4fb51f0e4b0f696e48e230143839d61a0e8b7e29d7a028aa7b107f40ca254c52

Analysis

max time kernel
1756s
max time network
1764s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 19:05 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

view.html
Size

82KB
MD5

8b9cbb2413d470cec027b795f2bd8b81
SHA1

04a417c0d32bf4c5fa5609b9849c895b076d3e2f
SHA256

4fb51f0e4b0f696e48e230143839d61a0e8b7e29d7a028aa7b107f40ca254c52
SHA512

fd1618781d75a6aaa7a81751cf3a19962a8ec532c18ddf6fa848a6ec03950a6fd7812a6c69c32b437a07e658d0f139c9f9596e59c92eaeb3266729f4f0588c12
SSDEEP

1536:M3JWEMUtS27jr8muNBMKwb/ZwCOEjW9+1ZqK:M9tZuI5+NK

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "493336923"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063158"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31063158"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{48DF2F3C-6869-11EE-9D98-C2C9425C9A59} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000f043a2cbdd3337cb4c8484d8fbe06c472e25e913e5aef3fa672481a94a22dca7000000000e8000000002000020000000c2cc56436412c74b0066d8cf89bb302d8938ab2b05f5be0d6279470e010594c32000000091212279183894fc2acb8ac0f36ddde89d8195018f7eb3631651b4fb939f87b040000000ee94d57ccf19532eba84e4bf424cf30570be1e2356647c7404eb13925d2bac3e6ccbaa42ead4871262ad5d918f4a4da582d829736448ec754824d22b60825ee6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "551851752"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "493336923"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31063158"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0040b43076fcd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000044e7540fef135e499edf4eab70c71d2f00000000020000000000106600000001000020000000e5629d3ae463540cb21932080d6e49fdf93c6dc1e817f535d43f8ede8fecd068000000000e80000000020000200000009acbf0df9e2a4de985a8bd2b0ab5f5c665ac55e376609280f1697b00068a73a420000000f7029eaaee8fc60bef504a11438167feec0bc74f725eed095d5bb05bcad30c67400000004c38730df11ecac1945bf42c05eff3ecab15fc261b0ec43823e62947dc345788427599eba709457c1137826292d0434ae9736ef27b047aafb55888067ad10601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403816170"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09cc93076fcd901	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1400	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1400	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1400	iexplore.exe
1400	iexplore.exe
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE
804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 804	1400	iexplore.exe	83
PID 1400 wrote to memory of 804	1400	iexplore.exe	83
PID 1400 wrote to memory of 804	1400	iexplore.exe	83

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\view.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1400 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:804

Network

DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

200.81.21.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.81.21.72.in-addr.arpa

IN PTR

Response
DNS

apis.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.23.206
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 40971
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Oct 2023 09:18:50 GMT
expires: Sat, 05 Oct 2024 09:18:50 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 02 Sep 2023 15:09:41 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 467294
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_1

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_1 HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 70810
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Oct 2023 13:07:34 GMT
expires: Thu, 10 Oct 2024 13:07:34 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 02 Sep 2023 15:09:41 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 21571
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/js/googleapis.proxy.js?onload=startup

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /js/googleapis.proxy.js?onload=startup HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 7120
date: Wed, 11 Oct 2023 19:07:28 GMT
expires: Wed, 11 Oct 2023 19:07:28 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "0e18a4db1cf9d940"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0?le=scs

IEXPLORE.EXE

Remote address:

172.217.23.206:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
accept: application/javascript, */*;q=0.8
referer: https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 27709
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 11 Oct 2023 13:07:35 GMT
expires: Thu, 10 Oct 2024 13:07:35 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 02 Sep 2023 15:09:41 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 21593
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f14�I
DNS

play.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.251.36.14
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.251.36.14:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 690
cache-control: no-cache

Response

HTTP/2.0 200

set-cookie: NID=511=SwPaZyd4JsJaR5THU6ApWTWyDTGkLbc1AeYW49vkATXy5T2svbutbHnOwQS0K0se9GuJTyc9Jzo0Q4KjKfEjuZ6e0UvCG3PcHH7TbDA4dKdXRubpLNQvhHW0GEVlQ1f4KoPVpY27G9_QF2AJeWei8Lo1e8qtcSu3iKyJ2vEBIY0; expires=Thu, 11-Apr-2024 19:07:06 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: http://play.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:07:06 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 11 Oct 2023 19:07:06 GMT
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.251.36.14:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 2604
cache-control: no-cache
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 200

access-control-allow-origin: http://play.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:07:28 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://play.google.com/log?format=json&hasfast=true

