45ba2e3fa6fa292f7578e85e5892f5bd832c4c151d959518024c311728161604

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2025, 17:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_37a8014b7cc23bbf4a5d0f67dbd51d44.html
Size

167KB
MD5

37a8014b7cc23bbf4a5d0f67dbd51d44
SHA1

18fe43364cc05ad7a29e48b9fa0b41f31989981f
SHA256

45ba2e3fa6fa292f7578e85e5892f5bd832c4c151d959518024c311728161604
SHA512

d8562fb5fede89921fcecc0b1f16701b1c8b2a213a1eecea5796f717003fc3d48cf377c57b69100f8a2c00dc58a6358e30cdc48bf793d7169e6b9d94aa464b98
SSDEEP

1536:2ZHD6zoNSOcVvo1UJdcFpa7XHcDO0tAqO:21ugSbvH+FpabcltAqO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4184	msedge.exe
4184	msedge.exe
4556	identity_helper.exe
4556	identity_helper.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 2004	4184	msedge.exe	83
PID 4184 wrote to memory of 2004	4184	msedge.exe	83
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 3716	4184	msedge.exe	84
PID 4184 wrote to memory of 4384	4184	msedge.exe	85
PID 4184 wrote to memory of 4384	4184	msedge.exe	85
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86
PID 4184 wrote to memory of 3408	4184	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_37a8014b7cc23bbf4a5d0f67dbd51d44.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea8346f8,0x7ff8ea834708,0x7ff8ea834718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10569619231944338198,1427183220609271583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

Network

DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
DNS

www.linkwithin.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.linkwithin.com

IN A

Response

www.linkwithin.com

IN CNAME

linkwithin.com

linkwithin.com

IN A

118.139.179.30
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.187.238
GET

http://www.linkwithin.com/widget.js

msedge.exe

Remote address:

118.139.179.30:80

Request

GET /widget.js HTTP/1.1
Host: www.linkwithin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Sun, 26 Jan 2025 17:27:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

https://apis.google.com/js/plusone.js

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /js/plusone.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_1?le=scs

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_1?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
GET

http://www.linkwithin.com/pixel.png

msedge.exe

Remote address:

118.139.179.30:80

Request

GET /pixel.png HTTP/1.1
Host: www.linkwithin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Sun, 26 Jan 2025 17:27:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
GET

http://www.linkwithin.com/widget.js

msedge.exe

Remote address:

118.139.179.30:80

Request

GET /widget.js HTTP/1.1
Host: www.linkwithin.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 404 Not Found

Date: Sun, 26 Jan 2025 17:27:49 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
GET

http://www.blogger.com/img/icon18_edit_allbkg.gif

msedge.exe

Remote address:

216.58.212.233:80

Request

GET /img/icon18_edit_allbkg.gif HTTP/1.1
Host: www.blogger.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 162
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 24 Jan 2025 16:48:18 GMT
Expires: Fri, 31 Jan 2025 16:48:18 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 24 Jan 2025 10:52:03 GMT
Content-Type: image/gif
Age: 175151
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

167.173.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.173.78.104.in-addr.arpa

IN PTR

Response

167.173.78.104.in-addr.arpa

IN PTR

a104-78-173-167deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

30.179.139.118.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.179.139.118.in-addr.arpa

IN PTR

Response

30.179.139.118.in-addr.arpa

IN PTR

sg2nlhdb5004-13-09shrprodsin2secureservernet
DNS

img1.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

img1.blogblog.com

IN A

Response

img1.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

216.58.212.233
GET

http://img1.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

216.58.212.233:80

Request

GET /img/icon18_wrench_allbkg.png HTTP/1.1
Host: img1.blogblog.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 475
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sat, 25 Jan 2025 04:31:56 GMT
Expires: Sat, 01 Feb 2025 04:31:56 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 24 Jan 2025 13:49:51 GMT
Content-Type: image/png
Age: 132933
DNS

233.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.212.58.216.in-addr.arpa

IN PTR

Response

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f91e100net

233.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f9�H

233.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f233�H
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

1.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

1.bp.blogspot.com

IN A

Response

1.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.193
GET

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuB_OcI/AAAAAAAAAVc/nhIGgCaENGk/s1600/search.png

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /_6pbSFKC8YH4/Sa0vZuB_OcI/AAAAAAAAAVc/nhIGgCaENGk/s1600/search.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="search.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1206
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 15:54:01 GMT
Expires: Mon, 27 Jan 2025 15:54:01 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v157"
Content-Type: image/png
Vary: Origin
Age: 5628
GET

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZjxb-lI/AAAAAAAAAVU/wh-xlUlWQeY/s1600/navbar.png

