blog.malware.re
Open in
urlscan Pro
52.222.214.94
Public Scan
Submitted URL: http://blog.malware.re/
Effective URL: https://blog.malware.re/
Submission: On April 17 via manual from SE — Scanned from SE
Effective URL: https://blog.malware.re/
Submission: On April 17 via manual from SE — Scanned from SE
Summary
This website contacted 6 IPs
in 2 countries
across 5 domains to perform 17 HTTP transactions.
The main IP is 52.222.214.94, located in
United States and
belongs to AMAZON-02, US.
The main domain is blog.malware.re.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 12th 2023. Valid for: a year.
This is the only time blog.malware.re was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M01 on February 12th 2023. Valid for: a year.
This is the only time blog.malware.re was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 12 | 52.222.214.94 52.222.214.94 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 69.16.175.42 69.16.175.42 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 1 | 104.16.85.20 104.16.85.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 17 | 6 |
12
52.222.214.94
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-94.fra56.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-94.fra56.r.cloudfront.net
| blog.malware.re |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
malware.re
1 redirects
blog.malware.re |
317 KB |
| 2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2394 |
83 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 206 |
19 KB |
| 1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 358 |
4 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 707 |
30 KB |
| 17 | 5 |
| Domain | Requested by | |
|---|---|---|
| 12 | blog.malware.re |
1 redirects
blog.malware.re
code.jquery.com |
| 2 | stackpath.bootstrapcdn.com |
blog.malware.re
stackpath.bootstrapcdn.com |
| 1 | cdnjs.cloudflare.com |
blog.malware.re
|
| 1 | cdn.jsdelivr.net |
blog.malware.re
|
| 1 | code.jquery.com |
blog.malware.re
|
| 17 | 5 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.malware.re Amazon RSA 2048 M01 |
2023-02-12 - 2024-03-12 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://blog.malware.re/
Frame ID: B6635F581A540659A69573BAE92BD06F
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
malware.re blogPage URL History Show full URLs
-
http://blog.malware.re/
HTTP 301
https://blog.malware.re/ Page URL
Detected technologies
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Highlight.js
(Miscellaneous)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /(?:([\d.])+/)?highlight(?:\.min)?\.js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
21 Outgoing links
These are links going to different origins than the main page.
URL: https://class.malware.re/
Title: Malware Class
Title: Malware Class
Search URL Search Domain Scan URL
URL: https://infosec.exchange/@colemankane
Title: @colemankane@infosec.exchange
Title: @colemankane@infosec.exchange
Search URL Search Domain Scan URL
URL: https://twitter.com/colemankane
Title: @colemankane
Title: @colemankane
Search URL Search Domain Scan URL
URL: https://github.com/ckane
Title: ckane @ GitHub
Title: ckane @ GitHub
Search URL Search Domain Scan URL
URL: https://bsidescincy.org/
Title: BSidesCincinnati
Title: BSidesCincinnati
Search URL Search Domain Scan URL
URL: https://www.rust-lang.org/
Title: Rust
Title: Rust
Search URL Search Domain Scan URL
URL: https://doc.rust-lang.org/std/option/enum.Option.html
Title: Option
Title: Option
Search URL Search Domain Scan URL
URL: https://doc.rust-lang.org/std/result/enum.Result.html
Title: Result
Title: Result
Search URL Search Domain Scan URL
URL: https://doc.rust-lang.org/std/result/enum.Result.html#method.ok
Title: Result.ok() method
Title: Result.ok() method
Search URL Search Domain Scan URL
URL: https://doc.rust-lang.org/std/iter/trait.Iterator.html#method.filter_map
Title: Iterator.filter_map() method
Title: Iterator.filter_map() method
Search URL Search Domain Scan URL
URL: https://www.opencti.io/
Title: OpenCTI
Title: OpenCTI
Search URL Search Domain Scan URL
URL: https://www.misp-project.org/
