Analysis Overview
Threat Level: Likely benign
The file http://rb.gy/78xr2q was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand google.
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-02-19 21:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-19 21:51
Reported
2024-02-19 21:57
Platform
android-x86-arm-20231215-en
Max time kernel
116s
Max time network
300s
Command Line
Signatures
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 52.200.15.1:80 | rb.gy | tcp |
| US | 52.200.15.1:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | www.563mg.com | udp |
| US | 104.21.91.180:443 | www.563mg.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.180.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | 46j3w.com | udp |
| US | 172.67.169.184:443 | 46j3w.com | tcp |
| US | 1.1.1.1:53 | x.s788n.com | udp |
| US | 104.21.10.187:443 | x.s788n.com | tcp |
| US | 1.1.1.1:53 | predictionds.com | udp |
| US | 104.21.50.133:443 | predictionds.com | tcp |
| US | 1.1.1.1:53 | tracking.prtrackings.com | udp |
| NL | 34.90.81.51:443 | tracking.prtrackings.com | tcp |
| US | 1.1.1.1:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 1.1.1.1:53 | trk.show-waste-myself-during.run | udp |
| US | 172.67.148.225:443 | trk.show-waste-myself-during.run | tcp |
| US | 1.1.1.1:53 | privacymobilenewonline.autos | udp |
| US | 172.67.194.135:443 | privacymobilenewonline.autos | tcp |
| US | 172.67.194.135:443 | privacymobilenewonline.autos | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdn.privacymobilenewonline.autos | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | cdn.privacymobilenewonline.autos | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 104.21.92.137:443 | cdn.privacymobilenewonline.autos | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | dbkjnaomy | udp |
| US | 1.1.1.1:53 | fmdbmpgxkduo | udp |
| US | 1.1.1.1:53 | mdnbbvpvxwkk | udp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.227:80 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| GB | 172.217.16.227:443 | tcp |
Files
files/dom-0.html
| MD5 | 18f4085c8e5746bbdc418c6eacda86b7 |
| SHA1 | 4baeb13a3e1d3ad31bfe80ef2e53692983f9225a |
| SHA256 | 7bd4e2a12a5fabc6d3e0f62d39c087a96cf3c2fe4eaa3a5ec4c29bb0c5b8a700 |
| SHA512 | 114d1482c59cfeb9a5172af2bb53a9d29496a8d0b54d504774405fedb81038a049f206caf6221f26ae70894d5e1352834dce9ee9b58dcb9b64bfbf4050b4d5f0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-19 21:51
Reported
2024-02-19 21:57
Platform
android-x64-20231215-en
Max time kernel
299s
Max time network
299s
Command Line
Signatures
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 52.200.15.1:80 | rb.gy | tcp |
| US | 52.200.15.1:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.563mg.com | udp |
| US | 172.67.177.109:443 | www.563mg.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | 46j3w.com | udp |
| US | 104.21.39.64:443 | 46j3w.com | tcp |
| US | 1.1.1.1:53 | x.s788n.com | udp |
| US | 172.67.131.176:443 | x.s788n.com | tcp |
| US | 1.1.1.1:53 | predictionds.com | udp |
| US | 172.67.206.138:443 | predictionds.com | tcp |
| US | 1.1.1.1:53 | www.thebuxfiles.com | udp |
| US | 104.21.89.19:443 | www.thebuxfiles.com | tcp |
| US | 1.1.1.1:53 | c.ftblltrck.com | udp |
| US | 52.6.207.239:443 | c.ftblltrck.com | tcp |
| US | 52.6.207.239:443 | c.ftblltrck.com | tcp |
| US | 1.1.1.1:53 | nationalconsumerscenter.co.uk | udp |
| US | 172.67.173.122:443 | nationalconsumerscenter.co.uk | tcp |
| US | 1.1.1.1:53 | www.cdn925.com | udp |
| US | 104.18.90.64:443 | www.cdn925.com | tcp |
| US | 104.18.90.64:443 | www.cdn925.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.clicken.us | udp |
| US | 104.18.130.12:443 | www.clicken.us | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 172.217.169.78:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | fqtag.com | udp |
| US | 35.190.72.161:443 | fqtag.com | tcp |
| US | 1.1.1.1:53 | cdn.fqtag.com | udp |
| US | 35.190.36.172:443 | cdn.fqtag.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | gvzpzxzh | udp |
| US | 1.1.1.1:53 | bkozaqvdulyzp | udp |
| US | 1.1.1.1:53 | guwotljoblenxhz | udp |
| US | 35.190.72.161:443 | fqtag.com | tcp |
| US | 1.1.1.1:53 | aux.fqtag.com | udp |
| US | 35.190.13.203:443 | aux.fqtag.com | tcp |