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /_6pbSFKC8YH4/Sa0vZjxb-lI/AAAAAAAAAVU/wh-xlUlWQeY/s1600/navbar.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="navbar.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1219
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 15:54:01 GMT
Expires: Mon, 27 Jan 2025 15:54:01 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v155"
Content-Type: image/png
Vary: Origin
Age: 5628
GET

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZ4W-AGI/AAAAAAAAAVs/p3llmvqIr_Y/s1600/header.png

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /_6pbSFKC8YH4/Sa0vZ4W-AGI/AAAAAAAAAVs/p3llmvqIr_Y/s1600/header.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="header.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 67996
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 15:54:01 GMT
Expires: Mon, 27 Jan 2025 15:54:01 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v15b"
Content-Type: image/png
Vary: Origin
Age: 5628
GET

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuHLS-I/AAAAAAAAAVM/Sn_jjdv5-x4/s1600/credit.png

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /_6pbSFKC8YH4/Sa0vZuHLS-I/AAAAAAAAAVM/Sn_jjdv5-x4/s1600/credit.png HTTP/1.1
Host: 1.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="credit.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 10086
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 15:54:02 GMT
Expires: Mon, 27 Jan 2025 15:54:02 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v153"
Content-Type: image/png
Vary: Origin
Age: 5628
DNS

ad.hepsiburada.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ad.hepsiburada.com

IN A

Response
DNS

4.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

4.bp.blogspot.com

IN A

Response

4.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.187.193
DNS

ads.adport.com.tr

msedge.exe

Remote address:

8.8.8.8:53

Request

ads.adport.com.tr

IN A

Response
DNS

srv.sayyac.net

msedge.exe

Remote address:

8.8.8.8:53

Request

srv.sayyac.net

IN A

Response

srv.sayyac.net

IN A

31.186.15.180
GET

http://4.bp.blogspot.com/_6pbSFKC8YH4/Sa05b5YNT8I/AAAAAAAAAV0/Unk97GpcQxw/s1600/post.png

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /_6pbSFKC8YH4/Sa05b5YNT8I/AAAAAAAAAV0/Unk97GpcQxw/s1600/post.png HTTP/1.1
Host: 4.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="post.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 1343
X-XSS-Protection: 0
Date: Sun, 26 Jan 2025 15:54:01 GMT
Expires: Mon, 27 Jan 2025 15:54:01 GMT
Cache-Control: public, max-age=86400, no-transform
ETag: "v15d"
Content-Type: image/png
Vary: Origin
Age: 5629
GET

http://srv.sayyac.net/sa.js?_salogin=cizgifilm-evi&_sav=4.2

msedge.exe

Remote address:

31.186.15.180:80

Request

GET /sa.js?_salogin=cizgifilm-evi&_sav=4.2 HTTP/1.1
Host: srv.sayyac.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 26 Jan 2025 17:27:50 GMT
Content-Type: application/x-javascript
Content-Length: 0
Last-Modified: Wed, 16 Mar 2022 19:59:47 GMT
Connection: close
ETag: "623241b3-0"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-Ranges: bytes
DNS

193.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.187.250.142.in-addr.arpa

IN PTR

Response

193.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f11e100net
DNS

180.15.186.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.15.186.31.in-addr.arpa

IN PTR

Response

180.15.186.31.in-addr.arpa

IN PTR

reverse-31-186-15-180turkticaretnet
DNS

53.210.109.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.210.109.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

86.49.80.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.49.80.91.in-addr.arpa

IN PTR

Response
DNS

cizgifilm-evi.blogspot.de

msedge.exe

Remote address:

8.8.8.8:53

Request

cizgifilm-evi.blogspot.de

IN A

Response

cizgifilm-evi.blogspot.de

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.187.193
GET

http://cizgifilm-evi.blogspot.de/favicon.ico

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /favicon.ico HTTP/1.1
Host: cizgifilm-evi.blogspot.de
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Moved Temporarily

Location: http://cizgifilm-evi.blogspot.com/favicon.ico
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sun, 26 Jan 2025 17:28:12 GMT
Expires: Sun, 26 Jan 2025 17:28:12 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 207
Server: GSE
DNS

cizgifilm-evi.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cizgifilm-evi.blogspot.com

IN A

Response

cizgifilm-evi.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.187.193
GET

http://cizgifilm-evi.blogspot.com/favicon.ico

msedge.exe

Remote address:

142.250.187.193:80

Request

GET /favicon.ico HTTP/1.1
Host: cizgifilm-evi.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon
Expires: Sun, 26 Jan 2025 17:28:12 GMT
Date: Sun, 26 Jan 2025 17:28:12 GMT
Cache-Control: private, max-age=86400
Last-Modified: Mon, 07 Oct 2024 06:13:37 GMT
ETag: W/"847b4d3b8ef929c64f2e41249e43b4e3e270e47a30ba8aa9073e5e161e78d1e7"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
DNS

