Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 03:43 UTC
General
-
Target
0d50dbd6b7c1009b886c869774026e08.exe
-
Size
696KB
-
MD5
0d50dbd6b7c1009b886c869774026e08
-
SHA1
7e464a2023d8b08b01c171b4e1cb615570362294
-
SHA256
0a1327918b6e25eeb22e76b29d1f6a9a56330dbb9a2a46eb678b3f077c68f788
-
SHA512
5f533ab897b7b901cfa60bad67184d6a26ebacc28a85c67cbf898b995e787fbb26358d5d0d18bf2701ec22019255bf28122424c107302412454a2fb58746addb
-
SSDEEP
12288:ob9cW5vyb8vFgL1LFYg9ysGbcHasDyb/lDfRq9+uJ7zk+nG8R5+YIHf8pw5a4Ec7:LOgJLFIcHb4/VfRq3JhG8RobEpcas9
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies system certificate store 2 TTPs 4 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d50dbd6b7c1009b886c869774026e08.exe"C:\Users\Admin\AppData\Local\Temp\0d50dbd6b7c1009b886c869774026e08.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\TempImg\regver.exeC:\Users\Admin\AppData\Local\TempImg\regver.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\TempImg\CheckVer104.exeC:\Users\Admin\AppData\Local\TempImg\CheckVer104.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
Network
-
DNSwww.app-zilla.comRemote address:8.8.8.8:53Requestwww.app-zilla.comIN AResponsewww.app-zilla.comIN CNAMEtraff-2.hugedomains.comtraff-2.hugedomains.comIN CNAMEhdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.comhdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.comIN A3.130.204.160hdr-nlb5-4e815dd67a14bf7f.elb.us-east-2.amazonaws.comIN A3.130.253.23 -
GEThttp://www.app-zilla.com/register_install_ppd.phpRemote address:3.130.204.160:80RequestGET /register_install_ppd.php HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.app-zilla.com
Connection: Keep-Alive
ResponseHTTP/1.1 302 Found
content-length: 0
date: Sun, 31 Dec 2023 16:27:08 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
-
DNSwww.hugedomains.comRemote address:8.8.8.8:53Requestwww.hugedomains.comIN AResponsewww.hugedomains.comIN A104.26.7.37www.hugedomains.comIN A172.67.70.191www.hugedomains.comIN A104.26.6.37
-
GEThttps://www.hugedomains.com/domain_profile.cfm?d=app-zilla.comRemote address:104.26.7.37:443RequestGET /domain_profile.cfm?d=app-zilla.com HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private
vary: Accept-Encoding
set-cookie: site_version_phase=108; expires=Wed, 25-Dec-2024 16:27:14 GMT; path=/
set-cookie: site_version=HDv3; expires=Wed, 25-Dec-2024 16:27:14 GMT; path=/
set-cookie: captcha-tracker=; expires=Sat, 30-Dec-2023 16:27:14 GMT; path=/
x-powered-by: ASP.NET
lb: TclPrdLbHd3
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w50ZoTQ%2FDE3%2FHiMWkaQADN6ONtOUDatmE0Jn3ecx04pfoaXJaNGDRLqdyYaH5JEqGHYfYtmI0aOvGiLpda8OdgfqKN8RzsLdnJ28niYmIR2k%2BWMHpVtH73RuzJD3xLqVzlOjVzg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e38558ba776b-LHR
Content-Encoding: gzip
-
DNSstatic.hugedomains.comRemote address:8.8.8.8:53Requeststatic.hugedomains.comIN AResponsestatic.hugedomains.comIN A172.67.70.191static.hugedomains.comIN A104.26.6.37static.hugedomains.comIN A104.26.7.37
-
DNScdn.jsdelivr.netRemote address:8.8.8.8:53Requestcdn.jsdelivr.netIN AResponsecdn.jsdelivr.netIN CNAMEjsdelivr.map.fastly.netjsdelivr.map.fastly.netIN A151.101.1.229jsdelivr.map.fastly.netIN A151.101.65.229jsdelivr.map.fastly.netIN A151.101.129.229jsdelivr.map.fastly.netIN A151.101.193.229
-
DNSwww.google.comRemote address:8.8.8.8:53Requestwww.google.comIN AResponsewww.google.comIN A142.250.200.4
-
GEThttps://www.google.com/recaptcha/api.jsRemote address:142.250.200.4:443RequestGET /recaptcha/api.js HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: www.google.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Sun, 31 Dec 2023 16:27:15 GMT
Date: Sun, 31 Dec 2023 16:27:15 GMT
