malware.news
Open in
urlscan Pro
104.26.7.105
Public Scan
Submission: On September 28 via api from GB — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 15th 2021. Valid for: a year.
This is the only time malware.news was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
33 | 104.26.7.105 104.26.7.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.250.185.78 142.250.185.78 | 15169 (GOOGLE) (GOOGLE) | |
32 | 2.18.233.62 2.18.233.62 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
67 | 4 |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f14.1e100.net
www.google-analytics.com |
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-62.deploy.static.akamaitechnologies.com
www.microsoft.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
malware.news
malware.news |
1 MB |
32 |
microsoft.com
www.microsoft.com |
1 MB |
2 |
google-analytics.com
www.google-analytics.com |
20 KB |
67 | 3 |
Domain | Requested by | |
---|---|---|
33 | malware.news |
malware.news
|
32 | www.microsoft.com |
malware.news
|
2 | www.google-analytics.com |
malware.news
www.google-analytics.com |
67 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
docs.microsoft.com |
attack.mitre.org |
troopers.de |
github.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-15 - 2022-06-14 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
www.microsoft.com Microsoft RSA TLS CA 01 |
2021-07-28 - 2022-07-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/53087
Frame ID: 63FFF4B1D13970CC0FDFC0D40A150E4C
Requests: 68 HTTP requests in this frame
Screenshot
Page Title
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor - Malware News - Malware Analysis, News and IndicatorsDetected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
36 Outgoing links
These are links going to different origins than the main page.
Title: SUNBURST backdoor, TEARDROP malware, and related components
Search URL Search Domain Scan URL
Title: GoldMax, GoldFinder, and Sibot malware
Search URL Search Domain Scan URL
Title: EnvyScout, BoomBox, NativeZone, and VaporRage
Search URL Search Domain Scan URL
Title: AD FS
Search URL Search Domain Scan URL
Title: token-signing certificate
Search URL Search Domain Scan URL
Title: token-decryption certificate
Search URL Search Domain Scan URL
Title: hardware security module (HSM)
Search URL Search Domain Scan URL
Title: securing AD FS servers
Search URL Search Domain Scan URL
Title: Indicators of compromise (IOCs)
Search URL Search Domain Scan URL
Title: mitigation guidance
Search URL Search Domain Scan URL
Title: detection details
Search URL Search Domain Scan URL
Title: hunting queries
Search URL Search Domain Scan URL
Title: AD FS
Search URL Search Domain Scan URL
Title: DLL search order hijacking
Search URL Search Domain Scan URL
Title: Diagram showing structure of Microsoft.IdentityServer.ServiceHost.exe after loading version.dll906×885
Search URL Search Domain Scan URL
Title: Diagram showing FoggyWeb attack chain975×415
Search URL Search Domain Scan URL
Title: Screenshot of dump of the legitimate version.dll576×627
Search URL Search Domain Scan URL
Title: Screenshot of the malicious version.dll576×666
Search URL Search Domain Scan URL
Title: Screenshot of the export functions of the malicious version.dll768×138
Search URL Search Domain Scan URL
Title: Screenshot of code showing trampoline function preserves the value of the arguments/registers intended for the function from the legitimate version of version.dll by saving the value of certain CPU register480×579
Search URL Search Domain Scan URL
Title: 576×634
Search URL Search Domain Scan URL
Title: 1320×406
Search URL Search Domain Scan URL
Title: 768×228
Search URL Search Domain Scan URL
Title: 576×519
Search URL Search Domain Scan URL
Title: 768×174
Search URL Search Domain Scan URL
Title: I am AD FS and so can you: Attacking Active Directory Federated Services
Search URL Search Domain Scan URL
Title: Group Managed Service Account (gMSA)
Search URL Search Domain Scan URL
Title: securing
Search URL Search Domain Scan URL
Title: monitoring
Search URL Search Domain Scan URL
Title: 768×438
Search URL Search Domain Scan URL
Title: Azure AD Identity Protection
Search URL Search Domain Scan URL
Title: “Token Issuer Anomaly” detection
Search URL Search Domain Scan URL
Title: https://github.com/Azure/Azure-Sentinel/tree/master/Detections/MultipleDataSources/Nobelium_FoggyWeb
Search URL Search Domain Scan URL
Title: https://github.com/Azure/Azure-Sentinel/tree/master/Sample%20Data/Feeds/FoggyWebIOC.csv
