021 15:40:12 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Np1EpwYMT8MBUoMl2tIcTP8SvD6hklGb2jnmTtX0an4DaY%2Fs%2BknYOc0p%2BE2re7fyPKiLkaupZJm4FZz1wLVf7TqB40%2FCqlEEGZHZCK04iu4BIHa7xlA%2FpRCOZdtroRnZ"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
644742c828192488-FRA
8dcba0c9469cc3e957ed.js
cdn.announcekit.app/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.announcekit.app/8dcba0c9469cc3e957ed.js
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9783975294f25e14a5e208f25eae1d66a42e0e63537afc25085b5fa3fb2d4cc

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
via
1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
691887
x-cache
Hit from cloudfront
content-encoding
br
cf-request-id
09a068112400002488898bb000000001
last-modified
Tue, 23 Mar 2021 13:35:40 GMT
server
cloudflare
etag
W/"a2bb422c8a918425b877dccb37178c33"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rKQsRsJfFuDU028iE0fyCYcgHKLInIM5bXLupYh80dXgMURwpbvrLxP3EXc6Yf8qt9VU1adepmr1zdkMIrLHRCjHJj5LO1rs6tshx5KZlUVy%2FJTzhcrDczF0HGzQsLFH"}]}
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
cf-ray
644742c838332488-FRA
x-amz-cf-id
rgSGLTxrT9NxBqEG1Np02X1A7-Hh7J5Q5Q4mvB4A4BaTdnyIW6oIQg==
9368725.js
js.hs-scripts.com/ 		1 KB
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/9368725.js
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:d5cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4949a66e34266353f9737c84cc495c4c13a0dfc66d4812b692fddac39994c55d

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
x-hubspot-correlation-id
757f0604-3142-48b3-b25e-0f7a7dd1ae28
cf-request-id
09a068113900001f1dd13f6000000001
server
cloudflare
x-trace
2B1585590A270394339FCA16AA15FB326C502C604B000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://changelog.kolide.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
644742c85def1f1d-FRA
expires
Fri, 23 Apr 2021 12:59:00 GMT
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76975ba315befd03dd68246f65598f13854cda92700123dd8a0635fd3baf2b65

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
subscribe-mail.svg
announcekit.app/images/icons/feed/ 		498 B
769 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://announcekit.app/images/icons/feed/subscribe-mail.svg
Requested by
Host: cdn.announcekit.app
URL: https://cdn.announcekit.app/8dcba0c9469cc3e957ed.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.204.186.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-186-125.compute-1.amazonaws.com
Software
/
Resource Hash
7d54daed8798128825cfbbba4611ef64bf0c8cfb3e02a08d90a60c77bbcfa378
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://cdn.announcekit.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 12:58:00 GMT
Vary
Accept-Encoding
Last-Modified
Fri, 23 Apr 2021 10:39:38 GMT
Strict-Transport-Security
max-age=300
Content-Type
image/svg+xml
Cache-Control
max-age=2592000
Connection
keep-alive
Content-Length
498
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v3/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v3/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://changelog.kolide.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 18 Apr 2021 03:28:09 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 Jan 2021 22:48:53 GMT
server
sffe
age
466191
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37056
x-xss-protection
0
expires
Mon, 18 Apr 2022 03:28:09 GMT
0b2c93b210864391e3c6689553321316
img.announcekit.app/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.announcekit.app/0b2c93b210864391e3c6689553321316?w=48&fm=png&s=a79c5a42b2de4d4db0c670183c672e29
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fab253ac7660626c247180397ba32469879df690cb85d4fe231157150596f6a1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
5029
x-cache
HIT, HIT
x-imgix-id
4d7d26d7f9802a18318d7b523e064d85f8ad8b91
content-length
4861
cf-request-id
09a068116f000024883bb8b000000001
x-served-by
cache-sjc10021-SJC, cache-fra19134-FRA
last-modified
Thu, 15 Apr 2021 16:41:41 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BrEbTg1%2FEGEmKJrU45GWhHU17owaaD0FPUmaVtHb4YyrJf7Ob%2F1TAQrBLors0aRQtETdOUnFy%2FsQDP6uTuxu%2B97xO0vsb34gFAKtEY3AebpYQO7sR%2FzOtghHBWKlK0t7"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
644742c8b8e22488-FRA
237022a1caa64759b84c.js
cdn.announcekit.app/ 		133 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.announcekit.app/237022a1caa64759b84c.js
Requested by
Host: cdn.announcekit.app
URL: https://cdn.announcekit.app/8dcba0c9469cc3e957ed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aff1bc8c9ad4eb642d6bf1c621310a460d74f12456e666f7b24236e9fa530438

