bin.re Open in urlscan Pro
2a05:d014:275:cb02:66df:50b:6e56:a6bf Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/
Effective URL:
https://bin.re/blog/the-dga-of-qakbot/
Submission: On November 16 via api (November 16th 2022, 10:16:58 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 2a05:d014:275:cb02:66df:50b:6e56:a6bf, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is bin.re.
TLS certificate: Issued by R3 on November 4th 2022. Valid for: 3 months.

This is the only time bin.re was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a05:d014:275... 2a05:d014:275:cb00:c26c:5b6d:e2c8:e5a	16509 (AMAZON-02) (AMAZON-02)
10	2a05:d014:275... 2a05:d014:275:cb02:66df:50b:6e56:a6bf	16509 (AMAZON-02) (AMAZON-02)
10	2

1 2a05:d014:275:cb00:c26c:5b6d:e2c8:e5a (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

www.johannesbader.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a05:d014:275:cb02:66df:50b:6e56:a6bf (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

bin.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	bin.re bin.re	161 KB
1	johannesbader.ch 1 redirects www.johannesbader.ch	152 B
10	2

	Domain	Requested by
10	bin.re	bin.re
1	www.johannesbader.ch	1 redirects
10	2

This site contains links to these domains. Also see Links.

Domain
malpedia.caad.fkie.fraunhofer.de
www.symantec.com
www.malware-traffic-analysis.net
en.wikipedia.org
malwr.com
www.virustotal.com
www.amazon.com
www.microsoft.com
blog.fortinet.com
github.com
disqus.com
mega.nz
www.twitter.com
www.github.com
keybase.io
infosec.exchange

Subject Issuer	Validity	Valid
bin.re R3	`2022-11-04` - `2023-02-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bin.re/blog/the-dga-of-qakbot/
Frame ID: 856D40E7F3F960544ED5699BB4010F70
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The DGA of Qakbot.TMastodon

Page URL History Show full URLs

https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/ HTTP 301
https://bin.re/2016/02/the-dga-of-qakbot/ Page URL
https://bin.re/blog/the-dga-of-qakbot/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

161 kB
Transfer

253 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot
Title: Malpedia entry on Qakbot

Search URL Search Domain Scan URL

URL: https://www.symantec.com/security_response/writeup.jsp?docid=2016-011409-4221-99
Title: Generation 10

Search URL Search Domain Scan URL

URL: http://www.malware-traffic-analysis.net/2016/01/11/index.html
Title: malware-traffic-analysis.net

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Mersenne_Twister
Title: Mersenne Twister

Search URL Search Domain Scan URL

URL: https://malwr.com/analysis/MDg2N2M2YTNmZjFiNDZlNDhlNGIxZjc3MDFhZTYyODQ/
Title: link

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/ce557aec10bbe7705e4632003a6b4b0ecba63cafa6f2b2c330ab58f129882d4d/analysis/
Title: this executable

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/en/file/41ff3307655ea6e6e0d0874deba24f56ada50e765c3e2d83214d354b92b5e3df/analysis/
Title: Qakbot dll

Search URL Search Domain Scan URL

URL: http://www.amazon.com/Introduction-Algorithms-3rd-Thomas-Cormen/dp/0262033844/ref=sr_1_1?s=books&ie=UTF8&qid=1424430552&sr=1-1&keywords=introduction%20to%20algorithms%20third%20edition&tag=viglink123228-20
Title: Introduction to Algorithms, 3rd Edition

Search URL Search Domain Scan URL

URL: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan:Win32/Emotet.C
Title: Geodo/Emotet

Search URL Search Domain Scan URL

URL: https://blog.fortinet.com/post/a-closer-look-at-cryptolocker-s-dga
Title: Cryptolocker

Search URL Search Domain Scan URL

URL: https://github.com/baderj/domain_generation_algorithms/tree/master/qakbot
Title: GitHub

Search URL Search Domain Scan URL

URL: https://disqus.com/by/disqus_8AT0czK4eJ/
Title: Jawad Ahmed

Search URL Search Domain Scan URL

URL: https://disqus.com/by/baderj/
Title: Johannes Bader

Search URL Search Domain Scan URL

URL: https://mega.nz/#!ObwxnAgJ!1ZqqSHNYrTZLUMBVTjbqVBfzqS3bP-d0EYbMu4MlDkI
Title: https://mega.nz/#!ObwxnAgJ!...

