a60cc42093f22507cc0cf1d219624e9a3b074fc4add180733f7cf8614c750f32

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 05:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

195e4305d5384c4067a071a8141b737b_JaffaCakes118.html
Size

108KB
MD5

195e4305d5384c4067a071a8141b737b
SHA1

d436c503eaa4f3855fa212d5c965d1c51d8cd711
SHA256

a60cc42093f22507cc0cf1d219624e9a3b074fc4add180733f7cf8614c750f32
SHA512

58bc9f61e42d58292b2fbefb029ba02911bdb22857fabcec57fff3e0971bbad9fe7ac9d6735254f5642e7bd131840d10ef0ba91bef0d0aa64a28378a9943d48b
SSDEEP

3072:xs/KkyxQAe5LfGXsE63jiIZbh4GcB/VGqsN7tlaps2s2/m:xs/cQAe5LfmsE6x

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\195e4305d5384c4067a071a8141b737b_JaffaCakes118.html
1⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5680 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5004 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4184 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5308 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5368 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=4896 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:3804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5536 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4696

Network

DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

www.blogger.com

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

172.217.16.137
DNS

www.blogger.com

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN Unknown

Response

www.blogger.com

IN CNAME

blogger.l.google.com
DNS

del.icio.us

Remote address:

8.8.8.8:53

Request

del.icio.us

IN A

Response

del.icio.us

IN CNAME

icio.us

icio.us

IN A

107.181.87.5
DNS

del.icio.us

Remote address:

8.8.8.8:53

Request

del.icio.us

IN Unknown

Response

del.icio.us

IN CNAME

icio.us
DNS

img1.steemit.com

Remote address:

8.8.8.8:53

Request

img1.steemit.com

IN A

Response

img1.steemit.com

IN CNAME

dualstack.imageredirect-elb-983726977.us-east-1.elb.amazonaws.com

dualstack.imageredirect-elb-983726977.us-east-1.elb.amazonaws.com

IN A

54.234.125.139

dualstack.imageredirect-elb-983726977.us-east-1.elb.amazonaws.com

IN A

44.205.48.33
DNS

img1.steemit.com

Remote address:

8.8.8.8:53

Request

img1.steemit.com

IN Unknown

Response

img1.steemit.com

IN CNAME

dualstack.imageredirect-elb-983726977.us-east-1.elb.amazonaws.com
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.135.81

a416.dscd.akamai.net

IN A

88.221.134.17
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

cdnjs.cloudflare.com

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.24.14

cdnjs.cloudflare.com

IN A

104.17.25.14
DNS

152.33.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.33.115.104.in-addr.arpa

IN PTR

Response

152.33.115.104.in-addr.arpa

IN PTR

a104-115-33-152deploystaticakamaitechnologiescom
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

137.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.16.217.172.in-addr.arpa

IN PTR

Response

137.16.217.172.in-addr.arpa

IN PTR

fra15s46-in-f91e100net

137.16.217.172.in-addr.arpa

IN PTR

zrh04s06-in-f137�H
DNS

139.125.234.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.125.234.54.in-addr.arpa

IN PTR

Response

139.125.234.54.in-addr.arpa

IN PTR

ec2-54-234-125-139 compute-1 amazonawscom
DNS

137.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.241.123.92.in-addr.arpa

IN PTR

Response

137.241.123.92.in-addr.arpa

IN PTR

a92-123-241-137deploystaticakamaitechnologiescom
DNS

maxcdn.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.10.207

maxcdn.bootstrapcdn.com

IN A

104.18.11.207
DNS

maxcdn.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN Unknown

Response

maxcdn.bootstrapcdn.com

IN Unknown

h3h2h �h� &Gh �&Gh�
DNS

apps.identrust.com

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

95.101.143.18

a1952.dscq.akamai.net

IN A

95.101.143.19
DNS

apps.identrust.com

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN Unknown

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net
DNS

2.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN A

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

172.217.18.97
DNS

2.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

2.bp.blogspot.com

IN Unknown

Response

2.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

Remote address:

