02fc04e41dfa1d0e69229c694f6266ca7f366d2dae7270a6f4ef9f82d09004fd

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 14:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00f5b34ae2fbe2fbe7b1919aeea39294_JaffaCakes118.html
Size

33KB
MD5

00f5b34ae2fbe2fbe7b1919aeea39294
SHA1

998cb25061b2631d7058aaef4182686549aa0620
SHA256

02fc04e41dfa1d0e69229c694f6266ca7f366d2dae7270a6f4ef9f82d09004fd
SHA512

a0da071af20ffb88c45646b9fe5593441fad7922ef6fd4f0e7cb03d882457b77db7c3c9b66e8a2572bcd90a4e5186b5d7f133bbb1e86022526630b6bf3e533e2
SSDEEP

768:wK4xuX0yRj312UaIRj/9xxZHB4+cntEpUsqjmOu3N:wKuuX0yRj3VB4+cntEpUsqjmOu3N

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\00f5b34ae2fbe2fbe7b1919aeea39294_JaffaCakes118.html
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3960 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5728 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=748 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
1⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:4136

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-dc-msedge.net

b-0005.b-dc-msedge.net

IN A

13.107.9.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com

prod-agic-uw-2.ukwest.cloudapp.azure.com

IN A

51.140.244.186
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

www.c-hatas.com

Remote address:

8.8.8.8:53

Request

www.c-hatas.com

IN A

Response

www.c-hatas.com

IN A

185.151.196.51
DNS

www.c-hatas.com

Remote address:

8.8.8.8:53

Request

www.c-hatas.com

IN Unknown

Response
DNS

150.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.1.37.23.in-addr.arpa

IN PTR

Response

150.1.37.23.in-addr.arpa

IN PTR

a23-37-1-150deploystaticakamaitechnologiescom
DNS

158.9.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.9.107.13.in-addr.arpa

IN PTR

Response
DNS

186.244.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.244.140.51.in-addr.arpa

IN PTR

Response
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

104.109.143.23

a416.dscd.akamai.net

IN A

104.109.143.24
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

2.21.17.194
GET

http://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext

Remote address:

216.58.204.74:80

Request

GET /css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 26 Apr 2024 14:19:59 GMT
Date: Fri, 26 Apr 2024 14:19:59 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Fri, 26 Apr 2024 14:19:59 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.googleapis.com/css?family=Rubik%3A100%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=4.8.8

Remote address:

216.58.204.74:80

Request

GET /css?family=Rubik%3A100%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=4.8.8 HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Fri, 26 Apr 2024 14:19:59 GMT
Date: Fri, 26 Apr 2024 14:19:59 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Fri, 26 Apr 2024 14:19:59 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

194.17.21.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.17.21.2.in-addr.arpa

IN PTR

Response

194.17.21.2.in-addr.arpa

IN PTR

a2-21-17-194deploystaticakamaitechnologiescom
DNS

23.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.143.109.104.in-addr.arpa

IN PTR

Response

23.143.109.104.in-addr.arpa

IN PTR

a104-109-143-23deploystaticakamaitechnologiescom
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.37.1.217
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f31e100net

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f3�H

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f227�H
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus15.centralus.cloudapp.azure.com