Search URL Search Domain Scan URL
Title: FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor 2
Search URL Search Domain Scan URL
Title: Microsoft Security Blog
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
67 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
53087
malware.news/t/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/ |
211 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser-detect-115ab5953de1b5bb122bfb26b757f5391dd8d1d2aef2b81baf7b59aee99d9f34.js
malware.news/assets/ |
247 B 472 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-b4c652e74e1f00d0e6059b6bf4aae63aedc7ef40ec1cd31a2d5494431da11f82.js
malware.news/assets/locales/ |
256 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ember_jquery-36a23101c869ab0dc53fc908de69adb785731593573d32bdeef416acc1076ef4.js
malware.news/assets/ |
557 KB 157 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-72ed7d3a2757503f5d4b387ef519a6f371137f63e3b8f1ff29544b54c1d8450f.js
malware.news/assets/ |
173 KB 60 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pretty-text-bundle-0651e2a797c3ce2e7029301b15f1e2d11ab1286bea425eaf70aac53d80e226ee.js
malware.news/assets/ |
150 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-3df47873cd9bb1ffc9f33b03e1c6ae8ca41d140f3208fb6b80353c289123e986.js
malware.news/assets/ |
3 MB 505 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-details-9be9806ef2338ede8e5c567dfd5b521aaad27d01694f01c604516118466d2120.js
malware.news/assets/plugins/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-local-dates-fb84b6e975839c2af6c7ffe54ef3f37631eb79d1ca4c032e3232c522b202b185.js
malware.news/assets/plugins/ |
32 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-narrative-bot-0b1e40d099d739cee23bbad45c2fb5eac1dcaaba028fdc9fa21b9e32930ec40b.js
malware.news/assets/plugins/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-presence-b6fbd1a4370db8cbe9a6026b149f4c857b4f4a71b0f72eefda4a295d0ed6a56a.js
malware.news/assets/plugins/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
docker_manager-ad177f91e75af171560e0d79a81bd5ce7b5b01c80c9055a24d75e9370c9de28b.js
malware.news/assets/plugins/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy-yt-9db193c8caacf2e3b3a24ed4c63699ad497c210f668f467d95380efd00982345.js
malware.news/assets/plugins/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll-4ece327052472a4245ca79c494a4bc3ad9b1f49d921e2df8b00a2299303f04bd.js
malware.news/assets/plugins/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-universal-analytics-v3-706f1d28f0a97f67a47515c96189277240ec4940d968955042066d7873fd1fe8.js
malware.news/assets/ |
725 B 731 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
color_definitions_base__1685c93a050ced147a1038a195b8e1dd02483a6a.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
372 KB 67 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-details_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-local-dates_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-narrative-bot_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
153 B 710 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
discourse-presence_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
1 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy-yt_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
poll_desktop_787482ef26fe5197f888d4afa236f1d8edce38ec.css
malware.news/stylesheets/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
desktop_theme_2_1eb7402e0a8095456972b2383753bd3ab76231e8.css
malware.news/stylesheets/ |
90 B 569 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
start-discourse-efa4e5abfbd1b50b5152ffbe64d5dcea9f7c33f766dcc6387e2711f0f2112148.js
malware.news/assets/ |
135 B 441 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browser-update-eec13eb6f8386f18f10b5dd6ebb7a3598d28421bb796e539b91a7e4a4c5d4c08.js
malware.news/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svg-2-9b0d85c163090ed00004e0abb5db8bd226e57ab5.js
malware.news/svg-sprite/malware.news/ |
114 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.magnific-popup.min.js
malware.news/javascripts/magnific-popup/1.1.0/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cdefff4af52a8d2d43094b5d57ebca1fc7613a63.js
malware.news/highlight-js/malware.news/ |
202 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba8ee0a927a69022c651441ac23d01bcdbc09785.png
malware.news/uploads/default/original/3X/b/a/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