Cache-Control: private, max-age=300
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
-
GEThttps://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105aRemote address:172.67.70.191:443RequestGET /css/hdv3-css/responsive.css?r=20201105a HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:14 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=94945
ETag: W/"053c1df2235da1:0"
Last-Modified: Fri, 22 Dec 2023 22:04:46 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 979
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FYBXhjox7VvoHIXGTob28qM2rNfQ%2Fa%2BTUS6WiGcuyoSQjSBANH%2Bv9kiZMZNof6PV8BTNzsRgCgbap%2BeJ0DCCFoXHgNHQbCmykb2uVnjov6ivRhqEOOpjrGFlkEWMbZoqtSB%2BPQOKlss%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e3888fbb52ac-LHR
Content-Encoding: gzip
-
GEThttps://static.hugedomains.com/css/hdv3-css/style.css?r=20201105aRemote address:172.67.70.191:443RequestGET /css/hdv3-css/style.css?r=20201105a HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:15 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=231923
ETag: W/"044c5e7b22fda1:0"
Last-Modified: Sat, 16 Dec 2023 00:00:40 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4466
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WCjnNYfktN0m6NdheR%2FXZPxhvIJPaOgERb6NWIIinBPcT45yIQipwWZ%2BKDOmDaXReU4W7Gqnc31OY6pSsLihQC1UqVa79atvaOExs0Z39weE4uedTvYNLCXTktNa3JywX6Ph%2Bh3eStA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e38b095f52ac-LHR
Content-Encoding: gzip
-
GEThttps://static.hugedomains.com/js/hdv3-js/jquery.min.jsRemote address:172.67.70.191:443RequestGET /js/hdv3-js/jquery.min.js HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:18 GMT
Content-Type: application/javascript
Content-Length: 30217
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Mon, 20 Jul 2020 17:04:33 GMT
ETag: "8026d0d6b75ed61:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1623
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=poUSWKwccodFI%2FcQIfy9IAmX1aHk7C4i3tgh3Z7Jl4MZli1Gr%2B3sZf6zHUevB5md60CSsDaBAi4GUA0tIy%2Fi%2BUcjaK6%2F6XgRpz3EsOuBYWbIweUHN%2FJo1FZJvDqXvBw48QNETGBo4gY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e39e097252ac-LHR
-
GEThttps://static.hugedomains.com/js/hdv3-js/script.jsRemote address:172.67.70.191:443RequestGET /js/hdv3-js/script.js HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: minify
Cf-Polished: origSize=16782
ETag: W/"04e7c371aebd81:0"
Last-Modified: Fri, 28 Oct 2022 22:11:24 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2412
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fivOJwyqwATrPUquinGBsnc7X288NQ7yX09nky4d7x6miF0ngAiXigBzwwbtc6L105s1gftHTEo9sXAReqkl59yZSHJ7cdD2FOy8O2VWF84iSiAj31FEI2qgAA1RifpZ6QK723VUHA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e4155cb852ac-LHR
Content-Encoding: gzip
-
GEThttps://static.hugedomains.com/css/hdv3-css/reboot.min.cssRemote address:172.67.70.191:443RequestGET /css/hdv3-css/reboot.min.css HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:20 GMT
Content-Type: text/css
Content-Length: 1580
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Tue, 15 Nov 2022 18:51:51 GMT
ETag: "80fd745223f9d81:0"
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6027
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vsafQy8wP2AIWmi8R%2B8%2FfUs5SQ2YxsZZ9XYCkbWCgxaYi61e6v51FKs3pVYmV8WedLhI2Sfm0aw7gdCRg%2BAZqDnKa9PzORs%2FVAMMRpcWs6%2ByMHoMcma0JZQ1g3vfrX3Wq3N9PDA7Amw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 83e3e3aa69ee79bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/logo.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/logo.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:32 GMT
Content-Type: image/png
Content-Length: 4310
