Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
23/01/2024, 23:26 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://r20.rs6.net/tn.jsp?f=001NYHt_gJAxl6JlMDvhDMDYms-PfvQ6xp_WHLpNFre5d7gIGfpNULiBbTKsqoqDJqKRj8uZU6uorjV78K24owm1WXSHJO-A-bd4CJz53ssCva61TJjUeLvRqRidWk4mh23LkS14QItGZuLDl36p0GwEQ==&c=&ch=&__=?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
Resource
win10v2004-20231215-en
General
-
Target
https://r20.rs6.net/tn.jsp?f=001NYHt_gJAxl6JlMDvhDMDYms-PfvQ6xp_WHLpNFre5d7gIGfpNULiBbTKsqoqDJqKRj8uZU6uorjV78K24owm1WXSHJO-A-bd4CJz53ssCva61TJjUeLvRqRidWk4mh23LkS14QItGZuLDl36p0GwEQ==&c=&ch=&__=?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133505260000575361" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 700 chrome.exe 700 chrome.exe 1792 chrome.exe 1792 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe Token: SeShutdownPrivilege 700 chrome.exe Token: SeCreatePagefilePrivilege 700 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe 700 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 700 wrote to memory of 4920 700 chrome.exe 88 PID 700 wrote to memory of 4920 700 chrome.exe 88 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 2336 700 chrome.exe 92 PID 700 wrote to memory of 1412 700 chrome.exe 91 PID 700 wrote to memory of 1412 700 chrome.exe 91 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95 PID 700 wrote to memory of 1220 700 chrome.exe 95
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://r20.rs6.net/tn.jsp?f=001NYHt_gJAxl6JlMDvhDMDYms-PfvQ6xp_WHLpNFre5d7gIGfpNULiBbTKsqoqDJqKRj8uZU6uorjV78K24owm1WXSHJO-A-bd4CJz53ssCva61TJjUeLvRqRidWk4mh23LkS14QItGZuLDl36p0GwEQ==&c=&ch=&__=?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:700 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbb079758,0x7fffbb079768,0x7fffbb0797782⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:82⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:22⤵PID:2336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:2356
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:82⤵PID:1220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3908 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3940 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:3160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4604 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5196 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:82⤵PID:4248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5724 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:12⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3780 --field-trial-handle=1952,i,15777569684696683836,32320919562326917,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4616
Network
-
Remote address:8.8.8.8:53Requestr20.rs6.netIN AResponser20.rs6.netIN CNAMErs6.netrs6.netIN A208.75.122.11
-
Remote address:8.8.8.8:53Requesttics.atacilli.com.trIN AResponsetics.atacilli.com.trIN A213.238.183.121
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request210.178.17.96.in-addr.arpaIN PTRResponse210.178.17.96.in-addr.arpaIN PTRa96-17-178-210deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request106.201.58.216.in-addr.arpaIN PTRResponse106.201.58.216.in-addr.arpaIN PTRlhr48s48-in-f101e100net106.201.58.216.in-addr.arpaIN PTRprg03s02-in-f10�I106.201.58.216.in-addr.arpaIN PTRprg03s02-in-f106�I
-
Remote address:8.8.8.8:53Request11.122.75.208.in-addr.arpaIN PTRResponse11.122.75.208.in-addr.arpaIN PTRrs6net
-
