urlscan.io logo urlscan.io
SecurityTrails logo

yaraify.abuse.ch Open in urlscan Pro
151.101.66.49  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://t.co/qlybSSOqUN
Effective URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Submission Tags: falconsandbox
Submission: On March 25 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 151.101.66.49, located in United States and belongs to FASTLY, US. The main domain is yaraify.abuse.ch.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q3 on September 28th 2022. Valid for: a year.
This is the only time yaraify.abuse.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 104.244.42.5 13414 (TWITTER)
16 151.101.66.49 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
18 3
Apex Domain
Subdomains		 Transfer
16 abuse.ch
yaraify.abuse.ch
433 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
77 KB
1 t.co
t.co — Cisco Umbrella Rank: 507
601 B
18 3
Domain Requested by
16 yaraify.abuse.ch t.co
yaraify.abuse.ch
1 www.googletagmanager.com yaraify.abuse.ch
1 t.co
18 3

This site contains links to these domains. Also see Links.

Domain
twitter.com
creativecommons.org
Subject Issuer Validity Valid
t.co
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-02-05 -
2024-02-05		 a year crt.sh
*.abuse.ch
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-28 -
2023-10-30		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Frame ID: A4BEF72495503065460620FB754A915B
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

YARAify | Rule MALWARE_Emotet_OneNote_Delivery_js_Mar23

Page URL History Show full URLs

  1. https://t.co/qlybSSOqUN Page URL
  2. https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • dataTables.*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