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
via
1.1 110641d379117242a91443ac729d6def.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
949820
x-cache
Hit from cloudfront
content-encoding
br
cf-request-id
09a06811830000248859af7000000001
last-modified
Fri, 26 Feb 2021 08:38:08 GMT
server
cloudflare
etag
W/"bf6989127417a2845ad45392f6b90b29"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SefkAsqbSwaW2M8O2YMe7JnLBz%2FPhZzJjhnH5G5OuK2n7G83iKU7qxTmyouIXWekwPvOWQTo3xHTerElmp2JHU3LyMoPq%2B%2FXUcAO2Np1inTenZRO05ego4Iqrx3runpl"}]}
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA53-C1
cf-ray
644742c8d92e2488-FRA
x-amz-cf-id
jrIJ6SDzKnq1DY8nJowDBmM7kd6VooSiGGHd33J8kWrc1CduvCqyIg==
81fcae6e0232203a415f.js
cdn.announcekit.app/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.announcekit.app/81fcae6e0232203a415f.js
Requested by
Host: cdn.announcekit.app
URL: https://cdn.announcekit.app/8dcba0c9469cc3e957ed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80b02500da7f59bc1a2be43dd87405e52175c47575f7448d0dd200bc0ce241d4

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
via
1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
85942
x-cache
Hit from cloudfront
content-encoding
br
cf-request-id
09a06811830000248897b86000000001
last-modified
Thu, 11 Mar 2021 12:18:29 GMT
server
cloudflare
etag
W/"8c19778d4b5b60fdd2cd04c2e52c80b6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8RP69LxYnvTQlqukez49WEFd3bLcj2To2d1JqSnMlWdK25GPQcK%2BIyLrEWurnMumKEtDrFD3BFdm5VmNjcQI6UEblBgSZ9gGwzyOhm0MLn4WLkQrimGPvnOjfWWo%2FkGr"}]}
content-type
application/javascript
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA2-C2
cf-ray
644742c8d9332488-FRA
x-amz-cf-id
O1RztG8CuF7qh_my_XHttgx_Pa6iAtwntrvgwKH8R5oODg5j7oVNew==
8b8272479b5ab745fe2033a1cc8e029f
img.announcekit.app/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.announcekit.app/8b8272479b5ab745fe2033a1cc8e029f?q=1&fm=png&fit=max&w=50&blur=20&s=89f7a21c4f54026ecaa9643ea506bb61
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a5e4a89e27c90cf481c7228f616bbb907d6df95b0bb49e568cccb4d4ce5806
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-cache
MISS, HIT, HIT
x-imgix-id
3e3137d80e0e32fc1807d86dd8f09f6d4ef8457b
fastly-restarts
1
cf-request-id
09a068118500002488760c8000000001
x-served-by
cache-sjc10055-SJC, cache-sjc10053-SJC, cache-fra19162-FRA
accept-ranges
bytes
last-modified
Thu, 04 Mar 2021 18:46:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FDXpV%2BvDNkvtLRNsDqfrRhk27v6AUQwWjGjO80c%2FkucLg6dEq5bv%2BSmXpOlYvf9DSN3RDVujzg5uSqmJwoCIDnQ7PZ%2B3Atzhwzm%2BEdlMjr%2FiR4xMU%2BRz07GiCY8IH6Da"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
content-length
3295
cf-ray
644742c8d93c2488-FRA
8b8272479b5ab745fe2033a1cc8e029f
img.announcekit.app/ 		137 KB
138 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.announcekit.app/8b8272479b5ab745fe2033a1cc8e029f?w=564&s=9f7fa1ab41fab028838f36f2bcf6e273
Requested by
Host: changelog.kolide.com
URL: https://changelog.kolide.com/recently-discovered-evil-chrome-extensions-SESRO
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:74a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f58f60bfa94fe862324f1066b57fb574767b7ff27fe171e8d2b2909742a3248
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
x-cache
HIT, HIT
x-imgix-id
afd38d9afcfcb8361eaea19083260dd69478b403
content-length
140542
cf-request-id
09a06811d000002488a03d1000000001
x-served-by
cache-sjc10065-SJC, cache-fra19124-FRA
last-modified
Mon, 19 Apr 2021 15:30:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=puYtmLWryT4KKGo0j5zQIuXFLcTC%2F0%2BKetxkib1YWSj0qZQIvQ6KNZn3nFZUXE8c%2FEiO7YfKOGtOQ9b42I96lDc9Br%2B8BXVNK3M8levP2uS%2BrOJrPtFqdXegGkhfEKuM"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
644742c949e02488-FRA
9368725.js
js.hs-analytics.net/analytics/1619182500000/ 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1619182500000/9368725.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9368725.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
877f4cd4a6196cb02ddcb6fe67a08e0d21091495b589edda1710700a77071636