Remote address:213.238.183.121:443RequestGET /?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20= HTTP/2.0
host: tics.atacilli.com.tr
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: text/html; charset=UTF-8
content-length: 461
content-encoding: br
vary: Accept-Encoding
date: Tue, 23 Jan 2024 23:26:37 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
-
Remote address:8.8.8.8:53Requestcode.jquery.comIN AResponsecode.jquery.comIN A151.101.2.137code.jquery.comIN A151.101.130.137code.jquery.comIN A151.101.194.137code.jquery.comIN A151.101.66.137
-
Remote address:151.101.2.137:443RequestGET /jquery-3.6.0.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://tics.atacilli.com.tr
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://tics.atacilli.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 23 Jan 2024 23:26:37 GMT
age: 5449781
x-served-by: cache-lga21931-LGA, cache-lcy-eglc8600040-LCY
x-cache: HIT, HIT
x-cache-hits: 5, 1027386
x-timer: S1706052398.670157,VS0,VE0
vary: Accept-Encoding
content-length: 30875
-
Remote address:8.8.8.8:53Requestshareonlinefilemcrosoftnline.ruIN AResponseshareonlinefilemcrosoftnline.ruIN A104.21.68.177shareonlinefilemcrosoftnline.ruIN A172.67.197.137
-
Remote address:8.8.8.8:53Request22.160.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request121.183.238.213.in-addr.arpaIN PTRResponse121.183.238.213.in-addr.arpaIN PTR121183238213staticcenutacom
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request137.2.101.151.in-addr.arpaIN PTRResponse
-
Remote address:104.21.68.177:443RequestGET /McmxlbnRlbGxAbWFudWxpZmVhbS5jb20= HTTP/2.0
host: shareonlinefilemcrosoftnline.ru
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://tics.atacilli.com.tr/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 403
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84a3cd81ae8f7777-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requesta.nel.cloudflare.comIN AResponsea.nel.cloudflare.comIN A35.190.80.1
-
OPTIONShttps://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6Echrome.exeRemote address:35.190.80.1:443RequestOPTIONS /report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E HTTP/2.0
host: a.nel.cloudflare.com
origin: https://shareonlinefilemcrosoftnline.ru
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A96.17.179.205a1952.dscq.akamai.netIN A96.17.179.184
-
Remote address:96.17.179.205:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Wed, 24 Jan 2024 00:26:38 GMT
Date: Tue, 23 Jan 2024 23:26:38 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requestchallenges.cloudflare.comIN AResponsechallenges.cloudflare.comIN A104.17.3.184challenges.cloudflare.comIN A104.17.2.184
-
GEThttps://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicitchrome.exeRemote address:104.17.3.184:443RequestGET /turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicit HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://shareonlinefilemcrosoftnline.ru
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 84a3cd84d8c388c1-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request177.68.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.80.190.35.in-addr.arpaIN PTRResponse1.80.190.35.in-addr.arpaIN PTR18019035bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request205.179.17.96.in-addr.arpaIN PTRResponse205.179.17.96.in-addr.arpaIN PTRa96-17-179-205deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request184.3.17.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestunpkg.comIN AResponseunpkg.comIN A104.16.125.175unpkg.comIN A104.16.122.175unpkg.comIN A104.16.124.175unpkg.comIN A104.16.123.175unpkg.comIN A104.16.126.175
