www.welivesecurity.com
Open in
urlscan Pro
2a02:26f0:480:f::213:7ec8
Public Scan
Effective URL: https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
Submission: On July 26 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 19th 2024. Valid for: a year.
This is the only time www.welivesecurity.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 2a02:26f0:480... 2a02:26f0:480:f::213:7ec8 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
27 | 2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c | 15133 (EDGECAST) (EDGECAST) | |
3 | 199.232.196.134 199.232.196.134 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2620:1ec:bdf::45 2620:1ec:bdf::45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 151.101.192.134 151.101.192.134 | 54113 (FASTLY) (FASTLY) | |
2 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
57 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
www.welivesecurity.com |
ASN15133 (EDGECAST, US)
web-assets.esetstatic.com |
ASN54113 (FASTLY, US)
welivesecurity.disqus.com | |
referrer.disqus.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
esetstatic.com
web-assets.esetstatic.com cdn.esetstatic.com |
1 MB |
18 |
welivesecurity.com
www.welivesecurity.com — Cisco Umbrella Rank: 380578 |
1 MB |
4 |
disqus.com
welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 1722 referrer.disqus.com — Cisco Umbrella Rank: 7356 |
27 KB |
2 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3123 |
|
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112 |
205 KB |
0 |
go-mpulse.net
Failed
s.go-mpulse.net Failed |
|
57 | 6 |
Domain | Requested by | |
---|---|---|
27 | web-assets.esetstatic.com |
www.welivesecurity.com
|
18 | www.welivesecurity.com |
www.welivesecurity.com
|
2 | region1.google-analytics.com |
www.googletagmanager.com
|
2 | referrer.disqus.com | |
2 | cdn.esetstatic.com |
www.googletagmanager.com
|
2 | www.googletagmanager.com |
www.welivesecurity.com
www.googletagmanager.com |
1 | disqus.com |
welivesecurity.disqus.com
|
1 | welivesecurity.disqus.com |
www.welivesecurity.com
|
0 | s.go-mpulse.net Failed |
www.welivesecurity.com
|
57 | 9 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.welivesecurity.com Thawte TLS RSA CA G1 |
2024-01-19 - 2025-01-18 |
a year | crt.sh |
web-assets.esetstatic.com Thawte TLS RSA CA G1 |
2024-05-22 - 2025-05-21 |
a year | crt.sh |
*.disqus.com Sectigo RSA Domain Validation Secure Server CA |
2024-04-16 - 2025-04-16 |
a year | crt.sh |
*.google-analytics.com WR2 |
2024-07-01 - 2024-09-23 |
3 months | crt.sh |
cdn.esetstatic.com Thawte TLS RSA CA G1 |
2023-11-06 - 2024-11-05 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
Frame ID: 5FD6C2941C628692721B6AE86C8D1272
Requests: 56 HTTP requests in this frame
Frame:
https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Frame ID: 07500CF21CD8BB90C90F81CA73D7630E
Requests: 1 HTTP requests in this frame
Frame:
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=HotPage%3A%20Story%20of%20a%20signed%2C%20vulnerable%2C%20ad-injecting%20driver&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fhotpage-story-signed-vulnerable-ad-injecting-driver%2F&t_e=30590&t_d=HotPage%3A%20Story%20of%20a%20signed%2C%20vulnerable%2C%20ad-injecting%20driver&t_t=30590&s_o=default&l=en
Frame ID: CAC91F723AB962828BCD894D530A7D12
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: E3F86470C359D4EC24C20A7CC633BBC2
Requests: 3 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 8E3BD195D5248CFDCA33E6BB509955AF
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
HotPage: Story of a signed, vulnerable, ad-injecting driverPage URL History Show full URLs
-
http://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
HTTP 307
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Page Statistics
60 Outgoing links
These are links going to different origins than the main page.
