risky.biz
Open in
urlscan Pro
104.236.162.111
Public Scan
Effective URL: https://risky.biz/whatiswinnti/
Submission: On November 02 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 30th 2021. Valid for: a year.
This is the only time risky.biz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.197 104.244.42.197 | 13414 (TWITTER) (TWITTER) | |
11 | 104.236.162.111 104.236.162.111 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
2 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
25 | 10 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
risky.biz
risky.biz |
1 MB |
6 |
gstatic.com
fonts.gstatic.com |
109 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118 ajax.googleapis.com — Cisco Umbrella Rank: 447 |
35 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1165 |
31 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2041 |
334 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 361 |
2 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 121 |
65 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 507 |
551 B |
25 | 8 |
Domain | Requested by | |
---|---|---|
11 | risky.biz |
t.co
risky.biz |
6 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | maxcdn.bootstrapcdn.com |
risky.biz
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | cdnjs.cloudflare.com |
risky.biz
|
1 | ajax.googleapis.com |
risky.biz
|
1 | www.googletagmanager.com |
risky.biz
|
1 | fonts.googleapis.com |
risky.biz
|
1 | t.co | |
25 | 9 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-03-07 - 2023-03-06 |
a year | crt.sh |
risky.biz Go Daddy Secure Certificate Authority - G2 |
2021-11-30 - 2023-01-01 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-09-26 - 2022-12-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://risky.biz/whatiswinnti/
Frame ID: B849BC8124702744FDCB307B7E9A60D4
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
What even is Winnti? - Risky BusinessPage URL History Show full URLs
- https://t.co/AhJl6jpQbi Page URL
- https://risky.biz/whatiswinnti/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
Title: This post sponsored by The Hewlett Foundation.
Search URL Search Domain Scan URL
Title: blog by Kaspersky
Search URL Search Domain Scan URL
Title: PlugX
Search URL Search Domain Scan URL
Title: 2018 US Department of Justice indictment
Search URL Search Domain Scan URL
Title: FireEye published a report
Search URL Search Domain Scan URL
Title: Kaspersky linked
Search URL Search Domain Scan URL
Title: Axiom Group
Search URL Search Domain Scan URL
Title: CCleaner
Search URL Search Domain Scan URL
Title: Netsarang
Search URL Search Domain Scan URL
Title: ASUS
Search URL Search Domain Scan URL
Title: blog about digital signing certificate abuse
Search URL Search Domain Scan URL
Title: posted a blog in 2016
Search URL Search Domain Scan URL
Title: Group72
Search URL Search Domain Scan URL
Title: also seems to correspond to Axiom/Winnti activity
Search URL Search Domain Scan URL
Title: APT27/Emissary Panda
Search URL Search Domain Scan URL
Title: the most sane approach
Search URL Search Domain Scan URL
Title: 2017 blog, Trend Micro
Search URL Search Domain Scan URL
Title: couple
Search URL Search Domain Scan URL
Title: blogs
Search URL Search Domain Scan URL
Title: blog that summarises the public research
Search URL Search Domain Scan URL
Title: software supply chain attack via Thai video games and a gaming platform
Search URL Search Domain Scan URL
Title: universities in Hong Kong
Search URL Search Domain Scan URL
Title: 2019 summary
Search URL Search Domain Scan URL
Title: APT41
Search URL Search Domain Scan URL
Title: 2020
Search URL Search Domain Scan URL
Title: went after many different kinds of victims
Search URL Search Domain Scan URL
Title: here’s my suggestion
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/AhJl6jpQbi Page URL
- https://risky.biz/whatiswinnti/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
AhJl6jpQbi
t.co/ |
249 B 551 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
risky.biz/whatiswinnti/ |
54 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
syntax.css
risky.biz/static/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
super-search.css
risky.biz/static/css/ |
769 B 828 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
risky.biz/static/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
risky-biz.css
risky.biz/static/css/ |
1016 B 892 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
173 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hflogo.svg
risky.biz/static/img/sponsors/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.lazyload.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.lazyload/1.9.1/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
super-search.js
risky.biz/static/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
socialite.min.js
risky.biz/static/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
va9E4kDNxMZdWfMOD5Vvl4jL.woff2
fonts.gstatic.com/s/firasans/v16/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
va9C4kDNxMZdWfMOD5VvkrjJYTI.woff2
fonts.gstatic.com/s/firasans/v16/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ieVg2ZhZI2eCN5jzbjEETS9weq8-19eDpCEobdNZ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 334 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sitemap.xml
risky.biz/ |
5 MB 1 MB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
120 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rblogo-280.png
risky.biz/static/img/logos/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
subscribe-280.png
risky.biz/static/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| gtag object| dataLayer function| $ function| jQuery object| jQuery1113024693171527022795 object| google_tag_manager object| google_tag_data object| gaGlobal function| toggleSearch object| Socialite3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 4bea7a88-67a7-426c-9cf1-ddd71bfef271 |
|
.risky.biz/ | Name: _ga_5ZMW0SZRCS Value: GS1.1.1667397981.1.0.1667397981.0.0.0 |
|
.risky.biz/ | Name: _ga Value: GA1.1.1655892726.1667397981 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
region1.google-analytics.com
risky.biz
t.co
www.googletagmanager.com
104.236.162.111
104.244.42.197
2001:4860:4802:34::36
2606:4700::6811:180e
2606:4700::6812:acf
2a00:1450:4001:800::200a
2a00:1450:4001:80b::2003
2a00:1450:4001:812::200a
2a00:1450:4001:830::2008
0275ec366f3cf18830eb5708a3f72ea10baf05a2f946c541e30691fa60ba4b54
0333af292419876b92e53376731f625bf90232eab8608bcc3960b1e35cec8142
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
302cc81d8d4085ff628380d2f742bcc2e368cf1484019970332716ef3977dc0e
3627329bf4271e95fae36b1864344664bbbeb547fcb1230f03f510ac4f54063a
364a9f45bbe1edb7689ad99a3861ac2469f9036d4fac65767dda13bb99d17c34
3c4ac3ad7479c131b100bbe74a50528e0b283291215bd884d4dd6a568f08e336
5b27344b10b8d05fcc1bba8dde99c972c3b7bf98eb33203301c3965f0ed3c6b5
69902d0bacd4d1f9b7eb85cb6906fa03a7fc2fee98a89e8d4603039b0a4898be
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
89c8d3135990bc1c8c776d84cad377e24d4263a498304c8f00da311c4b12a0c4
8fad87bc3cc3301472e2d66f663f4d6385fd5fcad259f8d2cd33de313cbc66a4
ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b4c20f10ac07c3e8d5d71aa5a6025d2f813766cf9f03390e14cc79196e93579d
b9468aa6472bc5778ab3b7ccd772c40d38ae7a028f7f1decccf21af02af71c21
cf9db44a408bb7ca51314cfd8c2b279579d13b0fb9c138b4bd8b62645f03f1fc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e895de4f58ade3e9cd2db4dcd61eb030c4d4f85274622bbb23755a34c41b870e
ea03bd5d723c75f6d0a9419d4f9651afd78ea2a4abfcee7f926cbde0681a2671
eb47fc61244be390493c261f170451b1290a77c269a86f76ed370ac6ce40676f
eece6e0c65b7007ab0eb1b4998d36dafe381449525824349128efc3f86f4c91c
fe263c513bf9c68af33e17b3e937bcc390f57ec4947705085affa859ab1d2c55