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=6473
ETag: "32f437d6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:32 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 214
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdyFFSZw0bvNF9zMrQtU28LAT58zZFptf0WpqbqlGl90bL761L44ZE2Jh6YMqe2bMBsHMNbwn7mvDEPWV2vCQ%2B9Yw1uhQ24myYClpzG74uTVNAy0PehXc9ojltI%2B%2BvRp5otel%2FRKuvU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e3f68b1e79bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/phone-icon.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/phone-icon.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:32 GMT
Content-Type: image/png
Content-Length: 743
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=2415
ETag: "524238d6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:32 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5502
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qoT9rD8nPshSc9A3UVqlc3KpI8m%2BPrVbwuzfbiKNpfwP7CFC9Tej6LpoxqQjq1p4KRl7OzlfrUsBN9iSqmh2mXYwXP9LzXGbEZK5WLPyhN9gfOddqGmmWRg48cy4714p%2BOE5gSzuQE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e3f6fbad79bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/care.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/care.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:32 GMT
Content-Type: image/png
Content-Length: 708
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=1906
ETag: "a9c92cd6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:31 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4456
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZXVgpx31haeNgaSaUEANewW0X4cWwge0NISOyFlopwMFdCCAz3hXtn3%2FdC8nEdbAOCbL%2FkWKQfLorM8xKbrBLCYcHCPqIjBMoYti9muIzI7MwB1hH0QFSO5jjKOmtyYh9amDdgN%2FCQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e3f91e7c79bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/guarant-footer.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/guarant-footer.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:33 GMT
Content-Type: image/png
Content-Length: 1507
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=3413
ETag: "8d4636d6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:31 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2901
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XTDSk8KDLhgRs73VH3KTBqC4XyX4LrWyB6RmhHzBuYy8rfj9fIIv7aAIgcIaoNAXMUaOU%2BE7Cy1%2F6vbjXWpvDUvAw9I8YkAIuj8t4zmBWxIcudg64bYI%2Bzr4l762pDoKK2kNMRpF9Y8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e3ff283879bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/escrow.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/escrow.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:36 GMT
Content-Type: image/png
Content-Length: 2799
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=5589
ETag: "ece634d6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:31 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 5323
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSr%2FrBVIfCHjINHb%2FWFdAYI7mulzwbrX81Q5eC1smcibVYsclWbA%2B000MHz956Cu37RXwgGMztJvhpnnDHWKuMl42E4z3RLN%2B%2FAP6TtrrN3bT0e9%2FXS1osWtonsGDQ01ZYMmH1vPNl8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e4106b1379bd-LHR
-
GEThttps://static.hugedomains.com/images/hdv3-img/geo.pngRemote address:172.67.70.191:443RequestGET /images/hdv3-img/geo.png HTTP/1.1
Accept: */*
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: static.hugedomains.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Sun, 31 Dec 2023 16:27:37 GMT
Content-Type: image/png
Content-Length: 2578
Connection: keep-alive
Access-Control-Allow-Origin: *
Cf-Bgj: imgq:100,h2pri
Cf-Polished: origSize=5035
ETag: "741f36d6b75ed61:0"
Last-Modified: Mon, 20 Jul 2020 17:04:31 GMT