24_2.png
malware.news/user_avatar/malware.news/malbot/45/ |
4 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
37 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig7-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig8-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
33 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig10-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig11-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig12-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
41 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig15-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig16-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
54 KB 54 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig17-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig18-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
63 KB 63 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig19-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
73 KB 73 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig23-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
79 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig26-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig27-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig30-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig31-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig32-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig33-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig34-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig36-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
70 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig39-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig41-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig42-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig47-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig48-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig49-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig50-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig51-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig52-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig54-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
52 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig55-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig57-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
40 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Fig1-FoggyWeb-NOBELIUM.png
www.microsoft.com/security/blog/uploads/securityprod/2021/09/ |
58 KB 59 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 205 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
poll
malware.news/message-bus/3840874dec89441b8fad55c168294b1a/ |
266 B 0 |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| I18n object| MessageFormat function| moment function| define function| requirejs object| ENV object| EmberENV function| $ function| jQuery object| mainContext object| Ember object| Em function| require function| requireModule object| Markdown object| bootbox object| clone object| Logster object| Handlebars object| MessageBus object| Popper function| _ function| Mousetrap object| RSVP object| BufferedProxy string| __INDIVIDUAL_ONE_VERSION_ev-store_ENFORCE_SINGLETON undefined| __INDIVIDUAL_ONE_VERSION_ev-store object| virtualDom function| filterCSS function| filterXSS function| __t object| __DISCOURSE_RAW_TEMPLATES object| Discourse object| __widget_helpers string| GoogleAnalyticsObject function| ga undefined| $bu object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| hljs3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.malware.news/ | Name: _ga Value: GA1.2.1006963460.1632806867 |
|
.malware.news/ | Name: _gid Value: GA1.2.206874274.1632806867 |
|
.malware.news/ | Name: _gat Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | base-uri 'none'; object-src 'none'; script-src https://malware.news/logs/ https://malware.news/sidekiq/ https://malware.news/mini-profiler-resources/ https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/extra-locales/ https://malware.news/highlight-js/ https://malware.news/javascripts/ https://malware.news/plugins/ https://malware.news/theme-javascripts/ https://malware.news/svg-sprite/ https://www.google-analytics.com/analytics.js; worker-src 'self' https://malware.news/assets/ https://malware.news/brotli_asset/ https://malware.news/javascripts/ https://malware.news/plugins/ |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
