URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Submission: On September 16 via api from TR — Scanned from IT

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 14 HTTP transactions. The main IP is 185.199.109.153, located in San Francisco, United States and belongs to FASTLY, US. The main domain is research.openanalysis.net.
TLS certificate: Issued by R10 on September 5th 2024. Valid for: 3 months.
This is the only time research.openanalysis.net was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
5 185.199.109.153 54113 (FASTLY)
3 104.17.24.14 13335 (CLOUDFLAR...)
4 172.67.173.89 13335 (CLOUDFLAR...)
2 199.232.196.193 54113 (FASTLY)
14 4
Apex Domain
Subdomains
Transfer
5 openanalysis.net
research.openanalysis.net
21 KB
4 shields.io
img.shields.io — Cisco Umbrella Rank: 41027
4 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 215
110 KB
2 imgur.com
i.imgur.com — Cisco Umbrella Rank: 8803
272 KB
14 4
Domain Requested by
5 research.openanalysis.net research.openanalysis.net
4 img.shields.io research.openanalysis.net
3 cdnjs.cloudflare.com research.openanalysis.net
cdnjs.cloudflare.com
2 i.imgur.com research.openanalysis.net
14 4
Subject Issuer Validity Valid
research.openanalysis.net
R10
2024-09-05 -
2024-12-04
3 months crt.sh
cdnjs.cloudflare.com
WE1
2024-07-31 -
2024-10-29
3 months crt.sh
shields.io
WE1
2024-08-23 -
2024-11-21
3 months crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA
2024-02-15 -
2025-02-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Frame ID: B2A61E162CDBCD17259C79F2988DDCF6
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

AutoIt Credential Flusher | OALABS Research

Detected technologies

Overall confidence: 100%
Detected patterns
  • <!-- Begin Jekyll SEO tag

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

407 kB
Transfer

668 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request cred-flusher.html
research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/
17 KB
6 KB
Document
General
Full URL
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
02b67252d9b171fedce608027c301a59e1d309b49efeedfd33a4ed254495ed3c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
5654
content-type
text/html; charset=utf-8
date
Mon, 16 Sep 2024 02:11:41 GMT
etag
W/"66e26007-45ec"
expires
Mon, 16 Sep 2024 02:14:51 GMT
last-modified
Thu, 12 Sep 2024 03:29:11 GMT
server
GitHub.com
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-fastly-request-id
0d6bea67f0e1f59ad9ee5d1b1afdf974cd57612c
x-github-request-id
1372:380690:6C4208A:6EDFD44:66E79243
x-proxy-cache
MISS
x-served-by
cache-mxp6923-MXP
x-timer
S1726452702.558478,VS0,VE102
style.css
research.openanalysis.net/assets/css/
20 KB
5 KB
Stylesheet
General
Full URL
https://research.openanalysis.net/assets/css/style.css
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33

