yaraify.abuse.ch
Open in
urlscan Pro
151.101.66.49
Public Scan
Effective URL: https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Submission Tags: falconsandbox
Submission: On March 25 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q3 on September 28th 2022. Valid for: a year.
This is the only time yaraify.abuse.ch was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.5 104.244.42.5 | 13414 (TWITTER) (TWITTER) | |
16 | 151.101.66.49 151.101.66.49 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::2008 | 15169 (GOOGLE) (GOOGLE) | |
18 | 3 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
abuse.ch
yaraify.abuse.ch |
433 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
77 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 507 |
601 B |
18 | 3 |
Domain | Requested by | |
---|---|---|
16 | yaraify.abuse.ch |
t.co
yaraify.abuse.ch |
1 | www.googletagmanager.com |
yaraify.abuse.ch
|
1 | t.co | |
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
twitter.com |
creativecommons.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-05 - 2024-02-05 |
a year | crt.sh |
*.abuse.ch GlobalSign Atlas R3 DV TLS CA 2022 Q3 |
2022-09-28 - 2023-10-30 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-03-06 - 2023-05-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/
Frame ID: A4BEF72495503065460620FB754A915B
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
YARAify | Rule MALWARE_Emotet_OneNote_Delivery_js_Mar23Page URL History Show full URLs
- https://t.co/qlybSSOqUN Page URL
- https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Clipboard.js (Miscellaneous) Expand
Detected patterns
- clipboard(?:-([\d.]+))?(?:\.min)?\.js
DataTables (JavaScript Libraries) Expand
Detected patterns
- dataTables.*\.js
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: @SI_FalconTeam
Search URL Search Domain Scan URL
Title: https://creativecommons.org/licenses/by/4.0/
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/qlybSSOqUN Page URL
- https://yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
qlybSSOqUN
t.co/ |
395 B 601 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
yaraify.abuse.ch/yarahub/rule/MALWARE_Emotet_OneNote_Delivery_js_Mar23/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
220 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
yaraify.abuse.ch/css/ |
160 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
yaraify.abuse.ch/css/ |
98 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datatables.min.css
yaraify.abuse.ch/css/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
yaraify.abuse.ch/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yaraify_logo.png
yaraify.abuse.ch/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
yaraify.abuse.ch/js/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.bundle.min.js
yaraify.abuse.ch/js/ |
76 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
yaraify.abuse.ch/js/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clipboard.min.js
yaraify.abuse.ch/js/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
datatables.min.js
yaraify.abuse.ch/js/ |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yararule_3lop8ahsg.js
yaraify.abuse.ch/js/ |
2 KB 886 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
yaraify.abuse.ch/webfonts/ |
151 KB 151 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
yaraify.abuse.ch/webfonts/ |
103 KB 104 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-regular-400.woff2
yaraify.abuse.ch/webfonts/ |
23 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
yaraify.abuse.ch/ajax/ |
1 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| gtag object| dataLayer function| $ function| jQuery number| uidEvent object| bootstrap object| Popper function| ClipboardJS object| $jscomp function| $jscomp$lookupPolyfilledValue function| DataTable function| like_it function| save_like function| dl_yararule object| clipboard object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: 3af0c572-3145-45f0-b7f2-89153f27ea0c |
|
yaraify.abuse.ch/ | Name: YARAIFY Value: kcq05glaflnufin3f9iv6u0l9e |
|
.abuse.ch/ | Name: _ga_8KLH71CWS8 Value: GS1.1.1679786725.1.0.1679786725.0.0.0 |
|
.abuse.ch/ | Name: _ga Value: GA1.1.89582076.1679786726 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
t.co
www.googletagmanager.com
yaraify.abuse.ch
104.244.42.5
151.101.66.49
2a00:1450:4001:830::2008
0df5a33710e433de1f5415b1d47e4130ca7466aee5b81955f1045c4844bbb3ed
404c746c8f7e3f9b7611a8f23d908c1a32a5c972236b9d89bb68b05d9bf4b905
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
6a274e7629c0d71dcf8cab1e7733687ebfe32e2c53b4ca9fad050b4f1d5471f3
af16fab2f5f1395a4b4a25fa025fbbf86a72ab658914d713108758a139f43b2f
b4e3f6265375c9fb238d6c8234a4f08e3d60757d2cc82381ad57949d63eaa637
baff7541be9c20f7f977f6993ce39cfa937a7bde69db6e7beebb8f68372682a1
c75d1fbba098432503d1a7ab205da8ab76321ba2b38613d46103e9437bd3bf6f
ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b
ce95a58b1ddebce251518dcc8b0f7c609ad5e59372f3c45d3494760f31f6529b
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
ebb06e8065af75a46af6ab172350116bcc2224616f55046ed71b4ca60b2b6de9
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
f751c662d282fc0271eee984ad21ba5b04419b860fbf7a24d8afb0ed8b13b3cb
fa6a99e6e6ca231394ca23c8012d7d54fa4a3c240d52624b0b977561a4d9ebe8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ff345b3e346819d49803fbc7d16922dee544d17f69c1d75d7f1e905c2f69d82c