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
6VVDC03A84TP1THT
x-amz-server-side-encryption
AES256
cf-ray
644742cb68390746-FRA
x-amz-id-2
vTwsObtLe5NhM9Sok2YWjiny9/UklIx/mYITr0QuK2fhovf1ACLP3KRWLoyc9bxZfOm5mqnqXQI=
last-modified
Mon, 19 Apr 2021 18:31:15 GMT
server
cloudflare
etag
W/"1b93a3eff7aeae0cf1dc01c7bf70e560"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-request-id
09a06813230000074620a13000000001
content-type
text/javascript
expires
Fri, 23 Apr 2021 13:03:01 GMT
fb.js
js.hsadspixel.net/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9368725.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55033067922e578a3596f435a6d034c98149e115be96b30e8687111f2f9faf8f

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:00 GMT
via
1.1 c889e9448c63bb4bf9dd41fcb2250e09.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
219
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.234/bundles/pixels-release.js&cfRay=64473d6e1b00074a-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
cf-request-id
09a06813280000535dfd98f000000001
last-modified
Tue, 20 Apr 2021 03:04:27 UTC
server
cloudflare
etag
W/"3fab7bdc08bb0f5cc00ffcfceb1bc85d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
dCYp57xNEAiwDhGzW5hxYrSWtjx3TTjo
cache-control
max-age=600
x-hs-cache-status
EXPIRED
x-amz-cf-pop
IAD89-C3
cf-ray
644742cb7848535d-FRA
x-amz-cf-id
kKbGxwEUiIPBiBN7aIf0_kiQGt2hwmILQWMK8X2aCtUsJ24mlfInPw==
9368725.js
js.hs-banner.com/ 		60 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/9368725.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/9368725.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6af72ba24a007646c5e1dbca81312852b5d953e625e0a76313dff48df8810d09