73.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.144.22.2.in-addr.arpa

IN PTR

Response

73.144.22.2.in-addr.arpa

IN PTR

a2-22-144-73deploystaticakamaitechnologiescom
DNS

13.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.227.111.52.in-addr.arpa

IN PTR

Response

216.58.212.233:445

www.blogger.com

260 B
5
118.139.179.30:80

http://www.linkwithin.com/widget.js

http

msedge.exe

538 B
679 B
5
4

HTTP Request

GET http://www.linkwithin.com/widget.js

HTTP Response

404
142.250.187.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_1?le=scs

tls, http2

msedge.exe

4.6kB
104.1kB
69
90

HTTP Request

GET https://apis.google.com/js/plusone.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_0?le=scs

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.5oZHy0SiJxw.O/m=iframes_styles_bubble/exm=plusone/rt=j/sv=1/d=1/ed=1/rs=AHpOoo-Hry6DG-RE4t9kNz_t6hiwmwXOmA/cb=gapi.loaded_1?le=scs
118.139.179.30:80

http://www.linkwithin.com/pixel.png

http

msedge.exe

588 B
679 B
5
4

HTTP Request

GET http://www.linkwithin.com/pixel.png

HTTP Response

404
118.139.179.30:80

http://www.linkwithin.com/widget.js

http

msedge.exe

538 B
679 B
5
4

HTTP Request

GET http://www.linkwithin.com/widget.js

HTTP Response

404
216.58.212.233:80

http://www.blogger.com/img/icon18_edit_allbkg.gif

http

msedge.exe

694 B
1.0kB
7
6

HTTP Request

GET http://www.blogger.com/img/icon18_edit_allbkg.gif

HTTP Response

200
216.58.212.233:80

http://img1.blogblog.com/img/icon18_wrench_allbkg.png

http

msedge.exe

698 B
1.3kB
7
6

HTTP Request

GET http://img1.blogblog.com/img/icon18_wrench_allbkg.png

HTTP Response

200
142.250.179.226:445

pagead2.googlesyndication.com

260 B
5
142.250.187.193:80

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuB_OcI/AAAAAAAAAVc/nhIGgCaENGk/s1600/search.png

http

msedge.exe

689 B
1.9kB
6
6

HTTP Request

GET http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuB_OcI/AAAAAAAAAVc/nhIGgCaENGk/s1600/search.png

HTTP Response

200
142.250.187.193:80

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZjxb-lI/AAAAAAAAAVU/wh-xlUlWQeY/s1600/navbar.png

http

msedge.exe

689 B
2.0kB
6
6

HTTP Request

GET http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZjxb-lI/AAAAAAAAAVU/wh-xlUlWQeY/s1600/navbar.png

HTTP Response

200
142.250.187.193:80

http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuHLS-I/AAAAAAAAAVM/Sn_jjdv5-x4/s1600/credit.png

http

msedge.exe

2.5kB
81.6kB
36
63

HTTP Request

GET http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZ4W-AGI/AAAAAAAAAVs/p3llmvqIr_Y/s1600/header.png

HTTP Response

200

HTTP Request

GET http://1.bp.blogspot.com/_6pbSFKC8YH4/Sa0vZuHLS-I/AAAAAAAAAVM/Sn_jjdv5-x4/s1600/credit.png

HTTP Response

200
142.250.187.193:80

http://4.bp.blogspot.com/_6pbSFKC8YH4/Sa05b5YNT8I/AAAAAAAAAV0/Unk97GpcQxw/s1600/post.png

http

msedge.exe

687 B
2.1kB
6
6

HTTP Request

GET http://4.bp.blogspot.com/_6pbSFKC8YH4/Sa05b5YNT8I/AAAAAAAAAV0/Unk97GpcQxw/s1600/post.png

HTTP Response

200
31.186.15.180:80

http://srv.sayyac.net/sa.js?_salogin=cizgifilm-evi&_sav=4.2

http

msedge.exe

657 B
608 B
5
4

HTTP Request

GET http://srv.sayyac.net/sa.js?_salogin=cizgifilm-evi&_sav=4.2

HTTP Response

200
142.250.178.2:139

pagead2.googlesyndication.com

260 B
5
142.250.187.193:80

http://cizgifilm-evi.blogspot.de/favicon.ico

http

msedge.exe

643 B
928 B
6
6

HTTP Request

GET http://cizgifilm-evi.blogspot.de/favicon.ico

HTTP Response

302
142.250.187.193:80

http://cizgifilm-evi.blogspot.com/favicon.ico

http

msedge.exe

644 B
1.1kB
6
6

HTTP Request

GET http://cizgifilm-evi.blogspot.com/favicon.ico

HTTP Response

200

8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

216.58.212.233
8.8.8.8:53

www.linkwithin.com

dns

msedge.exe

64 B
94 B
1
1

DNS Request

www.linkwithin.com

DNS Response

118.139.179.30
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.187.238
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