X-Powered-By: ASP.NET
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 2712
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sPfV6jq5cvYhRJj8lhDm%2F3bzVHkkqIS7IWTziz1Zu0NRJbtK9A6FH2xb1L8ehyEpCDPVkz%2F2jTKXLXp0X9z0jZZPPz%2BgXfvuWsIJen9DHudv3gF%2Fzmwuv3bhRpSMJ1ntvdaPzDnGjA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 83e3e414c9d479bd-LHR
-
GEThttps://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.cssRemote address:151.101.1.229:443RequestGET /gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: cdn.jsdelivr.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3096
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Timing-Allow-Origin: *
Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/css; charset=utf-8
X-JSD-Version: 3.5.7
X-JSD-Version-Type: version
ETag: W/"31fb-G+m3m+AqHPxdlsSl4P649HK6vZU"
Content-Encoding: gzip
Accept-Ranges: bytes
Date: Sun, 31 Dec 2023 16:27:32 GMT
Age: 2807995
X-Served-By: cache-fra-eddf8230072-FRA, cache-lcy-eglc8600021-LCY
X-Cache: HIT, HIT
Vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
-
DNSuse.typekit.netRemote address:8.8.8.8:53Requestuse.typekit.netIN AResponseuse.typekit.netIN CNAMEuse-stls.adobe.com.edgesuite.netuse-stls.adobe.com.edgesuite.netIN CNAMEa1988.dscg1.akamai.neta1988.dscg1.akamai.netIN A88.221.134.88a1988.dscg1.akamai.netIN A88.221.134.115
-
GEThttps://use.typekit.net/zyw6mds.cssRemote address:88.221.134.88:443RequestGET /zyw6mds.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: use.typekit.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: text/css;charset=utf-8
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Timing-Allow-Origin: *
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Content-Length: 588
Date: Sun, 31 Dec 2023 16:27:58 GMT
Connection: keep-alive
-
DNSp.typekit.netRemote address:8.8.8.8:53Requestp.typekit.netIN AResponsep.typekit.netIN CNAMEp.typekit.net-stls-v3.edgesuite.netp.typekit.net-stls-v3.edgesuite.netIN CNAMEa1874.dscg1.akamai.neta1874.dscg1.akamai.netIN A88.221.135.104a1874.dscg1.akamai.netIN A88.221.134.122
-
GEThttps://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=cssRemote address:88.221.135.104:443RequestGET /p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Referer: https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Host: p.typekit.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: text/css
Content-Length: 5
Last-Modified: Fri, 14 Jul 2023 12:46:57 GMT
ETag: "64b143c1-5"
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Accept-Ranges: bytes
Date: Sun, 31 Dec 2023 16:28:10 GMT
Connection: keep-alive
-
3.130.204.160:80http://www.app-zilla.com/register_install_ppd.phphttp
HTTP Request
GET http://www.app-zilla.com/register_install_ppd.phpHTTP Response
302 -
104.26.7.37:443https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.comtls, http
HTTP Request
GET https://www.hugedomains.com/domain_profile.cfm?d=app-zilla.comHTTP Response
200 -
142.250.200.4:443https://www.google.com/recaptcha/api.jstls, http
HTTP Request
GET https://www.google.com/recaptcha/api.jsHTTP Response
200 -
151.101.1.229:443cdn.jsdelivr.nettls
-
172.67.70.191:443https://static.hugedomains.com/js/hdv3-js/script.jstls, http
HTTP Request
GET https://static.hugedomains.com/css/hdv3-css/responsive.css?r=20201105aHTTP Response
200HTTP Request
GET https://static.hugedomains.com/css/hdv3-css/style.css?r=20201105aHTTP Response
200HTTP Request
GET https://static.hugedomains.com/js/hdv3-js/jquery.min.jsHTTP Response
200HTTP Request
GET https://static.hugedomains.com/js/hdv3-js/script.jsHTTP Response
200 -
172.67.70.191:443https://static.hugedomains.com/images/hdv3-img/geo.pngtls, http
HTTP Request