IEXPLORE.EXE

Remote address:

142.251.36.14:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
accept: */*
content-type: application/x-www-form-urlencoded;charset=utf-8
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 1162
cache-control: no-cache
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 200

access-control-allow-origin: http://play.google.com
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web
content-type: text/plain; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:08:06 GMT
server: Playlog
cache-control: private
content-length: 131
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

drive.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

drive.google.com

IN A

Response

drive.google.com

IN A

172.217.168.238
GET

https://drive.google.com/auth_warmup?origin=file%3A%2F%2F

IEXPLORE.EXE

Remote address:

172.217.168.238:443

Request

GET /auth_warmup?origin=file%3A%2F%2F HTTP/2.0
host: drive.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 403

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Oct 2023 19:07:06 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/DriveOsidBootstrap/cspreport
content-security-policy: script-src 'nonce-UdRAo221PXz_wAdNmK8QUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveOsidBootstrap/cspreport;worker-src 'self'
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
set-cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck; expires=Thu, 11-Apr-2024 19:07:06 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.23.195
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=31q37jxk8goa

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=31q37jxk8goa HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:07:06 GMT
expires: Thu, 10 Oct 2024 19:07:06 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite54.svg

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/viewer/v3/v-sprite54.svg HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 51928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 10 Oct 2023 17:32:18 GMT
expires: Wed, 09 Oct 2024 17:32:18 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 18:18:00 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Origin
age: 92088
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=nkejjuds0vej

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=nkejjuds0vej HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:07:31 GMT
expires: Thu, 10 Oct 2024 19:07:31 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=5ntjjjb132rz

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=5ntjjjb132rz HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:08:01 GMT
expires: Thu, 10 Oct 2024 19:08:01 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=x737w8uu6ufk

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=x737w8uu6ufk HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:08:37 GMT
expires: Thu, 10 Oct 2024 19:08:37 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=d0dgj5isbfeu

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=d0dgj5isbfeu HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:09:20 GMT
expires: Thu, 10 Oct 2024 19:09:20 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=5bbv25rxv3j1

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=5bbv25rxv3j1 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:10:12 GMT
expires: Thu, 10 Oct 2024 19:10:12 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

content.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

content.googleapis.com

IN A

Response

content.googleapis.com

IN A

172.217.168.202

content.googleapis.com

IN A

172.217.23.202

content.googleapis.com

IN A

216.58.208.106

content.googleapis.com

IN A

216.58.214.10

content.googleapis.com

IN A

142.250.179.138

content.googleapis.com

IN A

142.251.36.42

content.googleapis.com

IN A

172.217.168.234

content.googleapis.com

IN A

142.250.179.170

content.googleapis.com

IN A

142.250.179.202

content.googleapis.com

IN A

142.251.36.10

content.googleapis.com

IN A

142.251.39.106
GET

https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__

IEXPLORE.EXE

Remote address:

172.217.168.202:443

Request

GET /static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__ HTTP/2.0
host: content.googleapis.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy: script-src 'nonce-5mVuvmoONxODOfdMwvMRaQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/apiserving; base-uri 'none'
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apiserving
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apiserving"
report-to: {"group":"apiserving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apiserving"}]}
content-length: 271
date: Wed, 11 Oct 2023 19:07:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp; report-to="apiserving"
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

blobcomments-pa.clients6.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

blobcomments-pa.clients6.google.com

IN A

Response

blobcomments-pa.clients6.google.com

IN A

172.217.168.234
GET

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

IEXPLORE.EXE

Remote address:

172.217.168.234:443

Request

GET /v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 403

strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:07:06 GMT
server: ESF
cache-control: private
content-length: 299
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

IEXPLORE.EXE

Remote address:

172.217.168.234:443

Request

GET /v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 403

strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:07:30 GMT
server: ESF
cache-control: private
content-length: 300
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