Search URL Search Domain Scan URL

URL: http://www.twitter.com/viql
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.github.com/baderj
Title: GitHub

Search URL Search Domain Scan URL

URL: https://keybase.io/baderj
Title: Keybase

Search URL Search Domain Scan URL

URL: https://infosec.exchange/@viql
Title: Mastodon Mastodon

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/ HTTP 301
https://bin.re/2016/02/the-dga-of-qakbot/ Page URL
https://bin.re/blog/the-dga-of-qakbot/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/ HTTP 301
https://bin.re/2016/02/the-dga-of-qakbot/

10 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
bin.re/2016/02/the-dga-of-qakbot/
Redirect Chain

https://www.johannesbader.ch/2016/02/the-dga-of-qakbot/
https://bin.re/2016/02/the-dga-of-qakbot/

318 B
506 B

344ms
306ms

Document
text/html

2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/2016/02/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 0
cache-control: public, max-age=0, must-revalidate
content-length: 318
content-type: text/html; charset=UTF-8
date: Wed, 16 Nov 2022 22:16:52 GMT
etag: "a27317bf45207512b0a6eb115bb7254e-ssl"
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01GJ188C42ZAXXE1RWNMADY298

Redirect headers

content-length: 56
content-type: text/plain; charset=utf-8
date: Wed, 16 Nov 2022 22:16:52 GMT
location: https://bin.re/2016/02/the-dga-of-qakbot/
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01GJ188C2M053MQEJJ82FDK9G0

GET
H2 200 Primary Request / Show response
bin.re/blog/the-dga-of-qakbot/ 98 KB
40 KB 8ms
8ms Document
text/html 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

61cf277988fcae4900379860c9db541619450001788457e32767a6969116d899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://bin.re/2016/02/the-dga-of-qakbot/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53149
cache-control: public, max-age=0, must-revalidate
content-encoding: gzip
content-length: 40438
content-type: text/html; charset=UTF-8
date: Wed, 16 Nov 2022 07:31:03 GMT
etag: "86b7569faa4b9b58d97fe727e709e0f5-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01GJ188CE986TZST6C9207Z0AE

GET
H2 200 Montserrat-VariableFont_wght.woff2
bin.re/assets/fonts/ 30 KB
30 KB 12ms
12ms Font
font/woff2 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/assets/fonts/Montserrat-VariableFont_wght.woff2

Requested by

Host: bin.re
URL: https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://bin.re/blog/the-dga-of-qakbot/
Origin: https://bin.re
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ188CEMDQXYVS9HHJK1S5EW
date: Wed, 16 Nov 2022 07:06:07 GMT
strict-transport-security: max-age=31536000
server: Netlify
age: 54645
etag: "29d349f4c037a6a375df711db755f8ee-ssl"
content-type: font/woff2
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 30876

GET
H2 200 common-0012ba.css
bin.re/assets/css/ 10 KB
2 KB 12ms
11ms Stylesheet
text/css 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/assets/css/common-0012ba.css

Requested by

Host: bin.re
URL: https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

2f0c7042285f85a69d060774e962509cb88dc0c75949c9c99d577e2b72896d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bin.re/blog/the-dga-of-qakbot/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ188CEMYKJ5XWZFVWV081HY
date: Wed, 16 Nov 2022 07:06:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000
server: Netlify
age: 54645
etag: "cb1c17dcb938c01d99cc2981cfaf0a48-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 2141

GET
H2 200 blog-173260.css
bin.re/assets/css/ 10 KB
2 KB 12ms
12ms Stylesheet
text/css 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/assets/css/blog-173260.css

Requested by

Host: bin.re
URL: https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

6e47890de1df48b7441648e118b7bd1b918a69c9e26d6b91e9a4baf459c3895c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bin.re/blog/the-dga-of-qakbot/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ188CEMDR04HDPSA7SZVC3H
date: Wed, 16 Nov 2022 07:06:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000
server: Netlify
age: 54645
etag: "f935bebfddda5bd39b2a18460185fbb8-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 2291

GET
H2 200 all.min-a1c570.js Show response
bin.re/assets/js/ 2 KB
955 B 177ms
177ms Script
application/javascript 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/assets/js/all.min-a1c570.js

Requested by

Host: bin.re
URL: https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b8459c16c959865581b55b9ee9c7fa1c60a0f0251f879ff0427f47c20df92109

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bin.re/blog/the-dga-of-qakbot/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ188CF3MFQD1BS868HCD4AK
date: Wed, 16 Nov 2022 22:16:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000
server: Netlify
age: 0
etag: "81d57d18134429441859769ad02b7888-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 837

GET
H2 200 icons.svg
bin.re/assets/svg/ 19 KB
6 KB 8ms
8ms Other
image/svg+xml 2a05:d014:275:cb02:66df:50b:6e56:a6bf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bin.re/assets/svg/icons.svg

Requested by

Host: bin.re
URL: https://bin.re/blog/the-dga-of-qakbot/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02:66df:50b:6e56:a6bf Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b874ad11ad2ebb012ce329dd4aa2cec1e3056c7ec4634c29c05f840ecaadd0c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bin.re/blog/the-dga-of-qakbot/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-nf-request-id: 01GJ188CF3S8AMKWPHM7G9XJM4
date: Wed, 16 Nov 2022 07:06:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000
server: Netlify
age: 54645
etag: "75bcbd7558c5e82c44f6c8930bb94d1c-ssl-df"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 5672

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

bin.re Open in urlscan Pro 2a05:d014:275:cb02:66df:50b:6e56:a6bf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

161 kBTransfer

253 kBSize

0 Cookies

18 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

bin.re Open in urlscan Pro
2a05:d014:275:cb02:66df:50b:6e56:a6bf Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

161 kB
Transfer

253 kB
Size

0
Cookies

10 HTTP transactions
15 data transactions