Hi Asyn,
Thanks for the heads-up on this.
Also see the results here on Kaspersky support's privacy status:
https://privacyscore.org/site/143446/ with 11 3rdparty trackers involved.
All servers reside in Russia and for Google Analytics the Anonymize IP Privacy Extension is not enabled.
Also consider:
https://urlscan.io/result/b208be71-152f-4744-9e68-a643d37e6f86Retirable code:
jquery 1.4.3.min Found in -https://support.kaspersky.com/resources/js/jquery-1.4.3.min.js?v=12
Vulnerability info:
Medium CVE-2011-4969 XSS with location.hash
Medium CVE-2012-6708 11290 Selector interpreted as HTML
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
blocked in my avast secure browser going to -https://kaspersky.d3.sc.omtrdc.net/b/ss/kasperskysupportall,kasperskysupporten/1/JS-2.6.0/s07192949918585?AQB=1&ndh=1&pf=1&t=15%2F7%2F2019%2020%3A15%3A38%204%20-120&mid=81671562226317276696572861505869332936&ce=UTF-8&ns=kaspersky&cdp=2&pageName=Homepage&g=-https%3A%2F%2Fsupport.kaspersky.com%2F&cc=USD&ch=Homepage&server=support.kaspersky.com&h1=Homepage&v2=D%3Dc12&v3=D%3Dc13&v11=D%3Dc22&v12=D%3Dc23&v13=D%3Dc24&v24=global&c25=Homepage&v25=Homepage&v26=Homepage&c31=
-https%3A%2F%2Fsupport.kaspersky.com%2F&c39=-https%3A%2F%2Fsupport.kaspersky.com%2F&c49=D%3Dc50%2B%22%20%3A%20%22%2BpageName&c50=New&v50=New&c63=Homepage&c69=global&s=1366x768&c=24&j=1.6&v=N&k=Y&bw=1366&bh=625&
mcorgid=983502BE532960BE0A490D4C%40AdobeOrg&AQE=1
They let others now do the job: -https://dpm.demdex.net/id? - //cm.everesttech.net/cm/dd?d_uuid=91551022538304052316155746798801252242"]}],"subdomain":"kaspersky","tid":"251hRlTxSgE="}
Easily found up using a WebSniffer extension in the browser.
polonus (volunteer 3rd party cold recon website security analyst & website error-hunter)