onedsblobprdcus15.centralus.cloudapp.azure.com

IN A

52.182.143.212
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

52.182.143.212:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUIUShNzVa+rgHy/M+tY/dQyCg+nEAAVaUnZBVAXK4wqoRM+MYwccKBN/inQtEX6gldUp5BAqc0qVitYHXvnJRmux2ENI8gklNLCA1wRHdsul9JHxUDHzV/ciztSJkIGJgcCDPCuuIHZwXY4z21dCzHjkmlO5s1vtPaQUQOOgCmb/sRxyZNz6VD+2/9Gnrnz0aR9h7CcLeSQ3f8xZmslZ+6vjEF90U4nkEiPfe7zN3TBtJS2du+OsOd+NotbBUXgRfu1h8Z5JOWe546ywEjld25QTHP7eYaphVsd7/3+47NqTFPm7hl73zaqbqGAaQZZr/f2VeQdZ4Y8YEOoudalZOCNKImBxa2XFlYeA72KOhrV4JwPvvAEkDZgAACO5gWrdOyi1/iAEEv9aQel91Z9oIFYOhLNGgqx8e3yypP2G0mxchPH/pdEwU9VPR7Do0JS451WUqcVhywJfZehNzIi4inEIaKc0MXHfpvP+SnCMZsjay4hRCE6AmdfwyHdp2RVZQVUhs0QNdZkJ/TCSzUnoQiRPb8NN3nJIFEOC1DLTqyD/+aEeJv/4yvEbxFS55yFAb+1M9/yx95c8txqnAjzk+OUhWzNeliShSeY1Mzpptp/p4JVhhaKpn9dGWes+4u6YbaQUBoUqPQcSCKT8/UCT9Eqyss+aEcQHoBlKswk/pEglwnMJG95XVDMrSjihA+XcKWqjnDO58Ud7sK4MiFsg7SrUmS2tP1cpsWmU4P5ZSSlvU/NLOcA33qkELrIdoa7bdkbfVfn7NbTmbxqztBXZMnipPVJfa7tY4hz9regdzv/7dfl8ebKmu7YqNL/DtxMMGwsBDDAK4LDS1U1KH3EtJc2pqoZOU8+2hPsSspdpotP+ABCdT26rsksK4svJ+gaIvR+osnoeAgdk/ru/tE7gB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Fri, 26 Apr 2024 14:20:20 GMT
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

212.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.143.182.52.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

28.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.143.109.104.in-addr.arpa

IN PTR

Response

28.143.109.104.in-addr.arpa

IN PTR

a104-109-143-28deploystaticakamaitechnologiescom
DNS

187.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.83.221.88.in-addr.arpa

IN PTR

Response

187.83.221.88.in-addr.arpa

IN PTR

a88-221-83-187deploystaticakamaitechnologiescom
DNS

134.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.190.18.2.in-addr.arpa

IN PTR

Response

134.190.18.2.in-addr.arpa

IN PTR

a2-18-190-134deploystaticakamaitechnologiescom
DNS

www.c-hatas.com

Remote address:

8.8.8.8:53

Request

www.c-hatas.com

IN A

Response

www.c-hatas.com

IN A

185.151.196.51
GET

http://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

Remote address:

216.58.212.227:80

Request

GET /s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 35448
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 20 Apr 2024 18:55:04 GMT
Expires: Sun, 20 Apr 2025 18:55:04 GMT
Cache-Control: public, max-age=31536000
Age: 501979
Last-Modified: Thu, 29 Jun 2023 16:14:39 GMT
Content-Type: font/woff2
GET

http://fonts.gstatic.com/s/rubik/v28/iJWEBXyIfDnIV7nEnX661A.woff2

Remote address:

216.58.212.227:80

Request

GET /s/rubik/v28/iJWEBXyIfDnIV7nEnX661A.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 36408
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Mon, 22 Apr 2024 04:59:06 GMT
Expires: Tue, 22 Apr 2025 04:59:06 GMT
Cache-Control: public, max-age=31536000
Age: 379337
Last-Modified: Thu, 29 Jun 2023 16:10:21 GMT
Content-Type: font/woff2
DNS

www.c-hatas.com

Remote address:

8.8.8.8:53

Request

www.c-hatas.com

IN A

Response

www.c-hatas.com

IN A

185.151.196.51
DNS

233.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.83.221.88.in-addr.arpa

IN PTR

Response

233.83.221.88.in-addr.arpa

IN PTR

a88-221-83-233deploystaticakamaitechnologiescom
DNS

12.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.173.189.20.in-addr.arpa

IN PTR

Response

13.107.9.158:443

business.bing.com

tls

2.0kB
10.0kB
18
24
51.140.244.186:443

nav-edge.smartscreen.microsoft.com

tls

10.5kB
12.7kB
29
29
2.21.17.194:443

www.microsoft.com

tls

2.7kB
22.8kB
26
36
104.109.143.23:443

bzib.nelreports.net

tls

2.6kB
6.0kB
13
15
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
216.58.204.74:80

http://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext

http

806 B
2.9kB
8
8

HTTP Request

GET http://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext

HTTP Response

200
216.58.204.74:80

http://fonts.googleapis.com/css?family=Rubik%3A100%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=4.8.8

http

782 B
2.0kB
8
8

HTTP Request

GET http://fonts.googleapis.com/css?family=Rubik%3A100%2C300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&ver=4.8.8

HTTP Response

200
216.58.212.227:80

fonts.gstatic.com

236 B
144 B
5
3
13.107.246.64:443

edgestatic.azureedge.net

tls

1.8kB
7.9kB
12
13
13.107.246.64:443

edgestatic.azureedge.net

tls

101.2kB
4.6MB
2026
3302
13.107.246.64:443

edgestatic.azureedge.net

tls

1.9kB
7.9kB
13
14
13.107.246.64:443

edgestatic.azureedge.net

tls

8.2kB
272.4kB
128
213
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.2kB
91.0kB
52
78
52.182.143.212:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
14
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
88.221.83.187:443

www.bing.com

tls

1.0kB
5.1kB
9
11
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
216.58.212.227:80

http://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

http

1.2kB
37.4kB
18
30

HTTP Request

GET http://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2

HTTP Response

200
216.58.212.227:80

http://fonts.gstatic.com/s/rubik/v28/iJWEBXyIfDnIV7nEnX661A.woff2

http

1.2kB
38.4kB
18
31

HTTP Request

GET http://fonts.gstatic.com/s/rubik/v28/iJWEBXyIfDnIV7nEnX661A.woff2

HTTP Response

200
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:445

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5
88.221.83.233:443

www.bing.com

tls

1.3kB
946 B
8
8
185.151.196.51:80

www.c-hatas.com

260 B
5
185.151.196.51:80

www.c-hatas.com

260 B
5

8.8.8.8:53

business.bing.com

dns

63 B
163 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.9.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
199 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.140.244.186
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

www.c-hatas.com

dns

61 B
77 B
1
1

DNS Request

www.c-hatas.com

DNS Response

185.151.196.51
8.8.8.8:53

www.c-hatas.com

dns

61 B
124 B
1
1

DNS Request

www.c-hatas.com
8.8.8.8:53

150.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

150.1.37.23.in-addr.arpa
8.8.8.8:53

158.9.107.13.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

158.9.107.13.in-addr.arpa
8.8.8.8:53

186.244.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

186.244.140.51.in-addr.arpa
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

104.109.143.23

104.109.143.24
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

2.21.17.194
8.8.8.8:53

194.17.21.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

194.17.21.2.in-addr.arpa
8.8.8.8:53

23.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

23.143.109.104.in-addr.arpa
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.37.1.217
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

68.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

68.159.190.20.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

52.182.143.212
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

212.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

212.143.182.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

28.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

28.143.109.104.in-addr.arpa
8.8.8.8:53

187.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

187.83.221.88.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

134.190.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

134.190.18.2.in-addr.arpa
8.8.8.8:53

www.c-hatas.com

dns

61 B
77 B
1
1

DNS Request

www.c-hatas.com

DNS Response

185.151.196.51
8.8.8.8:53

www.c-hatas.com

dns

61 B
77 B
1
1

DNS Request

www.c-hatas.com

DNS Response

185.151.196.51
8.8.8.8:53

233.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

233.83.221.88.in-addr.arpa
8.8.8.8:53

12.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

12.173.189.20.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.