-
Remote address:104.16.125.175:443RequestGET /axios/dist/axios.min.js HTTP/2.0
host: unpkg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://shareonlinefilemcrosoftnline.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 302
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /axios@1.6.5/dist/axios.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01HMWA4D2DXKTDQZXWM60V8GBH-lhr
cf-cache-status: HIT
age: 239
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 84a3cdcfca1463a6-LHR
-
Remote address:104.16.125.175:443RequestGET /axios@1.6.5/dist/axios.min.js HTTP/2.0
host: unpkg.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://shareonlinefilemcrosoftnline.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"8377-sJR9VQcibeO0sE4OfGCP6SP7nGs"
via: 1.1 fly.io
fly-request-id: 01HKDK2F0W32P3WEPEGJ8V7KV2-lhr
cf-cache-status: HIT
age: 1567924
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 84a3cdd01a8d63a6-LHR
content-encoding: br
-
Remote address:8.8.8.8:53Request175.125.16.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcontent-autofill.googleapis.comIN AResponsecontent-autofill.googleapis.comIN A142.250.179.234content-autofill.googleapis.comIN A142.250.180.10content-autofill.googleapis.comIN A142.250.187.202content-autofill.googleapis.comIN A142.250.187.234content-autofill.googleapis.comIN A172.217.16.234content-autofill.googleapis.comIN A142.250.200.42content-autofill.googleapis.comIN A142.250.200.10content-autofill.googleapis.comIN A142.250.178.10content-autofill.googleapis.comIN A216.58.201.106content-autofill.googleapis.comIN A216.58.204.74content-autofill.googleapis.comIN A216.58.213.10content-autofill.googleapis.comIN A172.217.169.10content-autofill.googleapis.comIN A216.58.212.202content-autofill.googleapis.comIN A216.58.212.234
-
GEThttps://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=protochrome.exeRemote address:142.250.179.234:443RequestGET /v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CM3cygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
-
Remote address:8.8.8.8:53Request234.179.250.142.in-addr.arpaIN PTRResponse234.179.250.142.in-addr.arpaIN PTRlhr25s31-in-f101e100net
-
Remote address:8.8.8.8:53Requestaadcdn.msauthimages.netIN AResponseaadcdn.msauthimages.netIN CNAMEaadcdn.azureedge.netaadcdn.azureedge.netIN CNAMEaadcdn.ec.azureedge.netaadcdn.ec.azureedge.netIN CNAMEscdn3514c.wpc.9e730.upsiloncdn.netscdn3514c.wpc.9e730.upsiloncdn.netIN CNAMEsni1gl.wpc.upsiloncdn.netsni1gl.wpc.upsiloncdn.netIN A152.199.21.175
-
GEThttps://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890chrome.exeRemote address:152.199.21.175:443RequestGET /dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890 HTTP/2.0
host: aadcdn.msauthimages.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://shareonlinefilemcrosoftnline.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: TbUn5S2v3F/BAwOWcGhwUA==
content-type: image/*
date: Tue, 23 Jan 2024 23:26:57 GMT
etag: 0x8DBBAEE7748D3A8
last-modified: Thu, 21 Sep 2023 22:02:36 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 092a97ab-c01e-0003-5f53-4ea286000000
x-ms-version: 2009-09-19
content-length: 5764
-
GEThttps://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024chrome.exeRemote address:152.199.21.175:443RequestGET /dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024 HTTP/2.0
