0xpat.github.io Open in urlscan Pro
185.199.109.153 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://0xpat.github.io/Malware_development_part_6/
Submission Tags: falconsandbox
Submission: On March 17 via api (March 17th 2021, 10:34:05 pm UTC) from US

Summary HTTP 13 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 185.199.109.153, located in San Francisco, United States and belongs to FASTLY, US. The main domain is 0xpat.github.io.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on May 6th 2020. Valid for: 2 years.

This is the only time 0xpat.github.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 14	185.199.109.153 185.199.109.153		54113 (FASTLY) (FASTLY)
13	2

14 185.199.109.153 (San Francisco, United States) 1 redirects

ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-153.github.com

0xpat.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	github.io 1 redirects 0xpat.github.io	2 MB
13	1

	Domain	Requested by
14	0xpat.github.io	1 redirects 0xpat.github.io
13	1

This site contains links to these domains. Also see Links.

Domain
github.com
en.wikipedia.org
blog.quarkslab.com
medium.com
www.babush.me
blog.scrt.ch
www.blackhat.com
www.linkedin.com
www.twitter.com

Subject Issuer	Validity	Valid
www.github.com DigiCert SHA2 High Assurance Server CA	`2020-05-06` - `2022-04-14`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://0xpat.github.io/Malware_development_part_6/
Frame ID: 7C7905E9232A327ED6BC59B31A69346A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://0xpat.github.io/Malware_development_part_6 HTTP 301
https://0xpat.github.io/Malware_development_part_6/ Page URL

Detected technologies

Ruby (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

GitHub Pages (CDN) Expand

Overall confidence: 100%
Detected patterns

url /^https?:\/\/[^/]+\.github\.io\//i
headers server /^GitHub\.com$/i

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1755 kB
Transfer

1824 kB
Size

0
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/obfuscator-llvm/obfuscator
Title: Obfuscator-LLVM

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Bootstrapping_(compilers)
Title: (this kinda sounds like a chicken-egg problem :))

Search URL Search Domain Scan URL

URL: https://github.com/obfuscator-llvm/obfuscator/wiki/Features
Title: in the project’s repository

Search URL Search Domain Scan URL

URL: https://github.com/sh3llc0d3r1337/windows_reverse_shell_1/blob/master/ReverseShell.cpp
Title: this classic reverse shell

Search URL Search Domain Scan URL

URL: https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
Title: this great article

Search URL Search Domain Scan URL

URL: https://github.com/HikariObfuscator/Hikari/
Title: https://github.com/HikariObfuscator/Hikari/

Search URL Search Domain Scan URL

URL: https://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b
Title: https://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b

Search URL Search Domain Scan URL

URL: http://www.babush.me/dumbo-llvm-based-dumb-obfuscator.html
Title: http://www.babush.me/dumbo-llvm-based-dumb-obfuscator.html

Search URL Search Domain Scan URL

URL: https://github.com/emc2314/YANSOllvm
Title: https://github.com/emc2314/YANSOllvm

Search URL Search Domain Scan URL

URL: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/
Title: https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/

Search URL Search Domain Scan URL

URL: https://blog.scrt.ch/2020/07/15/engineering-antivirus-evasion-part-ii/
Title: https://blog.scrt.ch/2020/07/15/engineering-antivirus-evasion-part-ii/

Search URL Search Domain Scan URL

URL: https://www.blackhat.com/docs/eu-14/materials/eu-14-Andrivet-C-plus-plus11-Metaprogramming-Applied-To-software-Obfuscation-wp.pdf
Title: this awesome workpaper

Search URL Search Domain Scan URL

URL: https://github.com/andrivet/ADVobfuscator
Title: ADVobfuscator tool

Search URL Search Domain Scan URL

URL: https://github.com/fritzone/obfy
Title: https://github.com/fritzone/obfy

Search URL Search Domain Scan URL

URL: https://github.com/revsic/cpp-obfuscator
Title: https://github.com/revsic/cpp-obfuscator