95.101.143.18:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Host: apps.identrust.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Referrer-Policy: same-origin
Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
ETag: "37d-6079b8c0929c0"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 29 Mar 2024 06:16:30 GMT
Date: Fri, 29 Mar 2024 05:16:30 GMT
Connection: keep-alive
DNS

lh4.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN A

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.178.1
DNS

lh4.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh4.googleusercontent.com

IN Unknown

Response

lh4.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

1.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

172.217.169.65
DNS

1.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN Unknown

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com
DNS

3.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

172.217.169.65
DNS

3.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN Unknown

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com
DNS

5.87.181.107.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.87.181.107.in-addr.arpa

IN PTR

Response
DNS

81.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.135.221.88.in-addr.arpa

IN PTR

Response

81.135.221.88.in-addr.arpa

IN PTR

a88-221-135-81deploystaticakamaitechnologiescom
DNS

207.10.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.10.18.104.in-addr.arpa

IN PTR

Response
DNS

18.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.143.101.95.in-addr.arpa

IN PTR

Response

18.143.101.95.in-addr.arpa

IN PTR

a95-101-143-18deploystaticakamaitechnologiescom
DNS

97.18.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.18.217.172.in-addr.arpa

IN PTR

Response

97.18.217.172.in-addr.arpa

IN PTR

zrh04s05-in-f971e100net

97.18.217.172.in-addr.arpa

IN PTR

fra16s42-in-f1�H
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

1.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

65.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.169.217.172.in-addr.arpa

IN PTR

Response

65.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f11e100net
DNS

32.169.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.169.19.2.in-addr.arpa

IN PTR

Response

32.169.19.2.in-addr.arpa

IN PTR

a2-19-169-32deploystaticakamaitechnologiescom
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN Unknown

Response
DNS

cdnjs.cloudflare.com

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.24.14

cdnjs.cloudflare.com

IN A

104.17.25.14
DNS

cdnjs.cloudflare.com

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

cdnjs.cloudflare.com

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN Unknown

Response

cdnjs.cloudflare.com

IN Unknown

h3h2hh &Gh&Gh
DNS

rawgit.com

Remote address:

8.8.8.8:53

Request

rawgit.com

IN A

Response

rawgit.com

IN A

172.67.217.78

rawgit.com

IN A

104.21.24.61
DNS

rawgit.com

Remote address:

8.8.8.8:53

Request

rawgit.com

IN Unknown

Response

rawgit.com

IN Unknown

h3h2h=�C�N &G00�C�N&G01h=
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

104.115.33.219
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

4.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

172.217.169.65
DNS

4.bp.blogspot.com

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN Unknown

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com
DNS

41.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.134.221.88.in-addr.arpa

IN PTR

Response

41.134.221.88.in-addr.arpa

IN PTR

a88-221-134-41deploystaticakamaitechnologiescom
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

78.217.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.217.67.172.in-addr.arpa

IN PTR

Response
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

14.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus15.centralus.cloudapp.azure.com