| US | 1.1.1.1:53 | stun.2talk.com | udp |
| US | 1.1.1.1:53 | stun.botonakis.com | udp |
| US | 1.1.1.1:53 | stun.budgetphone.nl | udp |
| US | 1.1.1.1:53 | stun.counterpath.com | udp |
| US | 1.1.1.1:53 | stun.gradwell.com | udp |
| US | 1.1.1.1:53 | stun.jumblo.com | udp |
| US | 1.1.1.1:53 | stun.botonakis.com | udp |
| US | 1.1.1.1:53 | stun.nas.net | udp |
| US | 1.1.1.1:53 | stun.node4.co.uk | udp |
| US | 27.111.12.93:3478 | stun.2talk.com | udp |
| US | 1.1.1.1:53 | stun.gradwell.com | udp |
| US | 27.111.12.93:3478 | stun.2talk.com | udp |
| US | 216.93.246.18:3478 | stun.counterpath.com | udp |
| US | 216.93.246.18:3478 | stun.counterpath.com | udp |
| US | 1.1.1.1:53 | stun.veoh.com | udp |
| DE | 77.72.169.210:3478 | stun.jumblo.com | udp |
| US | 1.1.1.1:53 | stun.budgetphone.nl | udp |
| DE | 77.72.169.210:3478 | stun.jumblo.com | udp |
| US | 1.1.1.1:53 | stun.voip.aebc.com | udp |
| CA | 216.145.109.98:3478 | stun.nas.net | udp |
| US | 1.1.1.1:53 | stun.node4.co.uk | udp |
| CA | 216.145.109.98:3478 | stun.nas.net | udp |
| US | 1.1.1.1:53 | stun.voipzoom.com | udp |
| US | 69.167.127.106:3478 | stun.veoh.com | udp |
| US | 69.167.127.106:3478 | stun.veoh.com | udp |
| US | 1.1.1.1:53 | stun.voxox.com | udp |
| US | 1.1.1.1:53 | stun.wwdl.net | udp |
| US | 35.190.13.203:443 | aux.fqtag.com | tcp |
| CA | 66.51.128.11:3478 | stun.voip.aebc.com | udp |
| US | 1.1.1.1:53 | stun.voxox.com | udp |
| CA | 66.51.128.11:3478 | stun.voip.aebc.com | udp |
| US | 70.85.220.74:3478 | stun.wwdl.net | udp |
| US | 70.85.220.74:3478 | stun.wwdl.net | udp |
| DE | 77.72.169.211:3478 | stun.voipzoom.com | udp |
| DE | 77.72.169.211:3478 | stun.voipzoom.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.180.3:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp |
Files
files/dom-0.html
| MD5 | af04f76a0e2836fa81199f8fb4df15a3 |
| SHA1 | 38f142854a8cf3f959b939534fdf6ed364ef48a3 |
| SHA256 | dab0ba7cf28403a25655f8d1096ad6116d86375aa65f24387255bc53510f5645 |
| SHA512 | da6ad4b969d9edabf9da5069cef7b95ee30d605448c6b317a45135daa1d8d64c95979fa94615d1e630cedc03bad23dcd437241332d24a6456ddf9e1d177413b4 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-19 21:51
Reported
2024-02-19 21:57
Platform
android-x64-arm64-20231215-en
Max time kernel
245s
Max time network
301s
Command Line
Signatures
Detected potential entity reuse from brand google.
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 3.224.68.189:80 | rb.gy | tcp |
| US | 3.224.68.189:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | rb.gy | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 54.164.199.24:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.563mg.com | udp |
| US | 172.67.177.109:443 | www.563mg.com | tcp |
| US | 1.1.1.1:53 | 46j3w.com | udp |
| US | 172.67.169.184:443 | 46j3w.com | tcp |
| US | 1.1.1.1:53 | x.s788n.com | udp |
| US | 104.21.10.187:443 | x.s788n.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.187.234:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | predictionds.com | udp |
| US | 104.21.50.133:443 | predictionds.com | tcp |
| US | 1.1.1.1:53 | tracking.prtrackings.com | udp |
| NL | 34.147.21.42:443 | tracking.prtrackings.com | tcp |
| US | 1.1.1.1:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 1.1.1.1:53 | trk.show-waste-myself-during.run | udp |
| US | 104.21.47.159:443 | trk.show-waste-myself-during.run | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | free-private-mobile-app.autos | udp |
| US | 104.21.45.115:443 | free-private-mobile-app.autos | tcp |
| US | 104.21.45.115:443 | free-private-mobile-app.autos | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdn.free-private-mobile-app.autos | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | atzsvroiu | udp |
| US | 1.1.1.1:53 | tcfyajaknvwbvl | udp |
| US | 1.1.1.1:53 | qnlvzcgtyqay | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| GB | 172.217.169.34:443 | tcp | |
| GB | 216.58.201.99:443 | tcp |
Files
files/dom-0.html
| MD5 | 224b86cf52fd3348c5506a0d870440dc |
| SHA1 | 3e874eb06706a09a5a41bb93c96c93116c66b5ba |
| SHA256 | 80cd4dec7a27ca2add4c2ebe7f8861a0f8c615c95f0201400991c0f3b232fb20 |
| SHA512 | d68ba6b49895064aae5c0cc7548e7ad40dcfba4cffb2e9f56e1d09923a08afd0b70c16e3a3a031ba6e1342833540c29a2ea89d75d2fe4917325aa171c7cc6e5c |