IEXPLORE.EXE

Remote address:

172.217.168.234:443

Request

GET /v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379 HTTP/2.0
host: blobcomments-pa.clients6.google.com
accept: */*
x-goog-authuser: 0
x-javascript-user-agent: google-api-javascript-client/1.1.0
x-requested-with: XMLHttpRequest
x-goog-encode-response-if-executable: base64
x-clientdetails: appVersion=5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko&platform=Win32&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20WOW64%3B%20Trident%2F7.0%3B%20.NET4.0C%3B%20.NET4.0E%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.30729%3B%20.NET%20CLR%203.5.30729%3B%20rv%3A11.0)%20like%20Gecko
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: NID=511=lx0__O4seb6pqQRX5Gd4mxrUxTVMLQRWPz8WrV_gcjJWDFl3fR8QTXOADOswen8EG_xwslsFkzLJSDYm0pJ2ex9VQL5vSuSCsKNXK1rYv-DOKM49CYroCCPbP9SiowHcVwU3aHIionOrozryn-HxoKQGyZmt3SmjlnWgyv_5Rck

Response

HTTP/2.0 403

strict-transport-security: max-age=10886400; includeSubdomains
vary: Origin
vary: X-Origin
vary: Referer
content-type: application/json; charset=UTF-8
content-encoding: gzip
date: Wed, 11 Oct 2023 19:07:34 GMT
server: ESF
cache-control: private
content-length: 299
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

238.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.168.217.172.in-addr.arpa

IN PTR

Response

238.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f141e100net
DNS

195.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.23.217.172.in-addr.arpa

IN PTR

Response

195.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f31e100net

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f3�H

195.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f195�H
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

202.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.168.217.172.in-addr.arpa

IN PTR

Response

202.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f101e100net
DNS

234.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.168.217.172.in-addr.arpa

IN PTR

Response

234.168.217.172.in-addr.arpa

IN PTR

ams15s40-in-f101e100net
DNS

ssl.gstatic.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ssl.gstatic.com

IN A

Response

ssl.gstatic.com

IN A

172.217.23.195
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301473_1HBSI9G0ABXR5GSDS&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301473_1HBSI9G0ABXR5GSDS&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 155102
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E773CEFAC1A444D08083E4B2F53DB257 Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301040_1IYHHZNUS5XGPHJUX&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301040_1IYHHZNUS5XGPHJUX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 178602
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A7CBC0EA3DEF449389D0C95406BBB460 Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300965_1DQ2FNZEHERI9UUJI&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300965_1DQ2FNZEHERI9UUJI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 404223
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F9DF41336FB4C3C9741D447A761AECC Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301398_1SI4JLH5HQE0ZMCJV&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301398_1SI4JLH5HQE0ZMCJV&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 389443
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F3D34E1A19B3458FBAD4A96D9DFE8EAC Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301296_13RGXWTMPV4PYNPD7&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301296_13RGXWTMPV4PYNPD7&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 105094
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 20CA94BD359747B5A6B439BD0586C554 Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301705_1UVIX1BW7TVL4T1IZ&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301705_1UVIX1BW7TVL4T1IZ&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 93548
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AEB3D45A9402431692B868881DD432D5 Ref B: AMS04EDGE3610 Ref C: 2023-10-11T19:07:15Z
date: Wed, 11 Oct 2023 19:07:14 GMT
DNS

254.109.26.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.109.26.67.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=lgbuhupcrth7

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=lgbuhupcrth7 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:11:14 GMT
expires: Thu, 10 Oct 2024 19:11:14 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

214.80.50.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

214.80.50.20.in-addr.arpa

IN PTR

Response
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=osukrd23hzh1

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=osukrd23hzh1 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:12:29 GMT
expires: Thu, 10 Oct 2024 19:12:29 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9pwg4bxznux

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=9pwg4bxznux HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:13:59 GMT
expires: Thu, 10 Oct 2024 19:13:59 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9ihfqrd5fe0p

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=9ihfqrd5fe0p HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:15:46 GMT
expires: Thu, 10 Oct 2024 19:15:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=j2x44c3fei1e

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=j2x44c3fei1e HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:17:46 GMT
expires: Thu, 10 Oct 2024 19:17:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=2i5s83lr3i23