onedsblobprdcus15.centralus.cloudapp.azure.com

IN A

52.182.143.212
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

52.182.143.212:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwCwAlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAd0q5FtGXVsjgMWtezUmf22/q3xpXcjRsjUaWi+DtaYVuzp0DQ7KjMMNAayc0b7MesCQRuucXyJGi7dXklgcLqzeME7G1In9hmX8tOhrZX/hRbWFDXi8JwsuDiUcjLGwO5B3tZZQmumvIccmPeT7zBEiejpRqQDsL3d4JEPpqHQ7yckg4HMAd8otghBcJ4Q1dQEKq6TvjT3h0OmPAOxSeg6uhoraQTvCQsHPJh5R37thq2TZ1XmdT2vZZm6mgfDYHSKnv6Va81dWVxDAXLqw7+rehO73f0Vu/V8ZG7U2nz7Hosk7NzcgBALB+x7joRhaXrpS4xMCmlNH5Ype2ebdfEQDZgAACCjPrEB6X/YBgAE6DgnQXDM7Khs69fSKWg+Qrr9IXvctrbg6T3F+DnA63fyIrGVONDdL/Ai3SdKWH89Qm6AZBA/QY77WMy4g3Kxm3N+sYR7zcL70BqJZ8ORFGCLU4+JE0MqzEGVljp+7OIU0eKlU67mGb6+2lYQ+4yh23lPWCcvN+/t1psWm/Rg4+5SF5SlYoFoMwOowUewSHXP2MioG9Vvlk3YfyNeAs1ZC/AitUpKSyOFuy+jtEJowc3KeyQL2zZT5kl8RZO2hn+yhIEG3vTn5YY8cmmVtwOe20HZfKW9VCtI53YDFkPbAp3gpq7O+7XK8ymu79WNGVYBI/5IpjDNPJstOCDoXpXLade7dc067JmQvCfFDJPYfz7npci2eouIVLyVbNsuTaafzvWsufTU4PVuO5YrO65wPjrD12v+fWxqshrox6O0aI2BYz8SRmrxSCU4BlHWLcdwWVcw24vUDnfnN6AQcn8mnl2t2VlRUBAYj42MzNJwVuV8fMwdSWUhHp163v2FTxtC4AQ==&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Fri, 29 Mar 2024 05:16:50 GMT
DNS

212.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.143.182.52.in-addr.arpa

IN PTR

Response
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.185.202
DNS

lh6.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN A

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.178.1
DNS

lh6.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh6.googleusercontent.com

IN Unknown

Response

lh6.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

lh5.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN A

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

216.58.212.161
DNS

lh5.googleusercontent.com

Remote address:

8.8.8.8:53

Request

lh5.googleusercontent.com

IN Unknown

Response

lh5.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

78.186.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.186.250.142.in-addr.arpa

IN PTR

Response

78.186.250.142.in-addr.arpa

IN PTR

fra24s05-in-f141e100net
DNS

161.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.212.58.216.in-addr.arpa

IN PTR

Response

161.212.58.216.in-addr.arpa

IN PTR

ams15s22-in-f1611e100net

161.212.58.216.in-addr.arpa

IN PTR

fra24s01-in-f1�J

161.212.58.216.in-addr.arpa

IN PTR

ams15s22-in-f1�J
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

172.217.169.74
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

code.jquery.com

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.2.137
DNS

72.66.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.66.18.2.in-addr.arpa

IN PTR

Response

72.66.18.2.in-addr.arpa

IN PTR

a2-18-66-72deploystaticakamaitechnologiescom
DNS

code.jquery.com

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.130.137
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN Unknown

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

cdn.elegantthemes.com

Remote address:

8.8.8.8:53

Request

cdn.elegantthemes.com

IN A

Response

cdn.elegantthemes.com

IN A

104.18.198.62

cdn.elegantthemes.com

IN A

104.17.136.62
DNS

cdn.elegantthemes.com

Remote address:

8.8.8.8:53

Request

cdn.elegantthemes.com

IN Unknown

Response

cdn.elegantthemes.com

IN Unknown

h2h�>h�> &Gh�>&Gh�>
DNS

www.facebook.com

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
DNS

www.elegantthemes.com

Remote address:

8.8.8.8:53

Request

www.elegantthemes.com

IN A

Response

www.elegantthemes.com

IN A

104.18.198.62

www.elegantthemes.com

IN A

104.17.136.62
DNS

www.elegantthemes.com

Remote address:

8.8.8.8:53

Request

www.elegantthemes.com

IN Unknown

Response

www.elegantthemes.com

IN Unknown

h2h�>h�> &Gh�>&Gh�>
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

62.198.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

62.198.18.104.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

c1.popads.net

Remote address:

8.8.8.8:53

Request

c1.popads.net

IN A

Response

c1.popads.net

IN CNAME

1355769017.rsc.cdn77.org

1355769017.rsc.cdn77.org

IN A

138.199.26.20

1355769017.rsc.cdn77.org

IN A

138.199.26.25

1355769017.rsc.cdn77.org

IN A

143.244.56.8
DNS

c1.popads.net

Remote address:

8.8.8.8:53

Request

c1.popads.net

IN A

Response

c1.popads.net

IN CNAME

1355769017.rsc.cdn77.org

1355769017.rsc.cdn77.org

IN A

138.199.26.24

1355769017.rsc.cdn77.org

IN A

138.199.26.21

1355769017.rsc.cdn77.org

IN A

143.244.56.11
DNS

162.66.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.66.18.2.in-addr.arpa

IN PTR

Response

162.66.18.2.in-addr.arpa

IN PTR

a2-18-66-162deploystaticakamaitechnologiescom
DNS

maxcdn.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.10.207

maxcdn.bootstrapcdn.com

IN A

104.18.11.207
DNS

maxcdn.bootstrapcdn.com

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.10.207

maxcdn.bootstrapcdn.com

IN A

104.18.11.207
DNS

169.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.117.168.52.in-addr.arpa

IN PTR

Response
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.221.16
DNS

connect.facebook.net

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.221.16

13.87.96.169:443

nav-edge.smartscreen.microsoft.com

tls

10.5kB
12.6kB
30
26
13.107.6.158:443

business.bing.com

tls

1.9kB
9.9kB
17
22
107.181.87.5:443

del.icio.us

tls

978 B
3.2kB
9
7
172.217.16.137:443

www.blogger.com

tls

3.2kB
71.7kB
43
66
54.234.125.139:443

img1.steemit.com

tls

2.0kB
7.1kB
15
17
92.123.241.137:443

www.microsoft.com

tls

3.0kB
22.4kB
27
36
88.221.135.81:443

bzib.nelreports.net

tls

2.6kB
6.0kB
13
15
104.18.10.207:443

maxcdn.bootstrapcdn.com

tls

1.1kB
5.3kB
10
9
95.101.143.18:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

667 B
1.8kB
8
8

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
172.217.18.97:443

2.bp.blogspot.com

tls

2.5kB
17.6kB
23
28
142.250.178.1:443

lh4.googleusercontent.com

tls

2.9kB
13.4kB
18
23
104.17.24.14:445

cdnjs.cloudflare.com

260 B
5
172.217.169.65:443

1.bp.blogspot.com

tls

4.0kB
38.4kB
45
52
142.250.200.42:443

ajax.googleapis.com

tls

2.9kB
38.6kB
37
36
104.17.25.14:445

cdnjs.cloudflare.com

260 B
5
104.17.24.14:139

cdnjs.cloudflare.com

260 B
5
13.107.246.64:443

edgestatic.azureedge.net

tls

1.9kB
7.6kB
13
11
13.107.246.64:443

edgestatic.azureedge.net

tls

1.5kB
7.6kB
9
11
13.107.246.64:443

edgestatic.azureedge.net

tls

107.6kB
4.4MB
2142
3209
13.107.246.64:443

edgestatic.azureedge.net

tls

10.1kB
273.8kB
163
213
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.2kB
91.0kB
52
77
138.91.171.81:80