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
K2WJEGM9F5XSWA43
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
+AEVHjaKiLG722Gy5e7YdQVlfEIEqtky4XvJd+ylzXBYAnqpfzT93md0x9LX2PPwQkUCiogerMM=
timing-allow-origin
*
last-modified
Mon, 19 Apr 2021 18:31:17 GMT
server
cloudflare
etag
W/"d2d9bb9ac5b435422a6922c6be1b074d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
0PWZdKKdmDGP2JWMQEdM5jHr.y9hQjFr
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-request-id
09a068132600004e13d5259000000001
cf-ray
644742cb6a3b4e13-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 23 Apr 2021 13:03:01 GMT
__ptq.gif
track.hubspot.com/ 		45 B
854 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2736934676&v=1.1&a=9368725&rcu=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&pu=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&t=Recently+Discovered+Evil+Chrome+Extensions+-+Kolide+Changelog&cts=1619182681331&vi=40847134241687591f7a8801a144254f&nc=true&ce=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
644742ce6f5e4e56-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
cf-request-id
09a068150400004e5631349000000001
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uXn42IgiDh2dpJkU27jiCHyueRuX8KtVdvoSNtzsBtdkU4%2FGMtEBZAqW7KLFh326%2BjSuvIl7S%2By%2FFpBB82uk%2FQvakxX3XHwQZfKGkTA7qFZDTtbBV2qQqCYDtTTvrA%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ 		132 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=9368725
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cccc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e89b0195221eff1673025ab3f8d31a3f4f0b901de8f3f043058f9b042f8324
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
x-hubspot-correlation-id
faf14f36-ffe6-4ea8-87e1-6e41cb02a325
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09a068150a0000c2ae9da67000000001
server
cloudflare
x-trace
2B9A68D6A17B20CF2069A044035A2A67B06930639E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=plozzTiMeOyIN7iGgdnEc9S98Ta8VZBTswWsafcxzrksKiqA%2BU4L1%2BL50HR7uZZfWnUuD4SFYpB%2B9XyvpGzZARRhmJtKLS6KxFkelhV0dACznrzZTbd7Msv65g%3D%3D"}],"max_age":604800,"group":"cf-nel"}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://changelog.kolide.com
access-control-allow-credentials
false
cf-ray
644742ce7edfc2ae-FRA
access-control-allow-headers
*
js
www.googletagmanager.com/gtag/ 		84 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-796789008
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3e830ec78798b0eab2f980a191895e826d43675569d00bef67dc158ccfac86ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34125
x-xss-protection
0
last-modified
Fri, 23 Apr 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Apr 2021 12:58:01 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:18d::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 23 Apr 2021 12:58:01 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jan 2021 22:14:03 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=24906
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1855
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2841698%26time%3D1619182681562%26url%3Dhttps%253A%252F%252Fchangelog.kolide.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true&e_ipv6=AQLaZr8_K...
0
156 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true&e_ipv6=AQLaZr8_KXhgpQAAAXj-zwEmZ6mAc8g0qFTUOw75Kt_p2Pdr-9gBFD8MP9e8ZxjjYBwUUwJq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.10.14 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-10-14.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:02 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
x-li-proto
http/2
x-li-pop
prod-lva1
content-type
application/javascript
content-length
0
x-li-uuid
uS3gNhJ+eBZgDq7Y7yoAAA==

Redirect headers

date
Fri, 23 Apr 2021 12:58:02 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2841698&time=1619182681562&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&liSync=true&e_ipv6=AQLaZr8_KXhgpQAAAXj-zwEmZ6mAc8g0qFTUOw75Kt_p2Pdr-9gBFD8MP9e8ZxjjYBwUUwJq
x-li-proto
http/2
x-li-pop
prod-esv5
content-length
0
x-li-uuid
X+D4IRJ+eBaQKKJcqCsAAA==
conversion_async.js
www.googleadservices.com/pagead/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-796789008
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f2.1e100.net
Software
cafe /
Resource Hash
3c3873b4b3cc35b18323781fa7884992e5e476fba8da153bb63d55adc572a583
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13898
x-xss-protection
0
server
cafe
etag
2024374664263027787
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 23 Apr 2021 12:58:01 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/796789008/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/796789008/?random=1619182681715&cv=9&fst=1619182681715&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4e1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&tiba=Recently%20Discovered%20Evil%20Chrome%20Extensions%20-%20Kolide%20Changelog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
960fb8e495ddb5ca71ae534a432ad17f6e30ff3c6b0f93cbacb92273ee57d7ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 12:58:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1093
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/796789008/ 		42 B
340 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/796789008/?random=1619182681715&cv=9&fst=1619179200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4e1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&tiba=Recently%20Discovered%20Evil%20Chrome%20Extensions%20-%20Kolide%20Changelog&async=1&fmt=3&is_vtc=1&random=2860393738&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 12:58:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/796789008/ 		42 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/796789008/?random=1619182681715&cv=9&fst=1619179200000&num=1&bg=ffffff&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4e1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fchangelog.kolide.com%2Frecently-discovered-evil-chrome-extensions-SESRO&tiba=Recently%20Discovered%20Evil%20Chrome%20Extensions%20-%20Kolide%20Changelog&async=1&fmt=3&is_vtc=1&random=2860393738&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://changelog.kolide.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Apr 2021 12:58:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| ankit object| webpackChunkannouncekit object| _hsp boolean| PIXELS_RAN object| _hsq object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_loaded boolean| _hstc_ran string| __hsUserToken number| expireDateTime boolean| _hspb_ran object| dataLayer object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk object| google_tag_manager object| google_tag_data function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

