gridinsoft.com Open in urlscan Pro
172.67.74.78 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://gridinsoft.com/blogs/pua-win32-presenoker-adware/
Submission: On November 07 via manual (November 7th 2024, 5:00:40 am UTC) from GB — Scanned from GB

Summary HTTP 72 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 72 HTTP transactions. The main IP is 172.67.74.78, located in United States and belongs to CLOUDFLARENET, US. The main domain is gridinsoft.com.
TLS certificate: Issued by WE1 on October 23rd 2024. Valid for: 3 months.

This is the only time gridinsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
48	172.67.74.78 172.67.74.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.142.245 172.67.142.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	104.16.140.209 104.16.140.209	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.109.254 104.16.109.254	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.175.201 104.17.175.201	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.147.16 172.64.147.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.184.232 142.250.184.232	15169 (GOOGLE) (GOOGLE)
1	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.68 142.250.185.68	15169 (GOOGLE) (GOOGLE)
2	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	216.58.206.66 216.58.206.66	15169 (GOOGLE) (GOOGLE)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
2	142.250.186.67 142.250.186.67	15169 (GOOGLE) (GOOGLE)
1	104.16.117.116 104.16.117.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
72	16

48 172.67.74.78 (United States)

ASN13335 (CLOUDFLARENET, US)

gridinsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.142.245 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.140.209 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.109.254 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.175.201 (None, )

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.147.16 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.67 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f3.1e100.net

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	gridinsoft.com gridinsoft.com	1 MB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 td.doubleclick.net — Cisco Umbrella Rank: 192	5 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3	128 B
2	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 5087	128 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	134 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4567 forms.hscollectedforms.net — Cisco Umbrella Rank: 4719	25 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2500 js-na1.hs-scripts.com — Cisco Umbrella Rank: 6488	2 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1222	19 KB
1	hubspot.com track.hubspot.com — Cisco Umbrella Rank: 2324	1 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4621	882 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2302	28 KB
72	14

	Domain	Requested by
48	gridinsoft.com	gridinsoft.com
3	www.google.com	www.googletagmanager.com gridinsoft.com
2	www.google.co.uk	gridinsoft.com
2	td.doubleclick.net	www.googletagmanager.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.googletagmanager.com	gridinsoft.com www.googletagmanager.com
2	use.fontawesome.com	gridinsoft.com
1	track.hubspot.com
1	js-na1.hs-scripts.com	js.hs-analytics.net
1	region1.google-analytics.com	www.googletagmanager.com
1	forms.hsforms.com	gridinsoft.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hscollectedforms.net	js.hs-scripts.com
1	js.hs-scripts.com	gridinsoft.com
1	secure.gravatar.com	gridinsoft.com
72	17

This site contains links to these domains. Also see Links.

Domain
cookiedatabase.org
www.facebook.com
twitter.com
x.com
www.youtube.com
www.instagram.com
learn.microsoft.com
en.wikipedia.org
www.linkedin.com
facebook.com
instagram.com

Subject Issuer	Validity	Valid
gridinsoft.com WE1	`2024-10-23` - `2025-01-21`	3 months	crt.sh
use.fontawesome.com WE1	`2024-09-09` - `2024-12-09`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
hscollectedforms.net WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.co.uk WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://gridinsoft.com/blogs/pua-win32-presenoker-adware/
Frame ID: 7AD141A06E8685F9AD43970FD76BF9F2
Requests: 68 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/940364021?random=1730955635016&cv=11&fst=1730955635016&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4au0v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Fpua-win32-presenoker-adware%2F&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20PUA%3AWin32%2FPresenoker%3A%20An%20Easy%20Guide%20on%20Removal&npa=0&pscdl=noapi&auid=93315222.1730955635&fledge=1&data=event%3Dgtag.config
Frame ID: 337AA432CF4AD06AA97EECF73172B44C
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/481455245?random=1730955635393&cv=11&fst=1730955635393&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45je4au0v875497828za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629&u_w=1600&u_h=1200&url=https%3A%2F%2Fgridinsoft.com%2Fblogs%2Fpua-win32-presenoker-adware%2F&hn=www.googleadservices.com&frm=0&tiba=Unmasking%20PUA%3AWin32%2FPresenoker%3A%20An%20Easy%20Guide%20on%20Removal&npa=0&pscdl=noapi&auid=93315222.1730955635&fledge=1&data=event%3Dgtag.config
Frame ID: B807CAC9FF5B949FFA516B8BEE4E2CC6
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fgridinsoft.com
Frame ID: AADE90F930F8B9D5CD54EC18137CF229
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unmasking PUA:Win32/Presenoker: An Easy Guide on Removal