260 B
5
52.182.143.212:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
142.250.185.202:445

ajax.googleapis.com

260 B
5
172.217.169.74:139

ajax.googleapis.com

260 B
5
13.107.253.64:443

46 B
40 B
1
1
151.101.66.137:445

code.jquery.com

260 B
5
151.101.194.137:445

code.jquery.com

260 B
5
151.101.130.137:445

code.jquery.com

260 B
5
151.101.2.137:445

code.jquery.com

260 B
5
2.18.66.72:443

www.bing.com

tls

1.1kB
5.1kB
11
11
142.250.179.234:445

fonts.googleapis.com

260 B
5
157.240.221.35:443

www.facebook.com

tls

1.0kB
3.2kB
8
9
157.240.221.35:443

www.facebook.com

tls

2.0kB
5.8kB
15
15
104.18.198.62:443

cdn.elegantthemes.com

tls

2.3kB
16.5kB
19
24
142.250.185.202:139

fonts.googleapis.com

260 B
5
138.199.26.20:445

c1.popads.net

260 B
5
138.199.26.25:445

c1.popads.net

260 B
5
143.244.56.8:445

c1.popads.net

260 B
5
2.18.66.162:443

www.bing.com

tls

1.3kB
906 B
7
7
104.18.10.207:445

maxcdn.bootstrapcdn.com

260 B
5
104.18.11.207:445

maxcdn.bootstrapcdn.com

260 B
5
104.18.10.207:139

maxcdn.bootstrapcdn.com

260 B
5
157.240.221.16:445

connect.facebook.net

208 B
4
157.240.221.16:139

connect.facebook.net

208 B
4

8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

www.blogger.com

dns

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

172.217.16.137
8.8.8.8:53

www.blogger.com

dns

61 B
142 B
1
1

DNS Request

www.blogger.com
8.8.8.8:53

del.icio.us

dns

57 B
87 B
1
1

DNS Request

del.icio.us

DNS Response

107.181.87.5
8.8.8.8:53

del.icio.us

dns

57 B
131 B
1
1

DNS Request

del.icio.us
8.8.8.8:53

img1.steemit.com

dns

62 B
170 B
1
1

DNS Request

img1.steemit.com

DNS Response

54.234.125.139

44.205.48.33
8.8.8.8:53

img1.steemit.com

dns

62 B
220 B
1
1

DNS Request

img1.steemit.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.135.81

88.221.134.17
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

cdnjs.cloudflare.com

dns

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.24.14

104.17.25.14
8.8.8.8:53

152.33.115.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

152.33.115.104.in-addr.arpa
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

137.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

137.16.217.172.in-addr.arpa
8.8.8.8:53

139.125.234.54.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

139.125.234.54.in-addr.arpa
8.8.8.8:53

137.241.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

137.241.123.92.in-addr.arpa
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

69 B
101 B
1
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

69 B
142 B
1
1

DNS Request

maxcdn.bootstrapcdn.com
104.18.10.207:443

maxcdn.bootstrapcdn.com

https

3.9kB
13.8kB
14
19
8.8.8.8:53

apps.identrust.com

dns

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

95.101.143.18

95.101.143.19
8.8.8.8:53

apps.identrust.com

dns

64 B
194 B
1
1

DNS Request

apps.identrust.com
8.8.8.8:53

2.bp.blogspot.com

dns

63 B
124 B
1
1

DNS Request

2.bp.blogspot.com

DNS Response

172.217.18.97
8.8.8.8:53

2.bp.blogspot.com

dns

63 B
165 B
1
1

DNS Request

2.bp.blogspot.com
8.8.8.8:53

lh4.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh4.googleusercontent.com

DNS Response

142.250.178.1
8.8.8.8:53

lh4.googleusercontent.com

dns

71 B
157 B
1
1

DNS Request

lh4.googleusercontent.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

1.bp.blogspot.com

dns

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

172.217.169.65
8.8.8.8:53

1.bp.blogspot.com

dns

63 B
165 B
1
1

DNS Request

1.bp.blogspot.com
8.8.8.8:53

3.bp.blogspot.com

dns

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

172.217.169.65
8.8.8.8:53

3.bp.blogspot.com

dns

63 B
165 B
1
1

DNS Request

3.bp.blogspot.com
8.8.8.8:53

5.87.181.107.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

5.87.181.107.in-addr.arpa
8.8.8.8:53

81.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

81.135.221.88.in-addr.arpa
8.8.8.8:53

207.10.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

207.10.18.104.in-addr.arpa
8.8.8.8:53

18.143.101.95.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.143.101.95.in-addr.arpa
8.8.8.8:53

97.18.217.172.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

97.18.217.172.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

1.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.178.250.142.in-addr.arpa
8.8.8.8:53

65.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

65.169.217.172.in-addr.arpa
8.8.8.8:53

32.169.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

32.169.19.2.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

ajax.googleapis.com

dns

65 B
122 B
1
1

DNS Request

ajax.googleapis.com
8.8.8.8:53

cdnjs.cloudflare.com

dns

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.24.14

104.17.25.14
8.8.8.8:53

cdnjs.cloudflare.com

dns

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

cdnjs.cloudflare.com

dns

66 B
139 B
1
1

DNS Request

cdnjs.cloudflare.com
104.17.25.14:443

cdnjs.cloudflare.com

https

4.2kB
15.8kB
14
20
8.8.8.8:53

rawgit.com

dns

56 B
88 B
1
1

DNS Request

rawgit.com

DNS Response

172.67.217.78

104.21.24.61
8.8.8.8:53

rawgit.com

dns

56 B
129 B
1
1

DNS Request

rawgit.com
172.67.217.78:443

rawgit.com

https

2.7kB
15.7kB
14
20
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

104.115.33.219
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
172.217.16.137:443