Title: Mandiant Intelligence
Search URL Search Domain Scan URL
Title: SentinelLabs
Search URL Search Domain Scan URL
Title: G DATA
Search URL Search Domain Scan URL
Title: Microsoft’s driver code-signing requirements
Search URL Search Domain Scan URL
Title: SpcSpOpusInfo
Search URL Search Domain Scan URL
Title: LIEF binary parser
Search URL Search Domain Scan URL
Title: Windows Server Catalog
Search URL Search Domain Scan URL
Title: netfilter
Search URL Search Domain Scan URL
Title: dingtalk
Search URL Search Domain Scan URL
Title: web crawler
Search URL Search Domain Scan URL
Title: Hypervisor Discovery
Search URL Search Domain Scan URL
Title: BCryptGenerateSymmetricKey
Search URL Search Domain Scan URL
Title: Blackbone
Search URL Search Domain Scan URL
Title: process creation
Search URL Search Domain Scan URL
Title: image loading
Search URL Search Domain Scan URL
Title: IRP_MJ_DEVICE_CONTROL
Search URL Search Domain Scan URL
Title: KeStackAttachProcess
Search URL Search Domain Scan URL
Title: ZwCreateThreadEx
Search URL Search Domain Scan URL
Title: CreateProcessW
Search URL Search Domain Scan URL
Title: APC routine
Search URL Search Domain Scan URL
Title: IoQueueWorkItemEx
Search URL Search Domain Scan URL
Title: Microsoft Detours hooking library
Search URL Search Domain Scan URL
Title: SetProcessMitigationPolicy
Search URL Search Domain Scan URL
Title: getaddrinfo
Search URL Search Domain Scan URL
Title: SSL_read
Search URL Search Domain Scan URL
Title: SSL_write
Search URL Search Domain Scan URL
Title: DoPayloadWrite
Search URL Search Domain Scan URL
Title: NtDeviceIoControlFile
Search URL Search Domain Scan URL
Title: HTTP code 302
Search URL Search Domain Scan URL
Title: iframe
Search URL Search Domain Scan URL
Title: replace
Search URL Search Domain Scan URL
Title: ACLs
Search URL Search Domain Scan URL
Title: protected processes
Search URL Search Domain Scan URL
Title: ESET Threat Intelligence
Search URL Search Domain Scan URL
Title: GitHub repository
Search URL Search Domain Scan URL
Title: version 15
Search URL Search Domain Scan URL
Title: T1588.003
Search URL Search Domain Scan URL
Title: T1204.002
Search URL Search Domain Scan URL
Title: T1569.002
Search URL Search Domain Scan URL
Title: T1574.013
Search URL Search Domain Scan URL
Title: T1055.004
Search URL Search Domain Scan URL
Title: T1553.002
Search URL Search Domain Scan URL
Title: T1140
Search URL Search Domain Scan URL
Title: T1055.001
Search URL Search Domain Scan URL
Title: T1027.009
Search URL Search Domain Scan URL
Title: T1070.004
Search URL Search Domain Scan URL
Title: T1027.002
Search URL Search Domain Scan URL
Title: T1033
Search URL Search Domain Scan URL
Title: T1185
Search URL Search Domain Scan URL
Title: T1071.001
Search URL Search Domain Scan URL
Title: T1573.001
Search URL Search Domain Scan URL
Title: T1565.002
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: ESET
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/
HTTP 307
https://www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
57 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.welivesecurity.com/en/eset-research/hotpage-story-signed-vulnerable-ad-injecting-driver/ Redirect Chain
|
143 KB 40 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-BookLF-405f3258.woff
www.welivesecurity.com/build/assets/ |
163 KB 167 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-BoldLF-31f4bc72.woff
www.welivesecurity.com/build/assets/ |
162 KB 166 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-DemiLF-8885b886.woff
www.welivesecurity.com/build/assets/ |
164 KB 168 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotpage-ad-injecting-driver.jpeg
web-assets.esetstatic.com/tn/-x425/wls/2024/7-2024/hotpage/ |
96 KB 96 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
article-header-995fa639.js
www.welivesecurity.com/build/assets/ |
442 B 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-6317871c.css
www.welivesecurity.com/build/assets/ |
298 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
romain-dumont.jpeg
web-assets.esetstatic.com/tn/-x45/wls/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotpage-ad-injecting-driver.jpeg
web-assets.esetstatic.com/tn/-x700/wls/2024/7-2024/hotpage/ |
250 KB 250 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-1-owner-of-hotpage-driver-s-digital-signature.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-2-hotpage-driver-s-certificate-extended-verification-and-code-signing-attributes.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
29 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-3-hotpage-driver-s-certificate-spcspopusinfo-attribute.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-4-extraction-of-the-company-name-from-the-hotpage-driver-s-certificate.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-5-the-chinese-company-s-certified-products-listed-in-the-windows-server-catalog.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