Title: MISP Project
Title: MISP Project
Search URL Search Domain Scan URL
URL: https://oasis-open.github.io/cti-documentation/stix/intro
Title: STIX
Title: STIX
Search URL Search Domain Scan URL
URL: https://aws.amazon.com/serverless/
Title: serverless
Title: serverless
Search URL Search Domain Scan URL
URL: https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html
Title: Traffic Mirroring
Title: Traffic Mirroring
Search URL Search Domain Scan URL
URL: https://aws.amazon.com/ec2/nitro/
Title: AWS Nitro System
Title: AWS Nitro System
Search URL Search Domain Scan URL
URL: https://www.key-id.com/key-id-fido-u2f-security-key-online-security/
Title: FIDO KEY-ID U2F
Title: FIDO KEY-ID U2F
Search URL Search Domain Scan URL
URL: https://www.youtube.com/watch?v=vBGnQuD8uX0
Title: Malware Analysis on a Budget
Title: Malware Analysis on a Budget
Search URL Search Domain Scan URL
URL: https://creativecommons.org/licenses/by-sa/4.0/
Title: CC BY-SA 4.0
Title: CC BY-SA 4.0
Search URL Search Domain Scan URL
URL: https://hexo.io/
Title: Hexo.
Title: Hexo.
Search URL Search Domain Scan URL
URL: https://github.com/litreily/snark-hexo
Title: snark.
Title: snark.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://blog.malware.re/
HTTP 301
https://blog.malware.re/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
blog.malware.re/ Redirect Chain
|
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
style.css
blog.malware.re/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
atom-one-dark.min.css
blog.malware.re/plugins/highlight/ |
793 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
highlight.min.js
blog.malware.re/plugins/highlight/ |
116 KB 117 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ready.js
blog.malware.re/js/ |
897 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.fancybox.min.css
cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/ |
12 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
profile.jpg
blog.malware.re/img/ |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
search.js
blog.malware.re/js/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
top.js
blog.malware.re/js/ |
428 B 788 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.fancybox.min.js
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/ |
67 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fancybox.js
blog.malware.re/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery.fancybox.min.js
cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
backgroud.png
blog.malware.re/img/ |
546 B 899 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
search.xml
blog.malware.re/ |
138 KB 138 KB |
XHR
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cdnjs.cloudflare.com
- URL
- https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js
Verdicts & Comments Add Verdict or Comment
7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| hljs function| searchFunc string| search_path string| path0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
blog.malware.re
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
stackpath.bootstrapcdn.com
cdnjs.cloudflare.com
104.16.85.20
104.17.24.14
104.18.10.207
52.222.214.94
69.16.175.42
043ffae28949bef9681b943c0f6a611227a4726bee3c7e244d2e4a44a6b12519
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b69a28210cee281d3d784000bdd12236b96bde57e0e8b7ff0c748cf385832f5
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3e63ff7b36febccdca3a3eb861d252e8225c42a14960209ad0e820fccc914ebb
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
95b97792e8785f253a2eb32439320ca6a2f6f6a3e78e18227dd6f861db501e77
95e3588d8edb17fc14e6ea56b290f9231cd1ef9e4c1372eb52406a1e3ee76ec9
9a022df2f204ffdb3216cf8dcd51cb46f85fbe2400117a3ae1d6682232fc2342
abde508214fb1f24e3a0952d71e0d00e65599cc8feacc9ae3dc59323101505a3
cadda460ccb4c3c01bb45f3d5976f63f5adf8dc3ff1d31cb4fbd3ded4f18e5bf
e5c2195ee7baaf123cd282e4187ab36441b9e9b1ecbccab3ba31ee8fae6c62a0
e7f2d993d588f22fe74afe6b53e336e6671b4049cfa1b57c5f485cf201c66f22
ecc68feca814b00fdcad4d194ad19783d81b5bf10ab26afba20c9d09581ca0b1
f7c88bce106ba355d96c426c0bfa3b0e17c8705e88624ce7f7745359a3b5a645