Edit tour

Windows Analysis Report
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR

Overview

General Information

Sample URL:	https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR
Analysis ID:	1674620
Infos:

Detection

Score:	0
Range:	0 - 100
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,8510097911551230328,11922014215199043029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2000 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.250.231.52:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.250.231.52:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49734 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR HTTP/1.1Host: dubaimagazine.netConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/ HTTP/1.1Host: dubaimagazine.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dubaimagazine.net
Source: global traffic	DNS traffic detected: DNS query: counter.pscience.com.tr

Source: chromecache_54.2.dr

String found in binary or memory: https://counter.pscience.com.tr/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 142.250.69.4:443 -> 192.168.2.4:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.250.231.52:443 -> 192.168.2.4:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.250.231.52:443 -> 192.168.2.4:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49734 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@29/2@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,8510097911551230328,11922014215199043029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2000 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,8510097911551230328,11922014215199043029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2000 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/	0%	Avira URL Cloud	safe
https://counter.pscience.com.tr/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
dubaimagazine.net	192.250.231.52	true	false	unknown
counter.pscience.com.tr	13.38.227.193	true	false	unknown
www.google.com	142.250.69.4	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR	false		unknown
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://counter.pscience.com.tr/	chromecache_54.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.69.4	www.google.com	United States	15169	GOOGLEUS	false
13.38.227.193	counter.pscience.com.tr	United States	7018	ATT-INTERNET4US	false
192.250.231.52	dubaimagazine.net	United States	36454	CNSV-LLCUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1674620
Start date and time:	2025-04-26 05:35:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@29/2@6/4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.68.227, 192.178.49.174, 142.250.101.84, 192.178.49.206, 84.201.221.26, 192.178.49.195, 192.178.49.163, 142.250.68.238, 184.29.183.29, 52.149.20.212
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	471
Entropy (8bit):	4.7163868477658
Encrypted:	false
SSDEEP:	12:hPEhkAQU7f+CERtmHVUMfiSFLO8OlDL8Gb:hPMGxoHVUMqqOND7
MD5:	D698A2E48F29C59377E10D0711292538
SHA1:	A92B7E6ECC35BA13B4A874048650A3F389BF5272
SHA-256:	4403DA8D76B754356278A16552FCD778BE782F486362A3D07C008176C7DCA5F7
SHA-512:	034F26F2EE49CFA97457529EDCDCBEA2F3FF1E3BA6554DC9015EA0EA6296CA2EF6C123CBD5D25C33BFCA0F53FE22D64E4FF0FC5AF41BC5A9FDCA08B77BADD5C0
Malicious:	false
Reputation:	low
URL:	https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <title>Redirecting...</title>.. <script>.. const queryString = window.location.search + window.location.hash;.. const baseUrl = "https://counter.pscience.com.tr/";.. window.location.replace(baseUrl + queryString);.. </script>.. <style>.. body {.. margin: 0;.. background: #fff;.. }.. </style>..</head>..<body>..</body>..</html>