Search URL Search Domain Scan URL

URL: https://github.com/0xPat

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/patryk-czeczko

Search URL Search Domain Scan URL

URL: https://www.twitter.com/0xPat

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://0xpat.github.io/Malware_development_part_6 HTTP 301
https://0xpat.github.io/Malware_development_part_6/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
0xpat.github.io/Malware_development_part_6/
Redirect Chain

https://0xpat.github.io/Malware_development_part_6
https://0xpat.github.io/Malware_development_part_6/

33 KB
8 KB

96ms
95ms

Document
text/html

185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

b06dc796ef7ab3d6bfdc5fea0de411575887853af6e6b32569e1f582d77c27b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

:method: GET
:authority: 0xpat.github.io
:scheme: https
:path: /Malware_development_part_6/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: GitHub.com
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31556952
last-modified: Tue, 16 Mar 2021 20:50:47 GMT
access-control-allow-origin: *
etag: W/"60511a27-8248"
expires: Wed, 17 Mar 2021 22:43:49 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 62A4:B9CB:7D8010:80EDD2:605283CD
accept-ranges: bytes
date: Wed, 17 Mar 2021 22:33:50 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-hhn4052-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1616020430.932510,VS0,VE89
vary: Accept-Encoding
x-fastly-request-id: a6672303ce13c520959628011c89acebc40f7e29
content-length: 8293

Redirect headers

server: GitHub.com
content-type: text/html
strict-transport-security: max-age=31556952
location: https://0xpat.github.io/Malware_development_part_6/
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:49 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 482C:A94B:6359E4:65BA4B:605283CD
accept-ranges: bytes
date: Wed, 17 Mar 2021 22:33:49 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-hhn4052-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1616020430.821726,VS0,VE88
vary: Accept-Encoding
x-fastly-request-id: 9ce27a889212b2669e19a8e633347977a1dff74e
content-length: 162

GET
H2 200 style.css
0xpat.github.io/ 62 KB
23 KB 10ms
9ms Stylesheet
text/css 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://0xpat.github.io/style.css

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

6a55de871f8825bdbb2449913170a42cee582b171e89f35d86bddf808cf3642a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: bc2e8dfa3085ce6bb2f8174e02a65d73c8897942
strict-transport-security: max-age=31556952
content-encoding: gzip
etag: W/"60511a27-f8c6"
age: 2
x-cache: HIT
content-length: 22981
x-served-by: cache-hhn4052-HHN
access-control-allow-origin: *
last-modified: Tue, 16 Mar 2021 20:50:47 GMT
server: GitHub.com
x-github-request-id: B28E:248E:2284AAB:238D0A3:6051EE19
x-timer: S1616020430.036163,VS0,VE1
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
via: 1.1 varnish
expires: Wed, 17 Mar 2021 12:05:05 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 1

GET
H2 200 plain_decompiled.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 24 KB
24 KB 98ms
97ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/plain_decompiled.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

191e5fa2f6a3884ad858bb1d2ef5c7e7bb75aedb7ab1ab2f31bcdbe860cbb048

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 7cd2f38095d0b253255786b81631a8329b440ec5
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-6086"
age: 0
x-cache: MISS
content-length: 24710
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: B840:1143:572E9E:62B459:605283CE
x-timer: S1616020430.036600,VS0,VE87
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 plain_graph.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 172 KB
173 KB 103ms
101ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/plain_graph.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

15cedb30f4f34bd48ee2f9b9c2254c76410e3cb9e5638a00022d7ff1dfb7add1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 0725878c8fc44f044be681c62bdc1108ca4b3a5f
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-2b192"
age: 0
x-cache: MISS
content-length: 176530
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: D398:A94A:2E7B7F:302C49:605283CE
x-timer: S1616020430.038559,VS0,VE88
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 sub_decompiled.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 36 KB
36 KB 100ms
98ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/sub_decompiled.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

f4627cb4129c4c6943aa51abbb6f4bf5573cca04981da21b616bd71e4855b124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: f4769e0bb65b1979253d3fd41539a31f98fdcf6f
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-8fa3"
age: 0
x-cache: MISS
content-length: 36771
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: F1C6:1243:2D52469:2EA937C:605283CE
x-timer: S1616020430.038543,VS0,VE87
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 sub_graph.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 119 KB
119 KB 97ms
96ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/sub_graph.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