malware.news
www.google-analytics.com
www.microsoft.com
104.26.7.105
142.250.185.78
2.18.233.62
003c3d882b326d441cae76648a6510f6c8404353de5d54e76883a2fb61b6cdd1
041dc75fa9294876d29e6d78e76c9f7f3202f1763480da93d6ce2414d0a095c3
093714378e2e61720fdd442517e5ac12580f7e7231aff8b07fa99cb1a925353d
0a5839cd7c0eabc6aa774d10317278a26c7395e8b5736be5bc918c0b1eb905c5
0b37d1d5fdce07501dbcf92e59de22bcb3b59cf179c2c4ae85c6b4e53d7a33ac
0c790e0b93411874a3270d9cf25287e3a758051ab9c81ba801baaa687b2843ba
0d01c1e61b58bbe9b65e42c8b8aaa9f389735e768f017c0390ec6d3a40c1d77c
0e464194735cc759744eea53e73967a09c5800976b0046b6171a957e944ba229
14c69cf9aab52d14087ccfc1731a917d88ce2a77b2872abfcc2419fefa6cc4ba
180110a7a4ac1df81ccd0d022e0929949ba0d85dddf4beb145ea590b86bd9715
19089746082c9d1ae6b7fb6e3218eafa4411abffe26412d4d823cb304683c045
1ab3d376b5d18228e95af2f61f4ea5ee12a4200177969694c347048fb41c9b7c
1daf903ee846f106e08e2a131f4800ffbf8837d227192192e1f00d6fb0a6027f
1edcdff5e5eb87d417ef061b63757a7a96d827df7b323c26d2f8694c581b1177
2c8ca3ce2c2ba71f6a427d3297921b012a26ba235186016db94726f0dbdde8a5
2cd0e6938e8d46f41f7f988d340101d6c603507306367d8c811c30bbe82a8d68
337841cacc810966f1a748bdd0e4c23d80585b5f76cbc65a243bb9e328148a72
36e56ff433d1e7c0017688ed51d42dea37fc7a90431b54d4568df80746ed349b
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
40526df990780061385831eb7143db974cf389583c704c0f986284d2d8d3a0d3
42ec275869e47fed0ccb760a740c45c6a55580ac79a67dede7ce931a8117d34c
430ac06a9912729cedf0e6c618b7ad7d8c1a7623b380b60312dd17b0037f36ce
439310fe70c9254ca886a5848ab84ece7a2d0b9f1d7eb654e35ee1af86b1d0d9
469305e076b61b081f375808dacbdcecc96b0100e9a470ff91a42604a3832df2
4b73d14b7b57ee64970c09de1657c7aa6a9d019911cac5ba1bcb4fa0ea65b4b6
4d8afd5bb373b154d8855ba1dd8e3a46809b7801e86ad13b8009d512a4d18f5c
53c9be3b135462bc34fbb74d99437f3123b60be36e3ec983ae9aab81f6369697
5ccf20c77e2159876f53e2e7903140447691cd93ea5fdf38142a34cc37c0a1fa
5cff3efef16d1661ce7c8194c12d7b1e8fd41da7e2f712bac4045a63261aa5bc
5dc2f3f0b6682457b113ec4e3641049d51488e18deaa8185831f4973cb57f97e
65f807bc4f908f9ebf51eeded1b67bfb335b99949be64c0047feb0def8c5508e
6a87c768ec04dd50742787de6d09a14a579a825f80325fb6350763e75b7031b0
6b2618a9ee246008ea44d657ffca1870696ec89469e7f9a1822b5c9d4002a377
6ba10e33fc40749d8e0a6e2ab2f0271c2bc89f8aca0c4432000456d2a9912ea9
70295e23173942999f6560f098b372fb27ad0de5bc1a1e195c6ef5af18dfc856
70f1cbf2697ee3da0fce545369f9ff2394d5a67afb1920b1433dabd5d299c436
77eb27592ab1bc160e6a8d564ad3724447c85acd9552b75aefb7e51e46257b73
7c0253758a8d99e857f1be280b5f1c26e29650d53fcedffc7b445961371c581d
7e6dbcb4fa67139ef1bfb019ef153f21b130a1f68f7d5bbe3c15033c14342ff7
83b90cd086cf472a44f3ff4a3c4a99d8344b5cd4b0bfed7965a81fad79e03874
88b14dda4a21123aa6820ea695e57739603620c8bd569076086b0bd40b6aeacc
89ee6beac1d7a77094588bb8f84caffcf9bd3088a2c75f21da08cdd8dc8bee1e
8ac752cf3429ed4d1322aaece17556cb40319d80cef682f0ee5cbb9e1438a0fa
8d814ada502cfca69414ee2168f70cc98bdf53153a31b47548c0be6d75c5c046
9487cb559d6168d8f29a5684b10a9c253776e7280ea758f332902773d85367e5
9bc63a02041e3cbc9365d2a70224f9c22ca5e31897e72e0b3cb620259250a556
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a6915794955aa02a862c6286b6ae26b9ad45b49d9a095ecd1c9d1b7f8b498778
a933fa87d48ac7c2f381036d364fa92767c5dae738491b16aa668671abc23442
aa7aadbd1349c23ab2ab4bfecc563e091b07aad49739b21fa4a2ed2047fa57c1
acebca6bb94687d26ede3bd913fd03954e333fcd1f7141f96504e98fb12b2215
ae6dedb970801abe91fa00a3942ce5e4b20e698c0fe34fc9892dcfdd1c8d2a39
b64d6f3b3fafe479610cfa9b4b86fcef473ba7d0dfc5f68c8e9de52ed4774075
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0c0c12a070d77d4c60ac4f4d2a4e4d72b0afd5c67ce388b3d76d2583f15791d
c33ed3dcbb526b938f0d95f6d6935f386485a0e2631261e6158476b3b011d494
c8966bc8900e2e4de9bbf4cb70cc0053ce44994d8e34f0bdbf778e87fb83e9e0
cd6247435927dc30ea51dc5389f0e8fe14911ad0186ff35db94f7f0ff42f1b55
dbf6e5a1bdcf7981e49d952fc5e62e36715904a838584c9c7da9a49c62290baf
dd45733929c6d49dd415cce2b261835c0e935c8ca72c79a319b8d064580c115c
dd8eb5f29381950bd2d56653f3a9aeb82ca7b0bcbadc5903d48f335d1a0f0fa7
de0ca0ff3bb86d73a1bde16fb8f1374617856ed1ef841a0372c1eb211c49c5e2
e7c694accac8f695eb248305d13ace7bb590561b858b6ab60dd4ea547dd502c6
ec17cbd8e5c6be721b70eff50260d3f4ecf1fb4b6b94c0711be6107779143c22
f25487aa53b51b4c355c8c8dcfe481294a929e8e6c8ab3f4c1b0d84115803fb5
f880f8778527fc38ee3c8959346d7ab24551d44707cde9129f72d169520ab7e3
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62