www.malware-traffic-analysis.net
Open in
urlscan Pro
199.201.110.204
Public Scan
Effective URL: https://www.malware-traffic-analysis.net/2017/04/21/index2.html
Submission: On January 09 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 10th 2020. Valid for: a year.
This is the only time www.malware-traffic-analysis.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 199.201.110.204 199.201.110.204 | 20454 (SSASN2) (SSASN2) | |
8 | 1 |
ASN20454 (SSASN2, US)
PTR: nc-ph-1926-75.web-hosting.com
malware-traffic-analysis.net | |
www.malware-traffic-analysis.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
malware-traffic-analysis.net
1 redirects
malware-traffic-analysis.net www.malware-traffic-analysis.net |
1 MB |
8 | 1 |
Domain | Requested by | |
---|---|---|
8 | www.malware-traffic-analysis.net |
www.malware-traffic-analysis.net
|
1 | malware-traffic-analysis.net | 1 redirects |
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
isc.sans.edu |
www.bleepingcomputer.com |
myonlinesecurity.co.uk |
www.reverse.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
malware-traffic-analysis.net Sectigo RSA Domain Validation Secure Server CA |
2020-10-10 - 2021-11-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.malware-traffic-analysis.net/2017/04/21/index2.html
Frame ID: 34C141AE1F4EC7B3A4F026E1ED1898AE
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://malware-traffic-analysis.net/2017/04/21/index2.html
HTTP 301
https://www.malware-traffic-analysis.net/2017/04/21/index2.html Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Malspam on 2017-04-11 pushes yet another ransomware variant
Search URL Search Domain Scan URL
Title: Mole Ransomware Distributed Through Fake online Word Docs
Search URL Search Domain Scan URL
Title: More USPS delivery messages delivering mole ransomware
Search URL Search Domain Scan URL
Title: Changes to fake USPS delivery messages delivering malware
Search URL Search Domain Scan URL
Title: https://www.reverse.it/sample/20e6c812f7d8688c9ccb24cc4e9c0fa2b71f1770f38b5571a60043043d4b4ac5?environmentId=100
Search URL Search Domain Scan URL
Title: https://www.reverse.it/sample/6ad0e26e0423838df19f00e178e47a1b65395b2b68055ecb07a99613208cc684?environmentId=100
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://malware-traffic-analysis.net/2017/04/21/index2.html
HTTP 301
https://www.malware-traffic-analysis.net/2017/04/21/index2.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index2.html
www.malware-traffic-analysis.net/2017/04/21/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.malware-traffic-analysis.net/ |
2 KB 908 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site-logo-01.gif
www.malware-traffic-analysis.net/ |
13 KB 14 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2017-04-21-parking-service-malspam-image-00.jpg
www.malware-traffic-analysis.net/2017/04/21/ |
219 KB 220 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2017-04-21-parking-service-malspam-image-01.jpg
www.malware-traffic-analysis.net/2017/04/21/ |
278 KB 279 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2017-04-21-parking-service-malspam-image-02.jpg
www.malware-traffic-analysis.net/2017/04/21/ |
283 KB 283 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2017-04-21-parking-service-malspam-image-03.jpg
www.malware-traffic-analysis.net/2017/04/21/ |
77 KB 77 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2017-04-21-parking-service-malspam-image-04.jpg
www.malware-traffic-analysis.net/2017/04/21/ |
510 KB 511 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
malware-traffic-analysis.net
www.malware-traffic-analysis.net
199.201.110.204
09c67102758f06cce74d9fbff93a926c1745a5389c958b2136b41787bdd27f5f
0e0b0b46d86609917f81c0b4d39cab16bd01caa47ccced8b15f989632a6d01cf
2e3dd8abdd469e2e1bc581cc553bbd48f739a876c7abbd002cc0710e32d2eade
30ab862271fcad942a3463be8f77048dd27103709e5b42fcdd6bfb8247d62391
45a4160923abff381f10116e66c511bd2a5ae199a4bbe7c24589c5ae75518cc2
acf695de5b54586c9468b0264db0403a05b088d69d572a040754274542885596
ad5b928e37a650fd49af9d7ae6b032d2414f90149b6bb6dbcbfe50ba6d737726
b92ba47a92ab970e09e6ebb92adfb141b26e3f0d1e0d8db6dcd156169b2740a6