216.58.212.233
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

167.173.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

167.173.78.104.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

30.179.139.118.in-addr.arpa

dns

73 B
136 B
1
1

DNS Request

30.179.139.118.in-addr.arpa
8.8.8.8:53

img1.blogblog.com

dns

msedge.exe

63 B
110 B
1
1

DNS Request

img1.blogblog.com

DNS Response

216.58.212.233
8.8.8.8:53

233.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

233.212.58.216.in-addr.arpa
224.0.0.251:5353

msedge.exe

584 B
9
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
142.250.187.238:443

apis.google.com

https

msedge.exe

3.2kB
7.2kB
8
8
8.8.8.8:53

1.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

1.bp.blogspot.com

DNS Response

142.250.187.193
8.8.8.8:53

ad.hepsiburada.com

dns

msedge.exe

64 B
154 B
1
1

DNS Request

ad.hepsiburada.com
8.8.8.8:53

4.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

4.bp.blogspot.com

DNS Response

142.250.187.193
8.8.8.8:53

ads.adport.com.tr

dns

msedge.exe

63 B
129 B
1
1

DNS Request

ads.adport.com.tr
8.8.8.8:53

srv.sayyac.net

dns

msedge.exe

60 B
76 B
1
1

DNS Request

srv.sayyac.net

DNS Response

31.186.15.180
8.8.8.8:53

193.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

193.187.250.142.in-addr.arpa
8.8.8.8:53

180.15.186.31.in-addr.arpa

dns

72 B
123 B
1
1

DNS Request

180.15.186.31.in-addr.arpa
8.8.8.8:53

53.210.109.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

53.210.109.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

86.49.80.91.in-addr.arpa

dns

70 B
145 B
1
1

DNS Request

86.49.80.91.in-addr.arpa
8.8.8.8:53

cizgifilm-evi.blogspot.de

dns

msedge.exe

71 B
133 B
1
1

DNS Request

cizgifilm-evi.blogspot.de

DNS Response

142.250.187.193
8.8.8.8:53

cizgifilm-evi.blogspot.com

dns

msedge.exe

72 B
131 B
1
1

DNS Request

cizgifilm-evi.blogspot.com

DNS Response

142.250.187.193
8.8.8.8:53

73.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

73.144.22.2.in-addr.arpa
8.8.8.8:53

13.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
a2379c117d814f5363cd8ef69037e4e9

SHA1
44aae50f54080d5fb1c626848b2313c58a447f7e

SHA256
3e6321b08231ba6ddc9f6174da81e70db58e06e15cc1b1f148b0a7e2948805f4

SHA512
07657816c2ffd3c2728c9869e4253b0f1098098b022646ed87b5348ade974e9fc4f4c444671ad9ddc4943db81b773ec6d7a44da5f790be16e54547be6c88dd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b6ba52597ee5135ff6f2dd5b7dec908

SHA1
9b8b204129b14b525c3319bbc75261740dd3baee

SHA256
9270bf3241452c71fe27efe269258466f9633a974091133736be35ca0ae29b79

SHA512
3f7e82cb57682dee1908048522888658c142c4d34c94119ef41656f12130df4318f01938da5b6c5935d4544c40e216f917169af43a31e2c9b27a202977c6b681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2da67fbe4d2c2aab28bc8ac802ab4e83

SHA1
5e36e46d4506a4124e71af683e804fd8f04a1424

SHA256
47e6a8639216828265701a12f03ac4dd2635a6dd9f5bec8c249885568a0b7b29

SHA512
7b4b352dd39a0e53135aed3dd5571abe29be51a1d3ffe3a6191e1202c5209228fc84c173e987b808d7cb9da060f71b07080d9f69767c8990fed026e25641421f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7006738508bb2cc4c297010e62023612

SHA1
6d76bb13ecede38e79adc8c82bf9545534a6fba4

SHA256
9ecab9b535b0f6b82cdcd8f9d80bd85b202e6b4c03fa1cddca172681b4c5862e

SHA512
584a726b4924e9df6bbeb8ec98265a37dc70c756c19d284a6881083f32afa367f9c44fc6fbc55a5c2f743faa4412fdad4a28c0dcd332d90769e33e6f689556ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cc7d986e2b8a8c8c33e4cf0af9fbd553

SHA1
524dc285d6787b69fadbc24fab2ddf57852c36f7

SHA256
69d9b02f6a2993ea527a5093db7d77007e82ba4b833220aae4a9fe98c4816d62

SHA512
a195086d073095c40be5b3c4a275b8132b52b18ac9c806b1a5aa15a7f3fa46033cce7b62f589170d298da9cb0f2b8b77f7302961b80e2a77816463b0d5334cd6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.