hxxps://mallasysogas[.]com/close/cloth/move[.]php

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 22:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mallasysogas.com/close/cloth/move.php

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547573344970030"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
5748	chrome.exe
5748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 3428	4908	chrome.exe	94
PID 4908 wrote to memory of 3428	4908	chrome.exe	94
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 3512	4908	chrome.exe	96
PID 4908 wrote to memory of 4924	4908	chrome.exe	97
PID 4908 wrote to memory of 4924	4908	chrome.exe	97
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98
PID 4908 wrote to memory of 1240	4908	chrome.exe	98

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mallasysogas.com/close/cloth/move.php
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3e4b9758,0x7ffc3e4b9768,0x7ffc3e4b9778
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:8
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:8
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 --field-trial-handle=1900,i,616240196714958929,1610530803112979565,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3536 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:5784

Network

DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
DNS

mallasysogas.com

chrome.exe

Remote address:

8.8.8.8:53

Request

mallasysogas.com

IN A

Response

mallasysogas.com

IN A

192.185.142.6
GET

https://mallasysogas.com/close/cloth/move.php

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /close/cloth/move.php HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

last-modified: Sat, 01 Oct 2022 13:16:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 12 Mar 2024 22:48:59 GMT
server: Apache
GET

https://mallasysogas.com/cgi-sys/js/simple-expand.min.js

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /cgi-sys/js/simple-expand.min.js HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sat, 01 Oct 2022 13:13:38 GMT
accept-ranges: bytes
content-length: 2672
content-type: image/png
date: Tue, 12 Mar 2024 22:49:00 GMT
server: Apache
GET

https://mallasysogas.com/cgi-sys/images/x.png

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /cgi-sys/images/x.png HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sat, 01 Oct 2022 13:13:40 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1191
content-type: application/javascript
date: Tue, 12 Mar 2024 22:49:00 GMT
server: Apache
GET

https://mallasysogas.com/cgi-sys/images/404top_w.jpg

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /cgi-sys/images/404top_w.jpg HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sun, 02 Oct 2022 10:26:55 GMT
accept-ranges: bytes
content-length: 4335
content-type: image/jpeg
date: Tue, 12 Mar 2024 22:49:00 GMT
server: Apache
GET

https://mallasysogas.com/cgi-sys/images/404mid.gif

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /cgi-sys/images/404mid.gif HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sat, 01 Oct 2022 13:14:12 GMT
accept-ranges: bytes
content-length: 537
content-type: image/gif
date: Tue, 12 Mar 2024 22:49:00 GMT
server: Apache
GET

https://mallasysogas.com/cgi-sys/images/404bottom.gif

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /cgi-sys/images/404bottom.gif HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

last-modified: Sat, 01 Oct 2022 13:14:48 GMT
accept-ranges: bytes
content-length: 120
content-type: image/gif
date: Tue, 12 Mar 2024 22:49:00 GMT
server: Apache
GET

https://mallasysogas.com/favicon.ico

chrome.exe

Remote address:

192.185.142.6:443

Request

GET /favicon.ico HTTP/2.0
host: mallasysogas.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://mallasysogas.com/close/cloth/move.php
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

last-modified: Sat, 01 Oct 2022 13:16:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4677
content-type: text/html
date: Tue, 12 Mar 2024 22:49:01 GMT
server: Apache
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

6.142.185.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.142.185.192.in-addr.arpa

IN PTR

Response

6.142.185.192.in-addr.arpa

IN PTR

192-185-142-6unifiedlayercom
DNS

apps.identrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

96.17.179.184

a1952.dscq.akamai.net

IN A

96.17.179.205
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

chrome.exe

Remote address:

96.17.179.184:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 12 Mar 2024 23:48:58 GMT
Date: Tue, 12 Mar 2024 22:48:58 GMT
Connection: keep-alive
DNS

184.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.179.17.96.in-addr.arpa

IN PTR

Response

184.179.17.96.in-addr.arpa

IN PTR

a96-17-179-184deploystaticakamaitechnologiescom
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=25C9550D418D67903035414D406D66CC; domain=.bing.com; expires=Sun, 06-Apr-2025 22:49:11 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C99613D929AE40FCA4AD157108FCD8D9 Ref B: LON04EDGE1116 Ref C: 2024-03-12T22:49:11Z
date: Tue, 12 Mar 2024 22:49:10 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25C9550D418D67903035414D406D66CC

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=3MlRHo9O5zx7O3iN1cQMwX6COTar418jO3ji2jUk39U; domain=.bing.com; expires=Sun, 06-Apr-2025 22:49:12 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52838F60EE82404EB33A279B058018BE Ref B: LON04EDGE1116 Ref C: 2024-03-12T22:49:12Z
date: Tue, 12 Mar 2024 22:49:11 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=25C9550D418D67903035414D406D66CC; MSPTC=3MlRHo9O5zx7O3iN1cQMwX6COTar418jO3ji2jUk39U

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A05B914DD05B409A88456CAEE41BB2CC Ref B: LON04EDGE1116 Ref C: 2024-03-12T22:49:12Z
date: Tue, 12 Mar 2024 22:49:11 GMT
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 272652
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0B2322D7E465491BB0B2E5053CAC85D9 Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:00Z
date: Tue, 12 Mar 2024 22:51:00 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 393346
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B81D767D170046DFB47350FA3FBF74AD Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:00Z
date: Tue, 12 Mar 2024 22:51:00 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 314827
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A987CA7D8F4D427D8B2FDE87F663AD22 Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:00Z
date: Tue, 12 Mar 2024 22:51:00 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 483933
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C6BC4CB7096A434ABDA13319F18811C7 Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:00Z
date: Tue, 12 Mar 2024 22:51:00 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 593186
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE392A8FFAF84708864CD0B1250987FE Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:01Z
date: Tue, 12 Mar 2024 22:51:01 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 594776
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C231743B9674924A2BF136579C5DC24 Ref B: LON04EDGE0814 Ref C: 2024-03-12T22:51:01Z
date: Tue, 12 Mar 2024 22:51:01 GMT
DNS

