security-soup.net
Open in
urlscan Pro
107.180.58.51
Public Scan
Submission: On March 16 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on January 12th 2022. Valid for: a year.
This is the only time security-soup.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 107.180.58.51 107.180.58.51 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 192.0.76.3 192.0.76.3 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
2 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
26 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-107-180-58-51.ip.secureserver.net
security-soup.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
security-soup.net
security-soup.net |
1 MB |
2 |
gstatic.com
fonts.gstatic.com |
42 KB |
2 |
wp.com
stats.wp.com — Cisco Umbrella Rank: 2544 pixel.wp.com — Cisco Umbrella Rank: 2476 |
3 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
999 B |
26 | 4 |
Domain | Requested by | |
---|---|---|
21 | security-soup.net |
security-soup.net
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | pixel.wp.com |
security-soup.net
|
1 | stats.wp.com |
security-soup.net
|
1 | fonts.googleapis.com |
security-soup.net
|
26 | 5 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
security-soup.net Go Daddy Secure Certificate Authority - G2 |
2022-01-12 - 2023-01-12 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-02-28 - 2022-05-23 |
3 months | crt.sh |
*.wp.com Sectigo RSA Domain Validation Secure Server CA |
2020-04-02 - 2022-07-05 |
2 years | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-02-28 - 2022-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://security-soup.net/decoding-a-danabot-downloader/
Frame ID: 71DFD26AAF1CE4C5D45F436A13659091
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
Decoding a DanaBot Downloader – Security SoupDetected technologies
WordPress (CMS) ExpandDetected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
- wp-embed\.min\.js\?ver=([\d.]+)
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
20 Outgoing links
These are links going to different origins than the main page.
Title: DanaBot
Search URL Search Domain Scan URL
Title: OSINT reports
Search URL Search Domain Scan URL
Title: discovered by Proofpoint
Search URL Search Domain Scan URL
Title: SCULLY SPIDER
Search URL Search Domain Scan URL
Title: been known
Search URL Search Domain Scan URL
Title: rpetitto-s980361ad.vbs
Search URL Search Domain Scan URL
Title: a4f1ea5dd434deee93bdf312f658a7a26f767c7683601fa8b23ef096392eef17
Search URL Search Domain Scan URL
Title: VbsEdit
Search URL Search Domain Scan URL
Title: script
Search URL Search Domain Scan URL
Title: ATT&CK ID: T1204
Search URL Search Domain Scan URL
Title: ATT&ACK ID: T1059.005
Search URL Search Domain Scan URL
Title: ATT&CK ID: T1218.011
Search URL Search Domain Scan URL
Title: ATT&CK ID: T1140
Search URL Search Domain Scan URL
Title: ATT&CK ID: T1036
Search URL Search Domain Scan URL
Title: ATT&CK ID: T1105
Search URL Search Domain Scan URL
Title: https://github.com/Sec-Soup
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: SuperbThemes.Com
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
security-soup.net/decoding-a-danabot-downloader/ |
65 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
security-soup.net/wp-includes/css/dist/block-library/ |
79 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
security-soup.net/wp-content/plugins/contact-widgets/assets/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shortcodes.css
security-soup.net/wp-content/plugins/column-shortcodes//assets/css/ |
3 KB 684 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yadawiki.css
security-soup.net/wp-content/plugins/yada-wiki/css/ |
3 KB 864 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 999 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
security-soup.net/wp-content/themes/blogfeedly/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
security-soup.net/wp-content/plugins/contact-widgets/assets/css/ |
1 KB 347 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
security-soup.net/wp-content/plugins/newsletter/ |
6 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jetpack.css
security-soup.net/wp-content/plugins/jetpack/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
security-soup.net/wp-includes/js/jquery/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-migrate.min.js
security-soup.net/wp-includes/js/jquery/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cropped-website_newlogo.png
security-soup.net/wp-content/uploads/2019/02/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comment-reply.min.js
security-soup.net/wp-includes/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.js
security-soup.net/wp-content/themes/blogfeedly/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-embed.min.js
security-soup.net/wp-includes/js/ |
1 KB 767 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e-202211.js
stats.wp.com/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wp-emoji-release.min.js
security-soup.net/wp-includes/js/ |
18 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2
fonts.gstatic.com/s/karla/v21/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qkB_XvYC6trAT7RQNNK2EG7SIwPWMNlCVytER0IPh7KX59Z0CnSKbGkv.woff2
fonts.gstatic.com/s/karla/v21/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screen-Shot-2019-02-22-at-12.04.13-AM.png
security-soup.net/wp-content/uploads/2019/02/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Screen-Shot-2022-03-13-at-9.32.06-AM-1.png
security-soup.net/wp-content/uploads/2022/03/ |
464 KB 467 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
danabot_drawing.png
security-soup.net/wp-content/uploads/2022/03/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2022-03-14-22_25_10-money.png
security-soup.net/wp-content/uploads/2022/03/ |
439 KB 442 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome.ttf
security-soup.net/wp-content/themes/blogfeedly/fonts/ |
4 KB 3 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
g.gif
pixel.wp.com/ |
50 B 93 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored object| _wpemojiSettings undefined| $ function| jQuery object| addComment object| wp object| _stq function| st_go function| linktracker_init object| wpcom object| twemoji0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
pixel.wp.com
security-soup.net
stats.wp.com
107.180.58.51
192.0.76.3
2a00:1450:4001:800::200a
2a00:1450:4001:803::2003
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
03dd4b22b7c6c6841f1df803d60d9a56a0b794c8f28b71705dfbb4ad052538d3
05ed947edd9239f9f03b7ef6e703eef96a5aaea45651c5f68cf0acecffe254ab
0f664ea5588e172074a7f77d8e83498fe8a9ed52bee2451746e3ad51cffd3728
10f91c693196f2c27af73a23adc69159567c43983cf273d0a81cf77d0caa8a9e
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
2f086baa21a9f6cb3ec29267c447315d245832410dc86ba340054f2205443c54
32055bb809e41ed6400e7f13f288084901f884f3f58b74c3556dd958516f5ceb
58304b3eb3e3e2c9b0b008db9d09aac38f844858773ec381f8f73a31b0bd45f8
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
612e670b4080094043dce5c290b5d86df27b27064eddddc1bd506ddc51abf632
7eeeb33e7663e083a823b29e2bed95b86064ca70727ae2aa9792f83c9212617b
829c7c7117ff1251846c377c8f00c0816b645c16c7d9a2ccd844f16d182baedf
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9c3ec96e1c6056239b20facc03f0862b814991be6bc45887b7f6605cadeb4bc4
a212873a8daa9042486fd983888190f04876ade673c3cc242a4ad8a36a6d9836
a2b52f4819c133bc281608895d14021d514a47cb8300a6d671226785319813f0
a63e79b5a97bf477e7d6ad34b4f8be2e4e8c7f3162f7d58b156ff0557f65c312
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bd84ea9082370b10fb03e2aa4dcf6ccc52b6d4a53269fb32f21c44638a02dce7
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
fc8056f5eb7f648bbdc21a541061cc8401f22ba178e5caceec3c78fd33e208dc
ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3
ff9ebdf44291f699348fd4dd9b9fbaacdd36186231f34ae0f71c888facdb3261