Request headers

Referer
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 16 Sep 2024 02:14:52 GMT
x-fastly-request-id
03e7b65feeb8c82aad2a36daf4608437d380ce17
date
Mon, 16 Sep 2024 02:11:41 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
HIT
content-length
4802
x-served-by
cache-mxp6923-MXP
last-modified
Thu, 12 Sep 2024 03:29:11 GMT
server
GitHub.com
x-github-request-id
62EE:31642A:648647E:6700BCD:66E79244
x-timer
S1726452702.712897,VS0,VE104
etag
W/"66e26007-4e1f"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
primer.css
cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/
200 KB
21 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/primer.css
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://research.openanalysis.net/
Origin
https://research.openanalysis.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2922539
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
20730
last-modified
Mon, 21 Sep 2020 15:32:35 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f68c793-320ac"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3Jqu17hLJoV5VBQ%2FJ2VTkH2LIY8wY2g31iybksWK8OxiU2zxPWFQeB4YAwfhZQmqSOIX9ZGGb3IniBtFARh%2B8YmAJA7jY15VrppSp9BmaRgL4LHNWrRRyQnISQRB%2F%2BHcZyWDNS1z"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8c3d53cc884a0e02-MXP
expires
Sat, 06 Sep 2025 02:11:42 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/
58 KB
11 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://research.openanalysis.net/
Origin
https://research.openanalysis.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1115664
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10391
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-e637"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qRfG8eR1CBGbtsO6f6Lj2lmi57lDT9XHGN760n3QR1NeVeDw5XFAdFGM6kdQFxw6Lk0TbW9PPIO4s8z4BjLcoN8rFb%2BMynpbwe0KbBGInBt1z91TaJLZsXR2aqCCxuxRTIptDbUc"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8c3d53cc88490e02-MXP
expires
Sat, 06 Sep 2025 02:11:42 GMT
-YouTube-FF0000
img.shields.io/badge/
915 B
1 KB
Image
General
Full URL
https://img.shields.io/badge/-YouTube-FF0000
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
via
1.1 fly.io
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6153
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 15 Sep 2024 15:46:43 GMT
fly-request-id
01J7W3QEK5KENJPMXM9ZPSFYCW-cdg
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BE62Fe7Hr3ByJVOb%2F1ZiDxm%2BTKrlZmXa%2FjTd8H4XwukeCKTu%2BAzahSMxCZAiamz%2FXLgSo15gyx8gQdmOgcMqQaCEoz5%2FTNg263YdkDL8ZARlcVXEXQ9XKuB4%2B1RQQ1hAtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=432000, s-maxage=432000
cf-ray
8c3d53cca8de1852-MRS
oalabslive
img.shields.io/twitch/status/
2 KB
1 KB
Image
General
Full URL
https://img.shields.io/twitch/status/oalabslive?style=social
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
via
1.1 fly.io
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
fly-request-id
01J7W9K716BSZTGRPNXBZHJKH9-cdg
last-modified
Mon, 16 Sep 2024 02:11:42 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EoBAdp9IN8JGftAKM0706hXVgPIp0W0hfgVsdVo39J2gCBrFrJHxEzZ5slWoC0mY4w9OhPNCIf4vQ%2F%2B8SzKhkeGxhEVmqQOgZ7feExBMJxLSob13MUIKmWABYkV12MqCJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=30, s-maxage=30
cf-ray
8c3d53cca8dc1852-MRS
expires
Mon, 16 Sep 2024 02:12:12 GMT
-Join%20Our%20Discord-blueviolet
img.shields.io/badge/
961 B
781 B
Image
General
Full URL
https://img.shields.io/badge/-Join%20Our%20Discord-blueviolet
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
via
1.1 fly.io
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6153
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 15 Sep 2024 15:46:46 GMT
fly-request-id
01J7W3QERWHPHE27EX1RRBC0KP-cdg
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p9Lu%2FMqLpAzBIRkyivc9xdYYyb%2BqwJXkEnQxVAQGJcIaZDPZPoMJqdkTqoIvgOBbPvjGmTTH43%2FqcJBjLYQZbeoYK%2FGyoSxUDqMsqMcKIt4Hq4Z5dbIyNjBvWMx7%2Bw4dWg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=432000, s-maxage=432000
cf-ray
8c3d53ccf91b1852-MRS
-OALABS%20Patreon-FF424D
img.shields.io/badge/
947 B
772 B
Image
General
Full URL
https://img.shields.io/badge/-OALABS%20Patreon-FF424D
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
via
1.1 fly.io
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6152
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 15 Sep 2024 15:46:42 GMT
fly-request-id
01J7W3QEXK35XAF2KKNN3YX3JS-cdg
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b894cBShAxNwJkSsAsedNF1bFx1DCBq8SJOXgu7CYvlglRakYw7Zg7aCbDUPOz0Vo2WnSRHqe4BSIWwmWsBBDub8g4IvBAG6sG6yu4Vnv%2BO9D0vsF4WmjeKBL5GhozNszw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml;charset=utf-8
access-control-allow-origin
*
cache-control
max-age=432000, s-maxage=432000
cf-ray
8c3d53cd49551852-MRS
github.svg
research.openanalysis.net/assets/badges/
2 KB
1 KB
Image
General
Full URL
https://research.openanalysis.net/assets/badges/github.svg
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff

Request headers

Referer
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 16 Sep 2024 02:14:53 GMT
x-fastly-request-id
69ec5af1ab8254894e50a670fd584a380340f308
date
Mon, 16 Sep 2024 02:11:42 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
HIT
content-length
1142
x-served-by
cache-mxp6923-MXP
last-modified
Thu, 12 Sep 2024 03:29:11 GMT
server
GitHub.com
x-github-request-id
DD7F:2D849F:6BEC4CB:6E6ECC2:66E79244
x-timer
S1726452702.293065,VS0,VE104
etag
W/"66e26007-7d6"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
EJknwZG.png
i.imgur.com/
64 KB
65 KB
Image
General
Full URL
https://i.imgur.com/EJknwZG.png
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
74a30ce4e89eaa4cc0193b7e8f8cc95158d9f710aded484defd8a37997e6fde6
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD89-P1
age
346525
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
content-length
65692
x-served-by
cache-iad-kiad7000088-IAD, cache-mxp6940-MXP
last-modified
Thu, 12 Sep 2024 01:56:18 GMT
server
cat factory 1.0
x-timer
S1726452702.496487,VS0,VE1
etag
"2526220d8d98b30adfed21379f78d270"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
dh_5UJubYP5BGMkIe4gCNO2sCN4BgzCceFXkb12mDX77n6v-f7x1ow==
x-cache-hits
35, 0
QOKaW2x.png
i.imgur.com/
207 KB
207 KB
Image
General
Full URL
https://i.imgur.com/QOKaW2x.png
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.196.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
a6ebd8047f032111028c2c9ac9353cbf8607721c680387fd3b888b7671bfd828
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://research.openanalysis.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD89-P1
age
342915
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
content-length
211804
x-served-by
cache-iad-kcgs7200069-IAD, cache-mxp6940-MXP
last-modified
Thu, 12 Sep 2024 02:56:28 GMT
server
cat factory 1.0
x-timer
S1726452702.496518,VS0,VE1
etag
"b165ba45b4385b52f2393002e9b2ec8c"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
_NkXVLxXnNUbZk1BOQ3FeFGb3K2x_ptq-AUY5NpjV2xQwZe367zS4Q==
x-cache-hits
33, 0
minima-social-icons.svg
research.openanalysis.net/assets/
15 KB
6 KB
Other
General
Full URL
https://research.openanalysis.net/assets/minima-social-icons.svg
Requested by
Host: research.openanalysis.net
URL: https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509

Request headers

Referer
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 16 Sep 2024 02:14:53 GMT
x-fastly-request-id
70d09ebaa3390fc1cccc0be4a3658c27988591ff
date
Mon, 16 Sep 2024 02:11:42 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
HIT
content-length
6282
x-served-by
cache-mxp6923-MXP
last-modified
Thu, 12 Sep 2024 03:29:11 GMT
server
GitHub.com
x-github-request-id
08C1:380690:6C4228B:6EDFF55:66E79245
x-timer
S1726452702.293045,VS0,VE118
etag
W/"66e26007-3a99"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/
78 KB
79 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Origin
https://research.openanalysis.net
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 16 Sep 2024 02:11:42 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2175474
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
80148
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-13914"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4LTpCEtRadWzj%2FPQ8vQAZ%2BVzCJ55nQznWRCrsqF7b9PYPrpkqkMdq7mEBJEU3jjHwRqR7x5iy0ukjTBMF%2BCXvLMQ8XBmB5GvX5LdCtzPP1RcpanGjm1m3sBLPj6AX%2BAUlgcSHWQ"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8c3d53cd78960e02-MXP
expires
Sat, 06 Sep 2025 02:11:42 GMT
favicon.ico
research.openanalysis.net/images/
2 KB
2 KB
Other
General
Full URL
https://research.openanalysis.net/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-109-153.github.com
Software
GitHub.com /
Resource Hash
36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63

Request headers

Referer
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 16 Sep 2024 02:21:42 GMT
x-fastly-request-id
a41c4d69730d080c5eaa4d5a51f47ba3265eeea7
date
Mon, 16 Sep 2024 02:11:42 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
MISS
content-length
2212
x-served-by
cache-mxp6923-MXP
last-modified
Thu, 12 Sep 2024 03:29:11 GMT
server
GitHub.com
x-github-request-id
B50B:2D48B3:5E96EF:609987:66E793DE
x-timer
S1726452703.748719,VS0,VE112
etag
W/"66e26007-8b8"
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| wrap_img

0 Cookies