87a7efa815fc9c08e00af9ea393c27dddf10b4cece4636d01332d94cd6ed5d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 4408dcc3e4f3a7e14c938860dc6b6c813d9d5aa8
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-1db92"
age: 0
x-cache: MISS
content-length: 121746
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: A25E:D600:48D7F1:4A8770:605283CE
x-timer: S1616020430.038533,VS0,VE86
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 bcf_decompiled.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 607 KB
608 KB 108ms
107ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/bcf_decompiled.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

baf78c23ab1ecd5c0424a891e97ee657cddb50764770ec788882e26bd1210dea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 671d4af8b88e3ec53ef5151825e8e8accd0665ec
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-97c0c"
age: 0
x-cache: MISS
content-length: 621580
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: A3AC:A94B:6359EF:65BA5A:605283CE
x-timer: S1616020430.038901,VS0,VE91
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 bcf_graph.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 242 KB
243 KB 118ms
118ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/bcf_graph.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

1bdc7fefaa6a873cc2028cc4257b950bacb11079f5b3b9ca0afaa7db40d874cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 3b371e006f78316c26a8148b3477225f1d9fe5f4
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-3c9ed"
age: 0
x-cache: MISS
content-length: 248301
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: E3D6:14AA:C2E345:C7CA46:605283CE
x-timer: S1616020430.049956,VS0,VE93
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 cff.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 61 KB
62 KB 96ms
95ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/cff.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

810353ba40da1e22eec66d799ffecf856b248d6c78459d09707b39a4760ab6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: a6d71602cb6568526f714c9bd2e475c21b61cc95
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-f5e3"
age: 0
x-cache: MISS
content-length: 62947
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: D398:A94A:2E7B82:302C4B:605283CE
x-timer: S1616020430.137849,VS0,VE87
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 cff_decompiled.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 193 KB
193 KB 102ms
100ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/cff_decompiled.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

31a3f0cefdc1dbc3a7e1d4a802f1651975c964084409a93f922e72fc18bc9e0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: d4e1ee9f889e676db6d9c7c6022d9d2cabd40229
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-304a9"
age: 0
x-cache: MISS
content-length: 197801
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: 63D2:B9CB:7D801A:80EDDD:605283CE
x-timer: S1616020430.147266,VS0,VE88
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 200 cff_graph.png
0xpat.github.io/images/2021-01-25-Malware_development_part_6/ 261 KB
262 KB 107ms
106ms Image
image/png 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/2021-01-25-Malware_development_part_6/cff_graph.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/Malware_development_part_6/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

2749e60371cbb27d613e9d6d067897e00cad9cc9c0f6ae6069b37ca7224e88de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/Malware_development_part_6/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 97364c967ccb3eff266904345dbca98c2ebba7e1
strict-transport-security: max-age=31556952
via: 1.1 varnish
etag: "605119f7-4151d"
age: 0
x-cache: MISS
content-length: 267549
x-served-by: cache-hhn4052-HHN
last-modified: Tue, 16 Mar 2021 20:49:59 GMT
server: GitHub.com
x-github-request-id: BDF4:786B:6065CA:6B1FB7:605283CE
x-timer: S1616020430.147298,VS0,VE90
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Wed, 17 Mar 2021 22:43:50 GMT
cache-control: max-age=600
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS
x-cache-hits: 0

GET
H2 404 bkg.png
0xpat.github.io/images/ 2 KB
2 KB 8ms
8ms Image
text/html 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/bkg.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

30fabe33ad5ddb7bff36ab34cd198b4e6197e04e5222e3b18eaae71a7ece9b1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: c5728fcab795cc4054cb9a66be03b7258f08c609
strict-transport-security: max-age=31556952
content-encoding: gzip
etag: W/"60511a27-8d7"
age: 2
x-cache: HIT
x-cache-hits: 1
content-length: 913
x-served-by: cache-hhn4052-HHN
access-control-allow-origin: *
server: GitHub.com
x-github-request-id: 8C08:D600:48D78F:4A8705:605283CB
x-timer: S1616020430.093375,VS0,VE1
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: text/html; charset=utf-8
via: 1.1 varnish
accept-ranges: bytes
x-proxy-cache: MISS