13.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.173.189.20.in-addr.arpa

IN PTR

Response
DNS

13.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.173.189.20.in-addr.arpa

IN PTR

192.185.142.6:443

mallasysogas.com

tls, http2

chrome.exe

1.2kB
5.8kB
14
13
192.185.142.6:443

https://mallasysogas.com/favicon.ico

tls, http2

chrome.exe

3.3kB
25.7kB
33
37

HTTP Request

GET https://mallasysogas.com/close/cloth/move.php

HTTP Response

404

HTTP Request

GET https://mallasysogas.com/cgi-sys/js/simple-expand.min.js

HTTP Request

GET https://mallasysogas.com/cgi-sys/images/x.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://mallasysogas.com/cgi-sys/images/404top_w.jpg

HTTP Request

GET https://mallasysogas.com/cgi-sys/images/404mid.gif

HTTP Request

GET https://mallasysogas.com/cgi-sys/images/404bottom.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://mallasysogas.com/favicon.ico

HTTP Response

404
192.185.142.6:443

mallasysogas.com

tls, http2

chrome.exe

1.2kB
5.8kB
14
13
96.17.179.184:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

chrome.exe

416 B
1.6kB
6
5

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

tls, http2

3.8kB
9.6kB
25
17

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=8c8bda9c3843499ea8c00f67932bec6d&localId=w:AE07C56D-9F7E-DB3B-D18D-2459C76F841B&deviceId=6825825924912662&anid=

HTTP Response

204
13.107.253.64:443

46 B
40 B
1
1
172.217.169.74:443

46 B
40 B
1
1
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
17
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

tls, http2

95.9kB
2.8MB
2009
2005

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301728_1S5SOTBKRSIDGRZ37&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301319_135UX7GSFYCP6UCBA&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301035_1FUDWJ8GFFIFDV49E&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301468_1K7Q0DK1RQ5AV6436&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.6kB
8.1kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.1kB
16
14

8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

mallasysogas.com

dns

chrome.exe

62 B
78 B
1
1

DNS Request

mallasysogas.com

DNS Response

192.185.142.6
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

6.142.185.192.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

6.142.185.192.in-addr.arpa
8.8.8.8:53

apps.identrust.com

dns

chrome.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

96.17.179.184

96.17.179.205
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

184.179.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

184.179.17.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

103.169.127.40.in-addr.arpa

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

19.229.111.52.in-addr.arpa

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

13.173.189.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

13.173.189.20.in-addr.arpa

DNS Request

13.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bea1539fc6c2b02367e3db9e44774824

SHA1
905868fa5e0d52732bbef095ba7a7674ae7cf28d

SHA256
260246b3084f142c62b65d92b9a71ff8c834989a434e184b62653e23cd5dd158

SHA512
3914f2ea983812d6d50a6bf5424b1e19d90d2a306aca143c5bd520e56234b59a84a9368d5329bc1501133281cc2617488bb8cd8ac06254189dc571c486c49118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2200101504f58165921956eea0864215

SHA1
2d0c220e5088b766af5130ce4bcf5f2f4f3bf560

SHA256
cb2132085aa8d60d9d3f4dd0c6156a73f9678d74169336518da32661add39445

SHA512
6f9b893ed73dead07a54d6b9a540229fd4b685a7ec946bf3664a5de07614d14f6780b3645b6c0833a831231833741444ff7c55ea780a6fc1d4078292ad5e1181

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
385e3c68a71aac52306e79d590b365b6

SHA1
d6968feeb362caa287aabc0aae50e7c7f79f0fbc

SHA256
a335f4a67ac52ae923eb32d8508ccf4c20728e3db091c5ae4858f35fba1e6d8a

SHA512
817221402022925d76a8abe39666c868e8910002acd3875a24f1ae7ddc60846a98bc5d01a3431ad9fe72465854c32df4d15f8e2a7d0fbc9cfce8f6e797049021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2a9272ae93423ce63aacd4a74a786ebe

SHA1
68a3badf1f7157e09f887e4e0bc7ede9a56ec403

SHA256
16b2c873d21a6be8ac9c51a69ede1a0d85a773854689d513018e024a6ee5c7b0

SHA512
6be007ad3c048cf72b97f40072c75c872b60463a7bbf82e5c2466505e49534f4ab4fbc71ff280c6b39ec95f7c8e86c86ddb93bdccf2214eeac4f2337b94310ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3157ede7ad825ba9a517bb1b78e453ae

SHA1
a8eb6ba5518fe561cbb368e5662e1617e0816e6a

SHA256
d4026527727842352c149008e68160619c56d6639b1daf80f394fda12e3ba375

SHA512
28f9a840173eacacc3b045eeb2c7716bd55e9ee90a8c8bd2294dac91ae60a0e55869a8885b62f3b1d892ad96b0a41a700de726ade69386df3954811971199c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
e92c04483f0407e4d13d046c65e13e24

SHA1
0bfdd8eb15ff646e92488351530671218c8faaf4

SHA256
32f4d279db81ffb3f69c20bbb6498f4b42e191201eccd6d3efbc7b66146c520e

SHA512
6daa58f90784f17d85118d8c0cac345431fe0e738bf23cdd730313a0c6e09bd23bb4a0d271d438e6b77fac54a2d5804d247a3ccc75454331dd859d93686d2450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d4075ad2-edd6-4ae5-a204-de6b414223b7.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.