GET https://static.hugedomains.com/css/hdv3-css/reboot.min.cssHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/logo.pngHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/phone-icon.pngHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/care.pngHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/guarant-footer.pngHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/escrow.pngHTTP Response
200HTTP Request
GET https://static.hugedomains.com/images/hdv3-img/geo.pngHTTP Response
200 -
151.101.1.229:443cdn.jsdelivr.nettls
-
151.101.1.229:443https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.csstls, http
HTTP Request
GET https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.7/dist/jquery.fancybox.min.cssHTTP Response
200 -
88.221.134.88:443use.typekit.nettls
-
88.221.134.88:443use.typekit.nettls
-
88.221.134.88:443https://use.typekit.net/zyw6mds.csstls, http
HTTP Request
GET https://use.typekit.net/zyw6mds.cssHTTP Response
200 -
88.221.135.104:443p.typekit.nettls
-
88.221.135.104:443p.typekit.nettls
-
88.221.135.104:443https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=csstls, http
HTTP Request
GET https://p.typekit.net/p.css?s=1&k=zyw6mds&ht=tk&f=40411&a=11744788&app=typekit&e=cssHTTP Response
200
-
8.8.8.8:53www.app-zilla.comdns
DNS Request
www.app-zilla.com
DNS Response
3.130.204.1603.130.253.23
-
8.8.8.8:53www.hugedomains.comdns
DNS Request
www.hugedomains.com
DNS Response
104.26.7.37172.67.70.191104.26.6.37
-
8.8.8.8:53static.hugedomains.comdns
DNS Request
static.hugedomains.com
DNS Response
172.67.70.191104.26.6.37104.26.7.37
-
8.8.8.8:53cdn.jsdelivr.netdns
DNS Request
cdn.jsdelivr.net
DNS Response
151.101.1.229151.101.65.229151.101.129.229151.101.193.229
-
8.8.8.8:53www.google.comdns
DNS Request
www.google.com
DNS Response
142.250.200.4
-
8.8.8.8:53use.typekit.netdns
DNS Request
use.typekit.net
DNS Response
88.221.134.8888.221.134.115
-
8.8.8.8:53p.typekit.netdns
DNS Request
p.typekit.net
DNS Response
88.221.135.10488.221.134.122
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
867B
MD5c5dfb849ca051355ee2dba1ac33eb028
SHA1d69b561148f01c77c54578c10926df5b856976ad
SHA256cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA51288289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da
-
Filesize
242B
MD54aca26cde00724fc194a4a2e9c2e2fc6
SHA15ae34e79f1cdbc4cbb5b70520032312716f664c2
SHA2567187c20295a1ac841f6d6abc206ab165983ba005e8c8ad0923a34bf161f9d97d
SHA512bc483c14a0230e01034436bf8831e97b10ff8cb30d63f23440e98483456905ccd2e5c4d80a6531e399d1ee1eed54eddf34a5d10611ff27c6dca4dc31fdfbab1e
-
Filesize
290KB
MD59181b183dd3096301e7211ed0312de8a
SHA10c321747b581ad79da70dc9aab183cc12c3bbefd
SHA256202fcecc53f1ffd2d1d85cc4cc79a24ae37285ce564e15615b5d13ca69487968
SHA5125316e0511746c75603ba02eaf79b9aafbb29356f94279f466d3f17e9894082f14cf052ca3b8f52a149815e8c9b58f5d4b02ef1dcc3d677dc27032480f788adf7
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
332KB
MD5fa199dffc4991a36725e1a2d272e787e
SHA168c1db76a8080782e3f450e3f724e4e1564b18f6
SHA25613c8453cb118d3f9d2dc2a1189633ab10162f902758320487f03daf124c4bb9e
SHA5128dc6a2369dc87148ac45cd6ae37f33fcb32c4fd863d17f6166a41c7a4ef40edd6a4da0f57536f382e550add791bf678a5116e0f1cb440649be1b924c3a31a520
-
Filesize
5KB
MD5a7cd6206240484c8436c66afb12bdfbf
SHA10bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919
SHA25669ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926
SHA512b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904
-
Filesize
11KB
MD500a0194c20ee912257df53bfe258ee4a
SHA1d7b4e319bc5119024690dc8230b9cc919b1b86b2
SHA256dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
SHA5123b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667