511 kB
Transfer

1065 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t.co/qlybSSOqUN Page URL
  2. https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
qlybSSOqUN
t.co/ 		395 B
601 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/qlybSSOqUN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.5 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,max-age=300
content-encoding
gzip
content-length
230
content-type
text/html; charset=utf-8
date
Sat, 25 Mar 2023 23:25:25 GMT
expires
Sat, 25 Mar 2023 23:30:25 GMT
perf
7626143928
server
tsa_o
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
6f98fa993c247b1197a94fe32bb6be5ddf0ca5fea015dddcc66535c22067c811
x-response-time
117
x-transaction-id
33580ced0d9c0671
x-xss-protection
0
Primary Request /
yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ 		10 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Requested by
Host: t.co
URL: https://t.co/qlybSSOqUN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
fa6a99e6e6ca231394ca23c8012d7d54fa4a3c240d52624b0b977561a4d9ebe8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://t.co/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
3225
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp; report-to="default"
cross-origin-opener-policy
same-origin; report-to="default"
cross-origin-resource-policy
same-site
date
Sat, 25 Mar 2023 23:25:25 GMT
expect-ct
enforce, max-age=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
Apache/2
strict-transport-security
max-age=15768000 ; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-frame-options
sameorigin
x-served-by
cache-ams21076-AMS, cache-hhn-etou8220042-HHN
x-timer
S1679786725.484893,VS0,VE159
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		220 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8KLH71CWS8
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c75d1fbba098432503d1a7ab205da8ab76321ba2b38613d46103e9437bd3bf6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
78841
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 25 Mar 2023 23:25:25 GMT
bootstrap.min.css
yaraify.abuse.ch/css/ 		160 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/css/bootstrap.min.css
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
23945
x-xss-protection
1; mode=block
x-served-by
cache-ams21081-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:42 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.713470,VS0,VE9
etag
"28021-5d8630b0bc7ae-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
3, 0
all.min.css
yaraify.abuse.ch/css/ 		98 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/css/all.min.css
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
20562
x-xss-protection
1; mode=block
x-served-by
cache-ams12720-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Apr 2022 12:15:20 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.713825,VS0,VE8
etag
"189ae-5dcb05d488b56-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
4, 0
datatables.min.css
yaraify.abuse.ch/css/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/css/datatables.min.css
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
b4e3f6265375c9fb238d6c8234a4f08e3d60757d2cc82381ad57949d63eaa637
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
1724
x-xss-protection
1; mode=block
x-served-by
cache-ams21058-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:42 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.713875,VS0,VE8
etag
"2114-5d8630b1608ed-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
3, 0
custom.css
yaraify.abuse.ch/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/css/custom.css
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
f751c662d282fc0271eee984ad21ba5b04419b860fbf7a24d8afb0ed8b13b3cb
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
1248
x-xss-protection
1; mode=block
x-served-by
cache-ams12720-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 05 May 2022 12:29:12 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.713901,VS0,VE10
etag
"cf1-5de42e3aa698f-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
4, 0
yaraify_logo.png
yaraify.abuse.ch/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://yaraify.abuse.ch/images/yaraify_logo.png
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
ff345b3e346819d49803fbc7d16922dee544d17f69c1d75d7f1e905c2f69d82c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
via
1.1 varnish, 1.1 varnish
age
0
cross-origin-embedder-policy
require-corp; report-to="default"
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
2888
x-xss-protection
1; mode=block
x-served-by
cache-ams12722-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 03 Apr 2022 12:35:33 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829435,VS0,VE9
etag
"b48-5dbbf3f7b4206"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
content-type
image/png
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
4, 0
jquery-3.6.0.min.js
yaraify.abuse.ch/js/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/jquery-3.6.0.min.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
30902
x-xss-protection
1; mode=block
x-served-by
cache-ams12763-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:38 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.790926,VS0,VE8
etag
"15d9d-5d8630ad14d88-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
3, 0
bootstrap.bundle.min.js
yaraify.abuse.ch/js/ 		76 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/bootstrap.bundle.min.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
23053
x-xss-protection
1; mode=block
x-served-by
cache-ams12739-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:37 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.790675,VS0,VE9
etag
"13131-5d8630ac3a134-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
3, 0
popper.min.js
yaraify.abuse.ch/js/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/popper.min.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
6771
x-xss-protection
1; mode=block
x-served-by
cache-ams12770-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:38 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.790676,VS0,VE9
etag
"49b9-5d8630ad3ed78-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
3, 0
clipboard.min.js
yaraify.abuse.ch/js/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/clipboard.min.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
3162
x-xss-protection
1; mode=block
x-served-by
cache-ams21020-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:37 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829710,VS0,VE18
etag
"234a-5d8630acac580-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
2, 0
datatables.min.js
yaraify.abuse.ch/js/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/datatables.min.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
af16fab2f5f1395a4b4a25fa025fbbf86a72ab658914d713108758a139f43b2f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
32032
x-xss-protection
1; mode=block
x-served-by
cache-ams12732-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 19 Feb 2022 18:19:38 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829504,VS0,VE8
etag
"16a5d-5d8630ace1154-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
2, 0
yararule_3lop8ahsg.js
yaraify.abuse.ch/js/ 		2 KB
886 B 		Script
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/js/yararule_3lop8ahsg.js
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
ce95a58b1ddebce251518dcc8b0f7c609ad5e59372f3c45d3494760f31f6529b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
age
0
x-cache
HIT, MISS
cross-origin-resource-policy
same-site
content-length
682
x-xss-protection
1; mode=block
x-served-by
cache-ams21078-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 02 May 2022 08:25:42 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829418,VS0,VE8
etag
"735-5de032358b3cd-gzip"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
2, 0
fa-solid-900.woff2
yaraify.abuse.ch/webfonts/ 		151 KB
151 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/webfonts/fa-solid-900.woff2
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/css/all.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://yaraify.abuse.ch/css/all.min.css
Origin
https://yaraify.abuse.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
via
1.1 varnish, 1.1 varnish
age
2164277
cross-origin-embedder-policy
require-corp; report-to="default"
x-cache
HIT, HIT
cross-origin-resource-policy
same-site
content-length
154228
x-xss-protection
1; mode=block
x-served-by
cache-ams21028-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Apr 2022 12:15:15 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829160,VS0,VE3
etag
"25a74-5dcb05cef5f38"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
content-type
font/woff2
cache-control
max-age=2628000, public
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
111, 1
fa-brands-400.woff2
yaraify.abuse.ch/webfonts/ 		103 KB
104 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/webfonts/fa-brands-400.woff2
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/css/all.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://yaraify.abuse.ch/css/all.min.css
Origin
https://yaraify.abuse.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
via
1.1 varnish, 1.1 varnish
age
1631823
cross-origin-embedder-policy
require-corp; report-to="default"
x-cache
HIT, HIT
cross-origin-resource-policy
same-site
content-length
105536
x-xss-protection
1; mode=block
x-served-by
cache-ams21056-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Apr 2022 12:15:13 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829143,VS0,VE2
etag
"19c40-5dcb05cd5fb39"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
content-type
font/woff2
cache-control
max-age=2628000, public
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
63, 1
fa-regular-400.woff2
yaraify.abuse.ch/webfonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/webfonts/fa-regular-400.woff2
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/css/all.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
6a274e7629c0d71dcf8cab1e7733687ebfe32e2c53b4ca9fad050b4f1d5471f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://yaraify.abuse.ch/css/all.min.css
Origin
https://yaraify.abuse.ch
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:25 GMT
via
1.1 varnish, 1.1 varnish
age
2231930
cross-origin-embedder-policy
require-corp; report-to="default"
x-cache
HIT, HIT
cross-origin-resource-policy
same-site
content-length
23940
x-xss-protection
1; mode=block
x-served-by
cache-ams12722-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Apr 2022 12:15:14 GMT
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.829143,VS0,VE1
etag
"5d84-5dcb05ce099f9"
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
content-type
font/woff2
cache-control
max-age=2628000, public
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
51, 1
/
yaraify.abuse.ch/ajax/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://yaraify.abuse.ch/ajax/
Requested by
Host: yaraify.abuse.ch
URL: https://yaraify.abuse.ch/js/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Apache/2 /
Resource Hash
ebb06e8065af75a46af6ab172350116bcc2224616f55046ed71b4ca60b2b6de9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security
max-age=15768000 ; includeSubDomains
content-security-policy
default-src 'self' https://fonts.gstatic.com:443 data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:443 https://www.google.com/recaptcha/ https://www.googletagmanager.com:443; frame-src https://www.google.com/recaptcha/; img-src 'self' data: https:; object-src 'none'
x-content-type-options
nosniff
date
Sat, 25 Mar 2023 23:25:26 GMT
via
1.1 varnish, 1.1 varnish
cross-origin-embedder-policy
require-corp; report-to="default"
x-cache
MISS, MISS
cross-origin-resource-policy
same-site
content-length
1185
x-xss-protection
1; mode=block
x-served-by
cache-ams21077-AMS, cache-hhn-etou8220042-HHN
referrer-policy
strict-origin-when-cross-origin
server
Apache/2
cross-origin-opener-policy
same-origin; report-to="default"
x-timer
S1679786726.955351,VS0,VE82
expect-ct
enforce, max-age=86400
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/json
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), speaker=(), usb=(), vr=()
accept-ranges
bytes
x-cache-hits
0, 0