60 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-6-translated-executive-and-shareholder-information-about-the-company.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-7-screenshot-of-the-dwadsafe-com-webpage-made-by-zhizhuyinqing-com.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-8-mention-of-dwadsafe-com-in-a-forum-dedicated-to-internet-cafe-maintenance.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-9-overview-of-the-installer-s-workflow.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-10-newtalbe-configuration.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
58 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-11-simplified-driver-logic.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
77 KB 77 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-12-the-hotpage-configuration.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
42 KB 43 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-13-legitimate-main-page-of-the-web-directory-2345-com.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
76 KB 76 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-14-ad-riddled-page-mimicking-the-homepage-of-2345-com.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
57 KB 57 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-15-function-that-finds-the-command-line-buffer-left-and-disassembly-of-the-getcommandlinea.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-16-patterns-used-to-find-the-dopayloadwrite-function.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-17-finding-the-pointer-to-the-ssl-write-function.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-18-hook-routine-for-ntdeviceiocontrolfile-api-function.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-19-redirection-method-0.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
103 KB 103 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure-20-log-file-of-our-injected-library.png
web-assets.esetstatic.com/wls/2024/7-2024/hotpage/ |
113 KB 113 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
welivesecurity-eset-threat-intelligence.jpeg
web-assets.esetstatic.com/wls/2023/2023-12/ |
72 KB 72 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signed-kernel-drivers-windows-vulnerabilities-1.jpg
web-assets.esetstatic.com/tn/-x82/wls/2022/01/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DLink_Malware-1.jpg
web-assets.esetstatic.com/tn/-x82/wls/2018/06/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Untitled-design-2-1.jpg
web-assets.esetstatic.com/tn/-x82/wls/2019/06/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apt-activity-report-4523d00f.webp
www.welivesecurity.com/build/assets/ |
42 KB 46 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-7a4ecde0.js
www.welivesecurity.com/build/assets/ |
80 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search-7d9f58b7.js
www.welivesecurity.com/build/assets/ |
276 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_commonjsHelpers-042e6b4d.js
www.welivesecurity.com/build/assets/ |
725 B 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prism-40494b65.css
www.welivesecurity.com/build/assets/ |
2 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prism-40d1b0a4.js
www.welivesecurity.com/build/assets/ |
66 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
article-e3625c4c.css
www.welivesecurity.com/build/assets/ |
23 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
article-fd027339.js
www.welivesecurity.com/build/assets/ |
140 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ Frame 0750 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
embed.js
welivesecurity.disqus.com/ |
80 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
362 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
671 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-MediumLF-261e3ac5.woff
www.welivesecurity.com/build/assets/ |
166 KB 170 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-BookItalicLF-4cad214a.woff
www.welivesecurity.com/build/assets/ |
162 KB 166 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FedraSansAltPro-LightLF-ec800a5b.woff
www.welivesecurity.com/build/assets/ |
159 KB 163 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
259 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.min.css
cdn.esetstatic.com/cookie-consent/v3/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.min.js
cdn.esetstatic.com/cookie-consent/v3/ |
381 KB 140 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.welivesecurity.com/ |
1 KB 5 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
disqus.com/embed/comments/ Frame CAC9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.gif
referrer.disqus.com/juggler/ |
43 B 339 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event.gif
referrer.disqus.com/juggler/ |
43 B 339 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E3F8 |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E3F8 |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E3F8 |
155 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8E3B |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8E3B |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 8E3B |
