research.openanalysis.net
Open in
urlscan Pro
185.199.109.153
Public Scan
Submission: On September 16 via api from TR — Scanned from IT
Summary
TLS certificate: Issued by R10 on September 5th 2024. Valid for: 3 months.
This is the only time research.openanalysis.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 185.199.109.153 185.199.109.153 | 54113 (FASTLY) (FASTLY) | |
3 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 172.67.173.89 172.67.173.89 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 199.232.196.193 199.232.196.193 | 54113 (FASTLY) (FASTLY) | |
14 | 4 |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-153.github.com
research.openanalysis.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
openanalysis.net
research.openanalysis.net |
21 KB |
4 |
shields.io
img.shields.io — Cisco Umbrella Rank: 41027 |
4 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 215 |
110 KB |
2 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 8803 |
272 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
5 | research.openanalysis.net |
research.openanalysis.net
|
4 | img.shields.io |
research.openanalysis.net
|
3 | cdnjs.cloudflare.com |
research.openanalysis.net
cdnjs.cloudflare.com |
2 | i.imgur.com |
research.openanalysis.net
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.youtube.com |
www.twitch.tv |
discord.gg |
www.patreon.com |
github.com |
www.unpac.me |
loaderinsight.agency |
pivot.unpac.me |
learn.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
research.openanalysis.net R10 |
2024-09-05 - 2024-12-04 |
3 months | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
shields.io WE1 |
2024-08-23 - 2024-11-21 |
3 months | crt.sh |
*.imgur.com Sectigo RSA Domain Validation Secure Server CA |
2024-02-15 - 2025-02-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Frame ID: B2A61E162CDBCD17259C79F2988DDCF6
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
AutoIt Credential Flusher | OALABS ResearchDetected technologies
Jekyll (Static Site Generator) ExpandDetected patterns
- <!-- Begin Jekyll SEO tag
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: StealC malware
Search URL Search Domain Scan URL
Title: Loader Insight Agency
Search URL Search Domain Scan URL
Title: Amadey
Search URL Search Domain Scan URL
Title: UnpacMe PIVOT
Search URL Search Domain Scan URL
Title: UnpacMe
Search URL Search Domain Scan URL
Title: UnpacMe
Search URL Search Domain Scan URL
Title: UnpacMe
Search URL Search Domain Scan URL
Title: Kiosk mode
Search URL Search Domain Scan URL
Title: PIVOT
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cred-flusher.html
research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/ |
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
research.openanalysis.net/assets/css/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
primer.css
cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/ |
200 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-YouTube-FF0000
img.shields.io/badge/ |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oalabslive
img.shields.io/twitch/status/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-Join%20Our%20Discord-blueviolet
img.shields.io/badge/ |
961 B 781 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-OALABS%20Patreon-FF424D
img.shields.io/badge/ |
947 B 772 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
github.svg
research.openanalysis.net/assets/badges/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EJknwZG.png
i.imgur.com/ |
64 KB 65 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QOKaW2x.png
i.imgur.com/ |
207 KB 207 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
minima-social-icons.svg
research.openanalysis.net/assets/ |
15 KB 6 KB |
Other
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/ |
78 KB 79 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
research.openanalysis.net/images/ |
2 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| wrap_img0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
i.imgur.com
img.shields.io
research.openanalysis.net
104.17.24.14
172.67.173.89
185.199.109.153
199.232.196.193
02b67252d9b171fedce608027c301a59e1d309b49efeedfd33a4ed254495ed3c
02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d
36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63
74a30ce4e89eaa4cc0193b7e8f8cc95158d9f710aded484defd8a37997e6fde6
7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33
958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85
a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39
a6ebd8047f032111028c2c9ac9353cbf8607721c680387fd3b888b7671bfd828
cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff
e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f