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| gtag object| dataLayer function| $ function| jQuery number| uidEvent object| bootstrap object| Popper function| ClipboardJS object| $jscomp function| $jscomp$lookupPolyfilledValue function| DataTable function| like_it function| save_like function| dl_yararule object| clipboard object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

4 Cookies

Domain/Path Name / Value
.t.co/ Name: muc
Value: 3af0c572-3145-45f0-b7f2-89153f27ea0c
yaraify.abuse.ch/ Name: YARAIFY
Value: kcq05glaflnufin3f9iv6u0l9e
.abuse.ch/ Name: _ga_8KLH71CWS8
Value: GS1.1.1679786725.1.0.1679786725.0.0.0
.abuse.ch/ Name: _ga
Value: GA1.1.89582076.1679786726

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security error URL: https://www.googletagmanager.com/gtag/js?id=G-8KLH71CWS8(Line 50)
Message:
Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-8KLH71CWS8&gtm=45je33m0&_p=2097039463&cid=89582076.1679786726&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1679786725&sct=1&seg=0&dl=https%3A%2F%2Fyaraify.abuse.ch%2Fyarahub%2Frule%2FMALWARE_Emotet_OneNote_Delivery_js_Mar23%2F&dr=https%3A%2F%2Ft.co%2F&dt=YARAify%20%7C%20Rule%20MALWARE_Emotet_OneNote_Delivery_js_Mar23&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1' because it violates the following Content Security Policy directive: "default-src 'self' https://fonts.gstatic.com:443 data:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0