host: aadcdn.msauthimages.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://shareonlinefilemcrosoftnline.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 200
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
content-md5: ANRK7X96PRp0W1D2M5ZRMA==
content-type: image/*
date: Tue, 23 Jan 2024 23:27:02 GMT
etag: 0x8DBD0E0D021A4D5
last-modified: Thu, 19 Oct 2023 20:20:18 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3ecb21f8-901e-000e-1453-4e6a52000000
x-ms-version: 2009-09-19
content-length: 286720
-
Remote address:8.8.8.8:53Request175.21.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.110.18.2.in-addr.arpaIN PTRResponse57.110.18.2.in-addr.arpaIN PTRa2-18-110-57deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request178.223.142.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request178.223.142.52.in-addr.arpaIN PTRResponse
-
1.9kB 4.2kB 9 11
-
1.1kB 3.7kB 11 11
-
213.238.183.121:443https://tics.atacilli.com.tr/?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=tls, http2chrome.exe1.8kB 5.0kB 13 14
HTTP Request
GET https://tics.atacilli.com.tr/?YYY.4h38-.cmxlbnRlbGxAbWFudWxpZmVhbS5jb20=HTTP Response
200 -
2.7kB 39.2kB 36 39
HTTP Request
GET https://code.jquery.com/jquery-3.6.0.min.jsHTTP Response
200 -
943 B 4.9kB 8 7
-
104.21.68.177:443https://shareonlinefilemcrosoftnline.ru/McmxlbnRlbGxAbWFudWxpZmVhbS5jb20=tls, http2chrome.exe2.1kB 13.8kB 20 20
HTTP Request
GET https://shareonlinefilemcrosoftnline.ru/McmxlbnRlbGxAbWFudWxpZmVhbS5jb20=HTTP Response
403 -
35.190.80.1:443https://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6Etls, http2chrome.exe1.9kB 6.0kB 15 16
HTTP Request
OPTIONS https://a.nel.cloudflare.com/report/v3?s=2%2Bp35FbeGkmu7AdiqiDBo00jx6rUNUP9kFk3Vb1L9a5vRETXKrYtRwfQR%2F%2BtUzADalekZbNSGekIj2AJGGSFWKK8FgAkcwt4PoldqV9b%2FSItvH8zDFoUQuq4S07WdoJ3RRLX3jN4aU1%2FFiYt970QSw6E -
468 B 1.7kB 7 6
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
104.17.3.184:443https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicittls, http2chrome.exe2.2kB 17.2kB 24 26
HTTP Request
GET https://challenges.cloudflare.com/turnstile/v0/g/ea25f566/api.js?onload=xZNcr9&render=explicitHTTP Response
200 -
2.0kB 17.5kB 19 24
HTTP Request
GET https://unpkg.com/axios/dist/axios.min.jsHTTP Response
302HTTP Request
GET https://unpkg.com/axios@1.6.5/dist/axios.min.jsHTTP Response
200 -
142.250.179.234:443https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=prototls, http2chrome.exe1.8kB 7.0kB 15 16
HTTP Request
GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTA2LjAuNTI0OS4xMTkSEAkOYS4cppjp3hIFDVd69_0=?alt=proto -
152.199.21.175:443https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024tls, http2chrome.exe7.7kB 311.0kB 131 241
HTTP Request
GET https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/bannerlogo?ts=638309305563109890HTTP Response
200HTTP Request
GET https://aadcdn.msauthimages.net/dbd5a2dd-msd-3m-ncul1rufuzcc3osz7qi-kbp-ok2tkdnirtrg/logintenantbranding/0/illustration?ts=638333436176338024HTTP Response
200
-
57 B 87 B 1 1
DNS Request
r20.rs6.net
DNS Response
208.75.122.11
-
66 B 82 B 1 1
DNS Request
tics.atacilli.com.tr
DNS Response
213.238.183.121
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
210.178.17.96.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
106.201.58.216.in-addr.arpa
-
72 B 93 B 1 1
DNS Request
11.122.75.208.in-addr.arpa
-
61 B 125 B 1 1
DNS Request
code.jquery.com
DNS Response
151.101.2.137151.101.130.137151.101.194.137151.101.66.137
-
4.2kB 6.4kB 12 13
-
77 B 109 B 1 1