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 76
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2025 05:36:00.447237968 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 26, 2025 05:36:08.447491884 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:08.809992075 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:09.415466070 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:10.056107998 CEST	49681	80	192.168.2.4	2.17.190.73
Apr 26, 2025 05:36:10.618613005 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:11.105113983 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:11.105154991 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:11.105380058 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:11.105380058 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:11.105412960 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:11.428292990 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:11.428466082 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:11.429424047 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:11.429433107 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:11.429903984 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:11.477741957 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:13.014657021 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.014712095 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.014789104 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.014997005 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.015057087 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.015109062 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.015153885 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.015170097 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.015311956 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.015333891 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.026546001 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:13.405653000 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.405740976 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.405741930 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.405796051 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.407262087 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.407278061 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.407485008 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.407628059 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.407640934 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.407850027 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.408023119 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.450525045 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.452272892 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.790395975 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.791291952 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.791444063 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.812122107 CEST	49727	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.812154055 CEST	443	49727	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:13.815592051 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:13.860274076 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:14.016491890 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:14.016750097 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:14.019234896 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:14.020503998 CEST	49726	443	192.168.2.4	192.250.231.52
Apr 26, 2025 05:36:14.020528078 CEST	443	49726	192.250.231.52	192.168.2.4
Apr 26, 2025 05:36:14.725214958 CEST	49729	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725239992 CEST	443	49729	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:14.725310087 CEST	49729	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725583076 CEST	49730	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725613117 CEST	443	49730	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:14.725683928 CEST	49729	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725692987 CEST	443	49729	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:14.725712061 CEST	49730	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725847960 CEST	49730	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:14.725861073 CEST	443	49730	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:17.214941978 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:17.518168926 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:17.829849005 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:18.122486115 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:19.325877905 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:19.949165106 CEST	49708	443	192.168.2.4	52.113.196.254
Apr 26, 2025 05:36:20.089037895 CEST	443	49708	52.113.196.254	192.168.2.4
Apr 26, 2025 05:36:20.097929001 CEST	49734	443	192.168.2.4	131.253.33.254
Apr 26, 2025 05:36:20.097968102 CEST	443	49734	131.253.33.254	192.168.2.4
Apr 26, 2025 05:36:20.098037958 CEST	49734	443	192.168.2.4	131.253.33.254
Apr 26, 2025 05:36:20.099455118 CEST	49734	443	192.168.2.4	131.253.33.254
Apr 26, 2025 05:36:20.099467993 CEST	443	49734	131.253.33.254	192.168.2.4
Apr 26, 2025 05:36:20.588334084 CEST	443	49734	131.253.33.254	192.168.2.4
Apr 26, 2025 05:36:20.588407040 CEST	49734	443	192.168.2.4	131.253.33.254
Apr 26, 2025 05:36:21.411187887 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:21.411253929 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:21.411335945 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:21.564826965 CEST	49722	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:36:21.564838886 CEST	443	49722	142.250.69.4	192.168.2.4
Apr 26, 2025 05:36:21.733659029 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:26.543329000 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:27.435451031 CEST	49671	443	192.168.2.4	204.79.197.203
Apr 26, 2025 05:36:36.151333094 CEST	49678	443	192.168.2.4	20.189.173.27
Apr 26, 2025 05:36:44.731055021 CEST	49729	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:44.731167078 CEST	49730	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:44.772310972 CEST	443	49729	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:44.776277065 CEST	443	49730	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:45.789309978 CEST	49738	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.789344072 CEST	443	49738	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:45.789422989 CEST	49738	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.789489985 CEST	49739	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.789522886 CEST	443	49739	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:45.789580107 CEST	49739	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.790865898 CEST	49739	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.790880919 CEST	443	49739	13.38.227.193	192.168.2.4
Apr 26, 2025 05:36:45.790987968 CEST	49738	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:36:45.791002035 CEST	443	49738	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:07.438297987 CEST	49743	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:07.438339949 CEST	443	49743	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:07.438419104 CEST	49743	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:07.438541889 CEST	49743	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:07.438559055 CEST	443	49743	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:11.027203083 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:11.027268887 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:11.027446032 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:11.027597904 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:11.027611017 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:11.344019890 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:11.346713066 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:11.346728086 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:15.803056955 CEST	49739	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:15.803141117 CEST	49738	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:15.844276905 CEST	443	49739	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:15.844276905 CEST	443	49738	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:18.532824993 CEST	49748	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:18.532869101 CEST	443	49748	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:18.532963037 CEST	49748	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:18.533126116 CEST	49748	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:18.533138037 CEST	443	49748	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:21.343302011 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:21.343369007 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:21.343480110 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:21.557697058 CEST	49745	443	192.168.2.4	142.250.69.4
