8050e5ce56acb4d6921c9ff686efea63640baab6f71294d57458d98041212a8f

Analysis

max time kernel
129s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 01:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce602cf52137a0fd2a45c122d45a7b15_JaffaCakes118.html
Size

21KB
MD5

ce602cf52137a0fd2a45c122d45a7b15
SHA1

78236d09c14a7f6f1bb8a60baed0cc4feabfd1ce
SHA256

8050e5ce56acb4d6921c9ff686efea63640baab6f71294d57458d98041212a8f
SHA512

e5f0a6d9b63c0ca74db9f2045d3c9dca91cf6e71df48ebee97e31705c298f2060a6a87a3ad71b06c389d8e3f2922091d744d6deee479b6e2afce4ebd1e8b0c39
SSDEEP

192:Hqvl596UDzivWdoYsEEyi92oo2UQB7i09Vea92pSdNVMjP0kunU:Kd59Mu+EEfK2RmaeRP0kuU

Score

1^/10

Malware Config

Signatures

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce602cf52137a0fd2a45c122d45a7b15_JaffaCakes118.html
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4988,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
1⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4220,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:1
1⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5448,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5472,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
1⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5808,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:1
1⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6040,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:1
1⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6204,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1
1⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5532,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
1⤵
PID:4124

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

mypaesano.com

Remote address:

8.8.8.8:53

Request

mypaesano.com

IN A

Response

mypaesano.com

IN A

66.96.134.19
DNS

mypaesano.com

Remote address:

8.8.8.8:53

Request

mypaesano.com

IN Unknown

Response
DNS

mypaesano.com

Remote address:

8.8.8.8:53

Request

mypaesano.com

IN A

Response

mypaesano.com

IN A

66.96.134.19
GET

http://mypaesano.com/hwed.html?i=1503935

Remote address:

66.96.134.19:80

Request

GET /hwed.html?i=1503935 HTTP/1.1
Host: mypaesano.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Fri, 06 Sep 2024 01:51:05 GMT
Content-Type: text/html
Content-Length: 867
Connection: keep-alive
Server: Apache
Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
Accept-Ranges: bytes
Age: 1
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.135.81

a416.dscd.akamai.net

IN A

88.221.134.17
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.27.95
DNS

ajax.googleapis.com

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN Unknown

Response
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

Remote address:

142.250.27.95:80

Request

GET /ajax/libs/jquery/1.10.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
DNT: 1
Accept: */*
Referer: http://mypaesano.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 32954
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 30 Aug 2024 13:14:46 GMT
Expires: Sat, 30 Aug 2025 13:14:46 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 563779
DNS

www.searchvity.com

Remote address:

8.8.8.8:53

Request

www.searchvity.com

IN A

Response

www.searchvity.com

IN A

208.91.196.46
DNS

www.searchvity.com

Remote address:

8.8.8.8:53

Request

www.searchvity.com

IN Unknown

Response
DNS

www.searchvity.com

Remote address:

8.8.8.8:53

Request

www.searchvity.com

IN A

Response

www.searchvity.com

IN A

208.91.196.46
DNS

mypaesano.com

Remote address:

8.8.8.8:53

Request

mypaesano.com

IN A

Response

mypaesano.com

IN A

66.96.134.19
DNS

www.searchvity.com

Remote address:

8.8.8.8:53

Request

www.searchvity.com

IN A

Response

www.searchvity.com

IN A

208.91.196.46
DNS

mypaesano.com

Remote address:

8.8.8.8:53

Request

mypaesano.com

IN A

Response

mypaesano.com

IN A

66.96.134.19
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

data-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

data-edge.smartscreen.microsoft.com

IN A

Response

data-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

data-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

data-edge.smartscreen.microsoft.com

IN Unknown

Response

data-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

101.27.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.27.250.142.in-addr.arpa

IN PTR

Response

101.27.250.142.in-addr.arpa

IN PTR

ra-in-f1011e100net
DNS

19.134.96.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.134.96.66.in-addr.arpa

IN PTR

Response

19.134.96.66.in-addr.arpa

IN PTR

191349666staticeigboxnet
DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

81.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.135.221.88.in-addr.arpa

IN PTR

Response

81.135.221.88.in-addr.arpa

IN PTR

a88-221-135-81deploystaticakamaitechnologiescom
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.27.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.27.250.142.in-addr.arpa

IN PTR

Response

95.27.250.142.in-addr.arpa

IN PTR

ra-in-f951e100net
DNS

228.69.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.69.165.172.in-addr.arpa

IN PTR

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

188.108.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.108.11.51.in-addr.arpa

IN PTR

Response
DNS

www.searchvity.com

Remote address:

8.8.8.8:53

Request

www.searchvity.com

IN A

Response

www.searchvity.com

IN A

208.91.196.46
GET

http://www.searchvity.com/?dn=mypaesano.com&pid=9POL6F2H4

Remote address:

208.91.196.46:80

Request

GET /?dn=mypaesano.com&pid=9POL6F2H4 HTTP/1.1
Host: www.searchvity.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Edg/127.0.0.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Referer: http://mypaesano.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 403 Forbidden