GET
H2 404 bullet.png
0xpat.github.io/images/ 2 KB
2 KB 93ms
92ms Image
text/html 185.199.109.153
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0xpat.github.io/images/bullet.png

Requested by

Host: 0xpat.github.io
URL: https://0xpat.github.io/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.199.109.153 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

cdn-185-199-109-153.github.com

Software

GitHub.com /

Resource Hash

30fabe33ad5ddb7bff36ab34cd198b4e6197e04e5222e3b18eaae71a7ece9b1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952

Request headers

Referer: https://0xpat.github.io/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id: 19057cbc7ff6b51f80922d99cc99f3905663f0ef
strict-transport-security: max-age=31556952
content-encoding: gzip
etag: W/"60511a27-8d7"
age: 0
x-cache: MISS
x-cache-hits: 0
content-length: 913
x-served-by: cache-hhn4052-HHN
access-control-allow-origin: *
server: GitHub.com
x-github-request-id: A46A:8ADE:3EA381:450FC0:605283CE
x-timer: S1616020430.093351,VS0,VE83
date: Wed, 17 Mar 2021 22:33:50 GMT
vary: Accept-Encoding
content-type: text/html; charset=utf-8
via: 1.1 varnish
accept-ranges: bytes
x-origin-cache: HIT
x-proxy-cache: MISS

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ce087f1d38e538eee6a5084654d66a9c7b70025f2fb04a6885aab962250ea6fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3960b7858957eeade28addd3ae652d325d1e55f0339a501914ec6c0fd622a034

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be659f0e130aafc1fd04b1da193ff4a89da8aa0c7486238bea79f33343cbc4cb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556952

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0xpat.github.io
185.199.109.153
15cedb30f4f34bd48ee2f9b9c2254c76410e3cb9e5638a00022d7ff1dfb7add1
191e5fa2f6a3884ad858bb1d2ef5c7e7bb75aedb7ab1ab2f31bcdbe860cbb048
1bdc7fefaa6a873cc2028cc4257b950bacb11079f5b3b9ca0afaa7db40d874cc
2749e60371cbb27d613e9d6d067897e00cad9cc9c0f6ae6069b37ca7224e88de
30fabe33ad5ddb7bff36ab34cd198b4e6197e04e5222e3b18eaae71a7ece9b1e
31a3f0cefdc1dbc3a7e1d4a802f1651975c964084409a93f922e72fc18bc9e0f
3960b7858957eeade28addd3ae652d325d1e55f0339a501914ec6c0fd622a034
6a55de871f8825bdbb2449913170a42cee582b171e89f35d86bddf808cf3642a
810353ba40da1e22eec66d799ffecf856b248d6c78459d09707b39a4760ab6e6
87a7efa815fc9c08e00af9ea393c27dddf10b4cece4636d01332d94cd6ed5d6f
b06dc796ef7ab3d6bfdc5fea0de411575887853af6e6b32569e1f582d77c27b4
baf78c23ab1ecd5c0424a891e97ee657cddb50764770ec788882e26bd1210dea
be659f0e130aafc1fd04b1da193ff4a89da8aa0c7486238bea79f33343cbc4cb
ce087f1d38e538eee6a5084654d66a9c7b70025f2fb04a6885aab962250ea6fb
f4627cb4129c4c6943aa51abbb6f4bf5573cca04981da21b616bd71e4855b124

0xpat.github.io Open in urlscan Pro 185.199.109.153 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

1755 kBTransfer

1824 kBSize

0 Cookies

18 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

0xpat.github.io Open in urlscan Pro
185.199.109.153 Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

1755 kB
Transfer

1824 kB
Size

0
Cookies

13 HTTP transactions
3 data transactions