Apr 26, 2025 05:37:21.557715893 CEST	443	49745	142.250.69.4	192.168.2.4
Apr 26, 2025 05:37:29.236948967 CEST	49752	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:29.236977100 CEST	443	49752	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:29.237159014 CEST	49752	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:29.237324953 CEST	49752	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:29.237339973 CEST	443	49752	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:29.774760962 CEST	49729	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:29.774775028 CEST	443	49729	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:29.786326885 CEST	49730	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:29.786360025 CEST	443	49730	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:37.449966908 CEST	49743	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:37.496267080 CEST	443	49743	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:40.225167036 CEST	49757	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:40.225199938 CEST	443	49757	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:40.225375891 CEST	49757	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:40.225543022 CEST	49757	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:40.225555897 CEST	443	49757	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:48.540009022 CEST	49748	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:48.584279060 CEST	443	49748	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:51.199531078 CEST	49763	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:51.199570894 CEST	443	49763	13.38.227.193	192.168.2.4
Apr 26, 2025 05:37:51.199625015 CEST	49763	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:51.199798107 CEST	49763	443	192.168.2.4	13.38.227.193
Apr 26, 2025 05:37:51.199811935 CEST	443	49763	13.38.227.193	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2025 05:36:08.098905087 CEST	53	51035	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:08.473869085 CEST	53	56251	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:08.728295088 CEST	53	59404	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:10.963388920 CEST	49162	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:10.963534117 CEST	54045	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:11.103878975 CEST	53	54045	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:11.103895903 CEST	53	49162	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:12.782483101 CEST	54810	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:12.782614946 CEST	59921	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:12.999794960 CEST	53	54810	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:13.014081001 CEST	53	59921	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:14.058235884 CEST	62709	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:14.058374882 CEST	64798	53	192.168.2.4	1.1.1.1
Apr 26, 2025 05:36:14.724394083 CEST	53	62709	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:14.724597931 CEST	53	64798	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:25.820636988 CEST	53	60952	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:44.197247028 CEST	53	62574	1.1.1.1	192.168.2.4
Apr 26, 2025 05:36:44.619764090 CEST	53	55839	1.1.1.1	192.168.2.4
Apr 26, 2025 05:37:05.979713917 CEST	53	60825	1.1.1.1	192.168.2.4
Apr 26, 2025 05:37:07.067507029 CEST	53	53634	1.1.1.1	192.168.2.4
Apr 26, 2025 05:37:07.275696039 CEST	53	59642	1.1.1.1	192.168.2.4
Apr 26, 2025 05:37:16.657385111 CEST	138	138	192.168.2.4	192.168.2.255
Apr 26, 2025 05:37:37.744688034 CEST	53	58481	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2025 05:36:10.963388920 CEST	192.168.2.4	1.1.1.1	0x6ca6	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2025 05:36:10.963534117 CEST	192.168.2.4	1.1.1.1	0x75d0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 26, 2025 05:36:12.782483101 CEST	192.168.2.4	1.1.1.1	0x495b	Standard query (0)	dubaimagazine.net	A (IP address)	IN (0x0001)	false
Apr 26, 2025 05:36:12.782614946 CEST	192.168.2.4	1.1.1.1	0x1e61	Standard query (0)	dubaimagazine.net	65	IN (0x0001)	false
Apr 26, 2025 05:36:14.058235884 CEST	192.168.2.4	1.1.1.1	0x55dd	Standard query (0)	counter.pscience.com.tr	A (IP address)	IN (0x0001)	false
Apr 26, 2025 05:36:14.058374882 CEST	192.168.2.4	1.1.1.1	0xbf0c	Standard query (0)	counter.pscience.com.tr	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2025 05:36:11.103878975 CEST	1.1.1.1	192.168.2.4	0x75d0	No error (0)	www.google.com		65	IN (0x0001)	false
Apr 26, 2025 05:36:11.103895903 CEST	1.1.1.1	192.168.2.4	0x6ca6	No error (0)	www.google.com	142.250.69.4	A (IP address)	IN (0x0001)	false
Apr 26, 2025 05:36:12.999794960 CEST	1.1.1.1	192.168.2.4	0x495b	No error (0)	dubaimagazine.net	192.250.231.52	A (IP address)	IN (0x0001)	false
Apr 26, 2025 05:36:14.724394083 CEST	1.1.1.1	192.168.2.4	0x55dd	No error (0)	counter.pscience.com.tr	13.38.227.193	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dubaimagazine.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49727	192.250.231.52	443	2000	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-26 03:36:13 UTC	819	OUT	GET /Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR HTTP/1.1 Host: dubaimagazine.net Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-26 03:36:13 UTC	363	IN	HTTP/1.1 301 Moved Permanently Date: Sat, 26 Apr 2025 03:36:13 GMT Server: Apache Location: https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/ Content-Length: 387 Connection: close Content-Type: text/html; charset=iso-8859-1
2025-04-26 03:36:13 UTC	387	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 75 62 61 69 6d 61 67 61 7a 69 6e 65 2e 6e 65 74 2f 51 2f 32 66 6d 6f 53 53 57 46 70 78 34 54 77 62 76 6c 57 39 4d 47 64 53 70 5a 49 5a 32 43 54 77 42 54 31 71 39 75 52 4c 37 59 5a 63 73 78 66 6c 30 35 63 58 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49726	192.250.231.52	443	2000	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-26 03:36:13 UTC	820	OUT	GET /Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR/ HTTP/1.1 Host: dubaimagazine.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-26 03:36:14 UTC	205	IN	HTTP/1.1 200 OK Date: Sat, 26 Apr 2025 03:36:13 GMT Server: Apache Last-Modified: Thu, 24 Apr 2025 05:15:30 GMT Accept-Ranges: bytes Content-Length: 471 Connection: close Content-Type: text/html
2025-04-26 03:36:14 UTC	471	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 71 75 65 72 79 53 74 72 69 6e 67 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 3b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 62 61 73 65 55 72 6c 20 3d 20 22 68 74 74 70 73 3a 2f 2f 63 6f 75 6e 74 65 72 2e 70 73 63 69 65 6e 63 65 2e 63 6f 6d 2e 74 72 2f 22 3b Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Redirecting...</title> <script> const queryString = window.location.search + window.location.hash; const baseUrl = "https://counter.pscience.com.tr/";

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 2496, Parent PID: 64

Function Logs

General

Target ID:	1
Start time:	23:36:03
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

COM Activities

WMI Operations

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 2000, Parent PID: 2496

Function Logs

General

Target ID:	2
Start time:	23:36:05
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1972,i,8510097911551230328,11922014215199043029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2000 /prefetch:3
Imagebase:	0x7ff62fc20000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6824, Parent PID: 64

Function Logs

General

Target ID:	4
Start time:	23:36:12
Start date:	25/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 54

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2496, Parent PID: 64

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

COM Activities

WMI Operations

Process Activities

Process Created

Windows Analysis Report
https://dubaimagazine.net/Q/2fmoSSWFpx4TwbvlW9MGdSpZIZ2CTwBT1q9uRL7YZcsxfl05cXRxCmV1jdJW89sTyfTnkIiym9Fqyd2RnRtJFScj34TjM9D3HXRViQCLDsN8qBExgjTpZvJ1a1ztvlhIpCdXxlPkYjcbo9QEbN8wKR