Date: Fri, 06 Sep 2024 01:51:06 GMT
Server: Apache
Referrer-Policy: no-referrer-when-downgrade
Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
Content-Length: 300
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

46.196.91.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.196.91.208.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

10.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.142.123.92.in-addr.arpa

IN PTR

Response

10.142.123.92.in-addr.arpa

IN PTR

a92-123-142-10deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

17.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.142.123.92.in-addr.arpa

IN PTR

Response

17.142.123.92.in-addr.arpa

IN PTR

a92-123-142-17deploystaticakamaitechnologiescom

13.107.6.158:443

business.bing.com

tls

3.1kB
8.6kB
12
16
13.107.6.158:443

business.bing.com

tls

3.7kB
10.3kB
19
22
66.96.134.19:80

http://mypaesano.com/hwed.html?i=1503935

http

745 B
1.3kB
6
5

HTTP Request

GET http://mypaesano.com/hwed.html?i=1503935

HTTP Response

404
88.221.135.81:443

bzib.nelreports.net

tls

2.8kB
5.4kB
12
14
142.250.27.95:80

http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

http

1.2kB
35.1kB
19
30

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js

HTTP Response

200
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

6.9kB
11.2kB
25
23
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

98 B
52 B
2
1
51.11.108.188:443

data-edge.smartscreen.microsoft.com

tls

16.1kB
618.7kB
250
456
51.11.108.188:443

data-edge.smartscreen.microsoft.com

tls

2.4kB
7.5kB
12
12
208.91.196.46:80

http://www.searchvity.com/?dn=mypaesano.com&pid=9POL6F2H4

http

840 B
1.2kB
7
6

HTTP Request

GET http://www.searchvity.com/?dn=mypaesano.com&pid=9POL6F2H4

HTTP Response

403
208.91.196.46:80

www.searchvity.com

144 B
92 B
3
2
92.123.142.17:443

www.bing.com

tls

2.3kB
5.2kB
10
12

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

mypaesano.com

dns

59 B
75 B
1
1

DNS Request

mypaesano.com

DNS Response

66.96.134.19
8.8.8.8:53

mypaesano.com

dns

59 B
119 B
1
1

DNS Request

mypaesano.com
8.8.8.8:53

mypaesano.com

dns

59 B
75 B
1
1

DNS Request

mypaesano.com

DNS Response

66.96.134.19
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.135.81

88.221.134.17
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.27.95
8.8.8.8:53

ajax.googleapis.com

dns

65 B
122 B
1
1

DNS Request

ajax.googleapis.com
8.8.8.8:53

www.searchvity.com

dns

64 B
80 B
1
1

DNS Request

www.searchvity.com

DNS Response

208.91.196.46
8.8.8.8:53

www.searchvity.com

dns

64 B
137 B
1
1

DNS Request

www.searchvity.com
8.8.8.8:53

www.searchvity.com

dns

64 B
80 B
1
1

DNS Request

www.searchvity.com

DNS Response

208.91.196.46
8.8.8.8:53

mypaesano.com

dns

59 B
75 B
1
1

DNS Request

mypaesano.com

DNS Response

66.96.134.19
8.8.8.8:53

www.searchvity.com

dns

64 B
80 B
1
1

DNS Request

www.searchvity.com

DNS Response

208.91.196.46
8.8.8.8:53

mypaesano.com

dns

59 B
75 B
1
1

DNS Request

mypaesano.com

DNS Response

66.96.134.19
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
198 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
242 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

data-edge.smartscreen.microsoft.com

dns

81 B
198 B
1
1

DNS Request

data-edge.smartscreen.microsoft.com

DNS Response

51.11.108.188
8.8.8.8:53

data-edge.smartscreen.microsoft.com

dns

81 B
242 B
1
1

DNS Request

data-edge.smartscreen.microsoft.com
8.8.8.8:53

101.27.250.142.in-addr.arpa

dns

73 B
107 B
1
1

DNS Request

101.27.250.142.in-addr.arpa
8.8.8.8:53

19.134.96.66.in-addr.arpa

dns

71 B
115 B
1
1

DNS Request

19.134.96.66.in-addr.arpa
8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

81.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

81.135.221.88.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

95.27.250.142.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

95.27.250.142.in-addr.arpa
8.8.8.8:53

228.69.165.172.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.69.165.172.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

188.108.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

188.108.11.51.in-addr.arpa
8.8.8.8:53

www.searchvity.com

dns

64 B
80 B
1
1

DNS Request

www.searchvity.com

DNS Response

208.91.196.46
8.8.8.8:53

46.196.91.208.in-addr.arpa

dns

216 B
216 B
3
3

DNS Request

46.196.91.208.in-addr.arpa

DNS Request

46.196.91.208.in-addr.arpa

DNS Request

46.196.91.208.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
92.123.142.10:443

www.bing.com

https

3.3kB
6.8kB
10
14
8.8.8.8:53

10.142.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

10.142.123.92.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

17.142.123.92.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

17.142.123.92.in-addr.arpa

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.