4 Cookies

Domain/Path Name / Value
.kolide.com/ Name: __hssc
Value: 189982324.1.1619182681329
.kolide.com/ Name: __hssrc
Value: 1
.kolide.com/ Name: hubspotutk
Value: 40847134241687591f7a8801a144254f
.kolide.com/ Name: __hstc
Value: 189982324.40847134241687591f7a8801a144254f.1619182681329.1619182681329.1619182681329.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

announcekit.app
api.hubapi.com
cdn.announcekit.app
changelog.kolide.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
img.announcekit.app
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
track.hubspot.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
108.174.10.14
142.250.185.130
2606:4700:20::681a:74a
2606:4700::6811:43b0
2606:4700::6811:70b0
2606:4700::6811:cccc
2606:4700::6811:d5cc
2606:4700::6812:15bf
2606:4700::6813:9b53
2620:119:50e1:101::6cae:b25
2620:1ec:21::14
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:812::200a
2a00:1450:4001:827::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2004
2a02:26f0:7100:18d::25ea
52.0.99.66
52.204.186.125
20b96fba2b91b41b9193c0f8957140c96174cee603a3ec52f2ad1993d8a06594
3c3873b4b3cc35b18323781fa7884992e5e476fba8da153bb63d55adc572a583
3e830ec78798b0eab2f980a191895e826d43675569d00bef67dc158ccfac86ef
4949a66e34266353f9737c84cc495c4c13a0dfc66d4812b692fddac39994c55d
55033067922e578a3596f435a6d034c98149e115be96b30e8687111f2f9faf8f
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
6af72ba24a007646c5e1dbca81312852b5d953e625e0a76313dff48df8810d09
76975ba315befd03dd68246f65598f13854cda92700123dd8a0635fd3baf2b65
78c445f4c39333ad20c71e39d214f37409fe340fdcb1a7888c4d7e98a3c1f001
7d54daed8798128825cfbbba4611ef64bf0c8cfb3e02a08d90a60c77bbcfa378
7f58f60bfa94fe862324f1066b57fb574767b7ff27fe171e8d2b2909742a3248
80b02500da7f59bc1a2be43dd87405e52175c47575f7448d0dd200bc0ce241d4
8174e9d249ba49070e74dd168246c3731e2e6d06bf3703ca7b31952739fac759
877f4cd4a6196cb02ddcb6fe67a08e0d21091495b589edda1710700a77071636
91e89b0195221eff1673025ab3f8d31a3f4f0b901de8f3f043058f9b042f8324
960fb8e495ddb5ca71ae534a432ad17f6e30ff3c6b0f93cbacb92273ee57d7ae
aff1bc8c9ad4eb642d6bf1c621310a460d74f12456e666f7b24236e9fa530438
b01d0a302104ace6e83d2ad554a909d9401233bda3a9acf28be44f743563028e
d4a5e4a89e27c90cf481c7228f616bbb907d6df95b0bb49e568cccb4d4ce5806
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9783975294f25e14a5e208f25eae1d66a42e0e63537afc25085b5fa3fb2d4cc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac
fab253ac7660626c247180397ba32469879df690cb85d4fe231157150596f6a1