DNS Request
shareonlinefilemcrosoftnline.ru
DNS Response
104.21.68.177172.67.197.137
-
72 B 158 B 1 1
DNS Request
22.160.190.20.in-addr.arpa
-
74 B 121 B 1 1
DNS Request
121.183.238.213.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
137.2.101.151.in-addr.arpa
-
66 B 82 B 1 1
DNS Request
a.nel.cloudflare.com
DNS Response
35.190.80.1
-
33.6kB 192.2kB 107 229
-
64 B 165 B 1 1
DNS Request
apps.identrust.com
DNS Response
96.17.179.20596.17.179.184
-
71 B 103 B 1 1
DNS Request
challenges.cloudflare.com
DNS Response
104.17.3.184104.17.2.184
-
2.6kB 5.2kB 8 9
-
137.8kB 213.5kB 175 247
-
72 B 134 B 1 1
DNS Request
177.68.21.104.in-addr.arpa
-
70 B 120 B 1 1
DNS Request
1.80.190.35.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
205.179.17.96.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
184.3.17.104.in-addr.arpa
-
204 B 3
-
55 B 135 B 1 1
DNS Request
unpkg.com
DNS Response
104.16.125.175104.16.122.175104.16.124.175104.16.123.175104.16.126.175
-
73 B 135 B 1 1
DNS Request
175.125.16.104.in-addr.arpa
-
77 B 301 B 1 1
DNS Request
content-autofill.googleapis.com
DNS Response
142.250.179.234142.250.180.10142.250.187.202142.250.187.234172.217.16.234142.250.200.42142.250.200.10142.250.178.10216.58.201.106216.58.204.74216.58.213.10172.217.169.10216.58.212.202216.58.212.234
-
74 B 113 B 1 1
DNS Request
234.179.250.142.in-addr.arpa
-
69 B 210 B 1 1
DNS Request
aadcdn.msauthimages.net
DNS Response
152.199.21.175
-
73 B 144 B 1 1
DNS Request
175.21.199.152.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
57.110.18.2.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
146 B 288 B 2 2
DNS Request
240.221.184.93.in-addr.arpa
DNS Request
240.221.184.93.in-addr.arpa
-
4.4kB 2.4kB 10 9
-
142 B 232 B 2 2
DNS Request
0.205.248.87.in-addr.arpa
DNS Request
0.205.248.87.in-addr.arpa
-
146 B 294 B 2 2
DNS Request
178.223.142.52.in-addr.arpa
DNS Request
178.223.142.52.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240B
MD549b26abb5eaec5aec01b61d38bad539d
SHA1c45fc25d49aa7edb9ecf68c0403353ab4871efae
SHA25649bf75787a422ed003729514ef715f2daae1dc5e2e5922b2a447b0eedbf1b20c
SHA5124a91c4867b294b5bbe1adb1eb4f66597f87d98f336149e6d752df2d1bf6d7400246c0a460f664251940847d224448d130862b46fd8869e6fdad9a140bb6bcb17
-
Filesize
2KB
MD5bc28e08a6dfd5c1fdfc4742568129278
SHA1d0ef5df59ae2d281939eaa70dda2c84ffac69539
SHA256cca4f19ac689c384a993ff47748ec566ad98551c1be5e4613ec2c4528349e8d8
SHA5126687fa7c9f7ebbc4c2773df0329244e494d3a0c9d510192dac282e6be2de46f567ee085c8bb29a2524b7ac3c9b613db7d3d62d2723f75961d023ed35e868b4ee
-
Filesize
536B
MD5ab07efbe460f8573ddf43723e66983cc
SHA187b113aade332823b0a248bb8e792bca38ddc32b
SHA2569554b19eb3f9fb484fa05a9ab9b0a007ad3c7a7184567ae3f5349aac5b157bea
SHA512449ff8fcfd8bbbe80de21c78a3adb942b30dedff1c36f23726b7dcebaa75b30734d2c21050cb9ffe42fade2375ee9313d8a2b8a312589f86ce732131ae16db23
-
Filesize
6KB
MD5663efeb58c40b3b21fc40a9fc4412a21
SHA1e74c3a24d1d677a07bb91a2b44169a42168c7b8a
SHA256b1554bfed36939b4e9ddf9829629eae6930f678873c0a5aa71a5c610515f0910
SHA5121f902ba3c9adf22a389a7c5dd1c88a083bdce9a0ee3b9cb36fa7512787e4281df977615606f910cb8a2fae525d135f836c0352a2baba5b0b08b6581175e47d14
-
Filesize
114KB
MD5ab253798592253f3a73d0fee945007c8
SHA144d98b048902fb9ec051aaeb55aa2874ce6f4b80
SHA256441ecaa363c38ebe3bb4b1e9f7a0eb48813958c208d69efe2ec4e47aae388b37
SHA5120bf81f276767aee500fdc9fee306cedc7cd1e49798952b832f027c4efee03c71f1f9f4220b26ffe861ca4480d19f8a4196812b8085c686ac04937709bdae1f10
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd