Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://nsdprint.com...

windows10-2004-x64

1

https://nsdprint.com...

android-9-x86

5

https://nsdprint.com...

android-10-x64

5

https://nsdprint.com...

android-11-x64

5

Analysis

  • max time kernel
    108s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    24/11/2023, 06:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://nsdprint.com.au/web1.plala.or.jp/index.html

Score
5/10
evasion

Malware Config

Signatures

  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.android.chrome
    1⤵
    • Removes a system notification.
    PID:4392

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    nsdprint.com.au
    Remote address:
    1.1.1.1:53
    Request
    nsdprint.com.au
    IN A
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
  • flag-us
    DNS
    nsdprint.com.au
    Remote address:
    1.1.1.1:53
    Request
    nsdprint.com.au
    IN A
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
  • flag-us
    DNS
    nsdprint.com.au
    Remote address:
    1.1.1.1:53
    Request
    nsdprint.com.au
    IN A
    Response
    nsdprint.com.au
    IN A
    185.184.154.169
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
  • flag-us
    DNS
    safebrowsing.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    safebrowsing.googleapis.com
    IN A
  • flag-au
    GET
    https://nsdprint.com.au/web1.plala.or.jp/index.html
    Remote address:
    185.184.154.169:443
    Request
    GET /web1.plala.or.jp/index.html HTTP/2.0
    host: nsdprint.com.au
    upgrade-insecure-requests: 1
    user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    sec-fetch-site: none
    sec-fetch-mode: navigate
    sec-fetch-dest: document
    accept-encoding: gzip, deflate, br
    accept-language: en-US,en;q=0.9
    Response
    HTTP/2.0 200
    last-modified: Wed, 02 Nov 2022 08:04:40 GMT
    accept-ranges: bytes
    vary: Accept-Encoding
    content-encoding: gzip
    content-length: 3711
    content-type: text/html
    date: Fri, 24 Nov 2023 06:25:47 GMT
    server: Apache
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    accounts.google.com
    Remote address:
    1.1.1.1:53
    Request
    accounts.google.com
    IN A
    Response
    accounts.google.com
    IN A
    172.217.168.205
  • flag-nl
    POST
    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
    Remote address:
    172.217.168.205:443
    Request
    POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
    host: accounts.google.com
    content-length: 1
    origin: https://www.google.com
    content-type: application/x-www-form-urlencoded
    sec-fetch-site: none
    sec-fetch-mode: no-cors
    sec-fetch-dest: empty
    user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
    accept-encoding: gzip, deflate, br
    accept-language: en-US,en;q=0.9
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
  • flag-us
    DNS
    update.googleapis.com
    Remote address:
    1.1.1.1:53
    Request
    update.googleapis.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
  • flag-us
    DNS
    tbcruhtwhbmrxj
    Remote address:
    1.1.1.1:53
    Request
    tbcruhtwhbmrxj
    IN A
  • flag-us
    DNS
    tbcruhtwhbmrxj
    Remote address:
    1.1.1.1:53
    Request
    tbcruhtwhbmrxj
    IN A
  • flag-us
    DNS
    ipvlrbhatgeyvrc
    Remote address:
    1.1.1.1:53
    Request
    ipvlrbhatgeyvrc
    IN A
    Response
  • flag-us
    DNS
    bolkzkjfejdts
    Remote address:
    1.1.1.1:53
    Request
    bolkzkjfejdts
    IN A
  • flag-us
    DNS
    bolkzkjfejdts
    Remote address:
    1.1.1.1:53
    Request
    bolkzkjfejdts
    IN A
  • flag-us
    DNS
    tbcruhtwhbmrxj
    Remote address:
    1.1.1.1:53
    Request
    tbcruhtwhbmrxj
    IN A
    Response
  • flag-us
    DNS
    bolkzkjfejdts
    Remote address:
    1.1.1.1:53
    Request
    bolkzkjfejdts
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.179.142
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
  • 142.250.179.206:443
    tls, https
    1.5kB
     40 B
     1
    1
  • 185.184.154.169:443
    https://nsdprint.com.au/web1.plala.or.jp/index.html
    tls, http2
    2.0kB
     10.1kB
     16
    13

    HTTP Request

    GET https://nsdprint.com.au/web1.plala.or.jp/index.html

    HTTP Response

    200
  • 185.184.154.169:443
    nsdprint.com.au
    tls, http2
    1.2kB
     6.0kB
     12
    9
  • 172.217.168.205:443
    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
    tls, http2
    2.1kB
     7.6kB
     19
    14

    HTTP Request

    POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
  • 142.250.179.142:443
    android.apis.google.com
    tls
    13.0kB
     15.2kB
     48
    47
  • 142.250.179.142:443
    android.apis.google.com
    tls
    1.9kB
     6.1kB
     9
    8
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    nsdprint.com.au
    dns
    61 B
     1

    DNS Request

    nsdprint.com.au

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     1

    DNS Request

    accounts.google.com

  • 1.1.1.1:53
    nsdprint.com.au
    dns
    61 B
     1

    DNS Request

    nsdprint.com.au

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     1

    DNS Request

    accounts.google.com

  • 1.1.1.1:53
    nsdprint.com.au
    dns
    61 B
     77 B
     1
    1

    DNS Request

    nsdprint.com.au

    DNS Response

    185.184.154.169

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     2

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

  • 1.1.1.1:53
    safebrowsing.googleapis.com
    dns
    146 B
     2

    DNS Request

    safebrowsing.googleapis.com

    DNS Request

    safebrowsing.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    accounts.google.com
    dns
    65 B
     81 B
     1
    1

    DNS Request

    accounts.google.com

    DNS Response

    172.217.168.205

  • 1.1.1.1:53
    update.googleapis.com
    dns
    134 B
     2

    DNS Request

    update.googleapis.com

    DNS Request

    update.googleapis.com

  • 1.1.1.1:53
    android.apis.google.com
    dns
    138 B
     2

    DNS Request

    android.apis.google.com

    DNS Request

    android.apis.google.com

  • 1.1.1.1:53
    tbcruhtwhbmrxj
    dns
    120 B
     2

    DNS Request

    tbcruhtwhbmrxj

    DNS Request

    tbcruhtwhbmrxj

  • 1.1.1.1:53
    ipvlrbhatgeyvrc
    dns
    61 B
     136 B
     1
    1

    DNS Request

    ipvlrbhatgeyvrc

  • 1.1.1.1:53
    bolkzkjfejdts
    dns
    118 B
     2

    DNS Request

    bolkzkjfejdts

    DNS Request

    bolkzkjfejdts

  • 1.1.1.1:53
    tbcruhtwhbmrxj
    dns
    60 B
     135 B
     1
    1

    DNS Request

    tbcruhtwhbmrxj

  • 1.1.1.1:53
    bolkzkjfejdts
    dns
    59 B
     134 B
     1
    1

    DNS Request

    bolkzkjfejdts

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.179.142

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    140 B
     2

    DNS Request

    ssl.google-analytics.com

    DNS Request

    ssl.google-analytics.com

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.