www.blogger.com

https

3.9kB
7.8kB
15
16
172.217.169.65:443

3.bp.blogspot.com

https

3.6kB
11.2kB
9
14
8.8.8.8:53

4.bp.blogspot.com

dns

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

172.217.169.65
8.8.8.8:53

4.bp.blogspot.com

dns

63 B
165 B
1
1

DNS Request

4.bp.blogspot.com
8.8.8.8:53

41.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

41.134.221.88.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

78.217.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

78.217.67.172.in-addr.arpa
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
172.217.18.97:443

2.bp.blogspot.com

https

2.9kB
6.8kB
5
8
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

14.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

52.182.143.212
8.8.8.8:53

212.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

212.143.182.52.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.185.202
8.8.8.8:53

lh6.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh6.googleusercontent.com

DNS Response

142.250.178.1
8.8.8.8:53

lh6.googleusercontent.com

dns

71 B
157 B
1
1

DNS Request

lh6.googleusercontent.com
8.8.8.8:53

lh5.googleusercontent.com

dns

71 B
116 B
1
1

DNS Request

lh5.googleusercontent.com

DNS Response

216.58.212.161
8.8.8.8:53

lh5.googleusercontent.com

dns

71 B
157 B
1
1

DNS Request

lh5.googleusercontent.com
104.18.10.207:443

maxcdn.bootstrapcdn.com

https

6.2kB
82.5kB
45
81
142.250.178.1:443

lh6.googleusercontent.com

https

3.6kB
9.2kB
10
11
216.58.212.161:443

lh5.googleusercontent.com

https

4.3kB
35.2kB
21
31
8.8.8.8:53

78.186.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.186.250.142.in-addr.arpa
8.8.8.8:53

161.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

161.212.58.216.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

172.217.169.74
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

code.jquery.com

dns

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.66.137

151.101.194.137

151.101.130.137

151.101.2.137
8.8.8.8:53

72.66.18.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

72.66.18.2.in-addr.arpa
8.8.8.8:53

code.jquery.com

dns

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.2.137

151.101.194.137

151.101.66.137

151.101.130.137
224.0.0.251:5353

204 B
3
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

www.facebook.com

dns

62 B
136 B
1
1

DNS Request

www.facebook.com
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

cdn.elegantthemes.com

dns

67 B
99 B
1
1

DNS Request

cdn.elegantthemes.com

DNS Response

104.18.198.62

104.17.136.62
8.8.8.8:53

cdn.elegantthemes.com

dns

67 B
137 B
1
1

DNS Request

cdn.elegantthemes.com
8.8.8.8:53

www.facebook.com

dns

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

www.elegantthemes.com

dns

67 B
99 B
1
1

DNS Request

www.elegantthemes.com

DNS Response

104.18.198.62

104.17.136.62
8.8.8.8:53

www.elegantthemes.com

dns

67 B
137 B
1
1

DNS Request

www.elegantthemes.com
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

62.198.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

62.198.18.104.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

c1.popads.net

dns

59 B
145 B
1
1

DNS Request

c1.popads.net

DNS Response

138.199.26.20

138.199.26.25

143.244.56.8
8.8.8.8:53

c1.popads.net

dns

59 B
145 B
1
1

DNS Request

c1.popads.net

DNS Response

138.199.26.24

138.199.26.21

143.244.56.11
8.8.8.8:53

162.66.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

162.66.18.2.in-addr.arpa
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

69 B
101 B
1
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

69 B
101 B
1
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207
8.8.8.8:53

169.117.168.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

169.117.168.52.in-addr.arpa
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.221.16
8.8.8.8:53

connect.facebook.net

dns

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.221.16

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response