155 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s.go-mpulse.net
- URL
- https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
- Domain
- s.go-mpulse.net
- URL
- https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Verdicts & Comments Add Verdict or Comment
28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| $current_language object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart function| disqus_config object| dataLayer number| uidEvent object| __VUE_INSTANCE_SETTERS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__ object| Prism object| DISQUS object| google_tag_manager object| google_tag_data number| BOOMR_onload function| onYouTubeIframeAPIReady string| myDomain object| links object| gaGlobal object| regeneratorRuntime object| $cookiebar3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.welivesecurity.com/ | Name: AKA_A2 Value: A |
|
.welivesecurity.com/ | Name: _ga Value: GA1.1.1658881874.1721970908 |
|
.welivesecurity.com/ | Name: _ga_FBY6B30C4M Value: GS1.1.1721970907.1.0.1721970907.0.0.0 |
13 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'self'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'self'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default; |
Strict-Transport-Security | max-age=15724800 |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.esetstatic.com
disqus.com
referrer.disqus.com
region1.google-analytics.com
s.go-mpulse.net
web-assets.esetstatic.com
welivesecurity.disqus.com
www.googletagmanager.com
www.welivesecurity.com
s.go-mpulse.net
151.101.192.134
199.232.196.134
2001:4860:4802:32::36
2606:2800:233:1cb7:261b:1f9c:2074:3c
2620:1ec:bdf::45
2a00:1450:4001:806::2008
2a02:26f0:480:f::213:7ec8
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
06d4793872942785be4a2c1f4f3336f89e092d61a5380dfc991b115545e2a881
0a54497ae129172c0ac2901fc95a2955685eb767a18cc4c404603ec6f3a66b65
0d4428d1d74f11d19b39ca987c36e48dc25fe1b6db8a328668eb81c781d253d4
104efd46c7dc18e0bce68c2e6aa55b8e6a3539ecaf64647565e815aaee9125c6
13d1a190e6a23400b5547645f6f047e82b37c0edbadc1bc65616e3bbe245c4e8
19fbbe2771762dcf412927b7a21c485e3be50a4c3e8f08e1777b31a85681ad5f
261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037
2afa4bb064d0739c9a7a9fb4e3097772cc6851f2d76011e27c084a76a6195fb6
31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7
341d64cf56a121004afcb27357c736f58d8abb549e1ea1a9952319e12396ed88
40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34
405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166
4523d00f830e0b1ed61aae703522b8ec315f4e5b00357656875c9148c20d988c
4c1f0baf28c8b5ba812dde1b3d3c3569550c1be95d253ec0bdc309cc65066da4
4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e
4d1df5ca3cf533ceb1c49841384da1e26149e66afcdf851686fdeed71553ebd6
4e1a1c905aa7bfa1fb95f46dbd43aa8999dba449e63566a9aed2e94c07e539d6
52a86849e7e3e7691af809d2c105815b157c49d151e4f1cf4b92a5e7a97e7240
606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5
6317871c5ca7b272b4fd676ec207449ca4e75847b4af2c95f4682e15fde4af95
6373412ff05fdabada6b5a14b11909fe70f15119c285d248432e2fff061db61c
644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d
6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37
690467af6b93cbab28e7c0bdc9de5e656ea93f8e2e81d4962a7154757626f1b6
7583504bff4b63512acd5e13c8e60b4bc9955ce1859ff183cfa6f0b6c9b809c8
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
81b0b9aa30ff74d6e8eb03dc1ac3399d5374e3bf6d0cea7dae97de1d607d5bf3
8239918c48f90074fed5191d03091dd697a9eab18d2af8f2d7f188c1b8823ec8
87a1d4805e0817f0fbc5e31d734733e3d54cb3fce5c49efce0bb0602215b228c
8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b
8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96
956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4
98ac4777472493ddbd66eac73dce3b98604854c71a85acef30bd694653e8871e
99ed04b99018e7ea4c5c0637dedba28d941b37c8c3237f104f59629dca866188
a297b088ceacb9f017f649398e1b2e7207263e9b568f7e2b2b7885e70a1988ef
a58697d3b48910904c527c8ce1368c3c36998480c33de36143d46394a5055ff0
a6a59d9a1a12c4ee271462b1560b268ad77e6723418d67aa80167b15777d68e4
a7def1fa0223f6d52a8d16be0dfde290883e9e2aa7911d0bfd46141eae8beabe
ab1e24e43c19d5052f3c5c313d77c8e16fc25e30fa835ed02323da51323f9b1b
b1b30f675551e709f6d1caed8d1b1c897d619b3ca5577a2230714102df8f6820
ba5b7534881bcdd8afe257687f0232466b1fb2bc51d69b09eb899b451cb4e63b
c6ebb42e216e9d29ccd465dd04ca1bd5e99ce616a112c5768680fbdbb57cc4c2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d910ee8ab8f906544584f00c2e8abc76bfea117284beb58429a8dc26e32669dd
daa0e040618ce7765400a255051eb18ae5939ef6ddd220ed8474263c26f48b07
db0ea8a5916a2b339361932737617aea6835f1b97c1a31b475fb8078d461e1ce
e1dff8ed16093991fa6c2b2bb97094a50e8ab172eda52cf1a1bfd250f6f27ba7
e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd
ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd
ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865
f01620d3843095a3b4437dfb1763ea8e2c4274419dbd28e4a4209294a60fe49f
fabaa12dfb54da8d087b5ccbea050c2b292ee616bc844e0406bb318e0d98b94b