Security Warning: High Security Risk
Aggretsuko Live Wallpaper New Tab
ID: ipfhgpbiaobdaamfkpjhejapgcpmhkah
Supported Languages
Extension Info & Metadata
Publisher Contextual Analysis
- Author
- https://gameograf.com/View Profile
- Privacy
- Privacy Policy
- Country
- US
- MX records exist
- Yes
- Domain exists
- Yes
- Is disposable
- No
- Is role-based
- Yes
- Mailbox exists
- Yes
- Address
- 477 N Miami St Miami, FL 33179 US
- Website
- Visit
Aggretsuko Live Wallpaper transforms your new tab with dynamic live wallpapers and practical features
Aggretsuko Live Wallpaper transforms your new tab with dynamic live wallpapers and practical features, delivering a unique and inspiring experience every time you open it! Say goodbye to boring tabs and hello to a vibrant, personalized browsing experience that reflects your love for Aggretsuko. Whether you're a fan of her rage-filled karaoke sessions or her adorable office struggles, this extension brings her world to your screen. Features: 🎨 Live Wallpapers: Customize your new tab with Aggretsuko-themed live wallpapers. 🔗 Popular Site Shortcuts: Instant access to your most-visited websites. ➕ Add & Remove Shortcuts: Easily manage shortcuts to suit your needs. ⏰ Clock & Date Display: Keep track of time with a real-time clock and date. 🔍 Search Bar: Seamlessly search using your default search engine. Why You’ll Love It: Imagine opening your browser and being greeted by Aggretsuko rocking out to heavy metal or chilling at her desk—sounds fun, right? This extension isn’t just about looks; it’s designed to make your browsing experience smoother and more enjoyable. With quick access to your favorite sites, a handy search bar, and a sleek clock display, it’s both functional and fun. Plus, it’s super easy to set up and customize. Ready to spice up your new tab? Download now and let Aggretsuko brighten your day! Other Links: 🌟 More Extensions: Discover more extensions at https://gameograf.com. 🔒 Privacy Policy: Read our privacy policy at https://gameograf.com/privacy-policy/. 📩 Support: Reach out to us for support at https://gameograf.com/contact-us. About Us Gameograf.com designs custom Chrome new tab themes and extensions. Explore our collection featuring anime, manga, K-pop, sports, celebrities, cars, and more—perfect for personalizing your browser experience. Website: https://gameograf.com Contact: https://gameograf.com/contact-us/ Privacy Policy: https://gameograf.com/privacy-policy/ Feedback: https://gameograf.com/feedback/ Email: [email protected] Google Chrome Affiliate Program Disclosure This extension opens gameograf.com in a new tab after installation to inform users about the extension and provide access to similar content. Redirects comply with Chrome’s affiliate program and are user-initiated only. Keywords: Aggretsuko Live Wallpaper, live wallpapers, Chrome new tab extension, personalized tab, Haberikra.com.
The bundled manifest declares no host_permissions, while the live CWS listing declares `https://api.gameograf.com/*`. The actual network traffic in the bundle goes to `mlionltd.github.io` and `haberikra.com`, neither of which matches the CWS-disclosed permission. This three-way mismatch (bundled manifest / published manifest / actual code behavior) suggests either a staged update not yet reflected in the bundle or a deliberate obfuscation of actual network destinations.
{ "manifest_version": 3, "permissions": ["search"] // NO host_permissions present}// Published CWS listing manifest shows:// "host_permissions": ["https://api.gameograf.com/*"]// But bundled code never contacts api.gameograf.com.// Instead, code contacts https://mlionltd.github.io/space/ and https://haberikra.com// — neither of which appears in either manifest's host_permissions.The extension silently fetches video blobs from `https://mlionltd.github.io/space/` — a GitHub Pages account (`mlionltd`) with no declared relationship to the publisher (`gameograf.com`) — and caches them in IndexedDB. This domain is not declared in either the bundled or published manifest's host_permissions. If the `mlionltd` GitHub account is compromised or the content is swapped, arbitrary binary payloads are fetched and persisted locally on every new tab open without any integrity check.
async function fetchAndStoreVideos(db) { const alertLoader = $("#alertLoader"); const bg_mode_toggle = $("#bgModeToggle"); const vid_mode = $("#vidMode"); const baseURL = "https://mlionltd.github.io/space/"; async function fetchAndStore(i) { const url = `${baseURL}${i}.mp4`; try { const response = await fetch(url); if (response.ok) { const blob = await response.blob(); const transaction = db.transaction(["videos"], "readwrite"); const objectStore = transaction.objectStore("videos"); const videoData = { blob }; objectStore.add(videoData); console.log(`Video ${i} is available and stored in IndexedDB.`); } } catch (error) { console.error(`Error fetching or storing video ${i}: ${error}`); } } for (let i = 1; i <= total_videos; i++) { await fetchAndStore(i); }}By severity
Versions scanned
Showing 1 of 1 scanned version with more than one unique finding. Counts are unique findings that include each version.
| Extension Version | Code Review Findings |
|---|---|
| 1.0.0 | 2 |
Files with findings
2 distinct paths — top paths by unique finding count:
- js/script.js1
- manifest.json1
URLs
View the external URLs this extension communicates with to understand its network activity and data interactions.
Gain full insight into all external connections.
Upgrade for full visibility.
Gain full insight into all external connections.
Upgrade for full visibility.
Browse and explore files within this extension package
Gain full insight into all external connections.
Upgrade for full visibility.