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=2i5s83lr3i23 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:19:46 GMT
expires: Thu, 10 Oct 2024 19:19:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=u8nuzdmrkmxj

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=u8nuzdmrkmxj HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:21:46 GMT
expires: Thu, 10 Oct 2024 19:21:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=sgj00jyx9pwr

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=sgj00jyx9pwr HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:23:46 GMT
expires: Thu, 10 Oct 2024 19:23:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=dlimc8ezdu51

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=dlimc8ezdu51 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:25:46 GMT
expires: Thu, 10 Oct 2024 19:25:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=x2i4n0ua8b7r

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=x2i4n0ua8b7r HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:27:46 GMT
expires: Thu, 10 Oct 2024 19:27:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=98oqamkp9qjh

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=98oqamkp9qjh HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:29:46 GMT
expires: Thu, 10 Oct 2024 19:29:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=ty69agrl6ri3

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=ty69agrl6ri3 HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:31:46 GMT
expires: Thu, 10 Oct 2024 19:31:46 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=xsts7awpxx8j

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=xsts7awpxx8j HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:33:47 GMT
expires: Thu, 10 Oct 2024 19:33:47 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=q18u968khw2r

IEXPLORE.EXE

Remote address:

172.217.23.195:443

Request

GET /docs/common/cleardot.gif?zx=q18u968khw2r HTTP/2.0
host: ssl.gstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-type: image/gif
vary: Origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/docs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="docs"
report-to: {"group":"docs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/docs"}]}
content-length: 43
date: Wed, 11 Oct 2023 19:35:47 GMT
expires: Thu, 10 Oct 2024 19:35:47 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Dec 2021 12:48:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

142.250.179.131:445

fonts.gstatic.com

260 B
5
142.250.179.131:139

fonts.gstatic.com

260 B
5
172.217.23.206:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0?le=scs

tls, http2

IEXPLORE.EXE

8.0kB
161.7kB
141
134

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=client/exm=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_1

HTTP Response

200

HTTP Request

GET https://apis.google.com/js/googleapis.proxy.js?onload=startup

HTTP Response

200

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.Ox0HebTIzao.O/m=googleapis_proxy/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw/cb=gapi.loaded_0?le=scs

HTTP Response

200
172.217.23.206:443

apis.google.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
142.251.36.14:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

IEXPLORE.EXE

7.5kB
11.0kB
41
35

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Response

200
172.217.168.238:443

drive.google.com

tls, http2

IEXPLORE.EXE

1.1kB
7.6kB
16
12
172.217.168.238:443

https://drive.google.com/auth_warmup?origin=file%3A%2F%2F

tls, http2

IEXPLORE.EXE

1.7kB
10.4kB
23
19

HTTP Request

GET https://drive.google.com/auth_warmup?origin=file%3A%2F%2F

HTTP Response

403
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=5bbv25rxv3j1

tls, http2

IEXPLORE.EXE

5.3kB
63.1kB
88
82

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=31q37jxk8goa

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/viewer/v3/v-sprite54.svg

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=nkejjuds0vej

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=5ntjjjb132rz

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=x737w8uu6ufk

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=d0dgj5isbfeu

HTTP Response

200

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=5bbv25rxv3j1

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
5.1kB
15
11
172.217.168.202:443

https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__

tls, http2

IEXPLORE.EXE

1.7kB
6.9kB
21
15

HTTP Request

GET https://content.googleapis.com/static/proxy.html?usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.Ox0HebTIzao.O%2Fd%3D1%2Frs%3DAHpOoo9JBE0z9__nE4FgyS-eLRbRwEP9Gw%2Fm%3D__features__

HTTP Response

200
172.217.168.202:443

content.googleapis.com

tls, http2

IEXPLORE.EXE

1.1kB
5.5kB
15
11
172.217.168.234:443

https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

tls, http2

IEXPLORE.EXE

3.3kB
13.9kB
37
32

HTTP Request

GET https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

HTTP Response

403

HTTP Request

GET https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

HTTP Response

403

HTTP Request

GET https://blobcomments-pa.clients6.google.com/v1/metadata?docId=1XM_-gWUU-4JEe6Za7GxMzO8hzPzJzeeK&revisionId=0ByBbUEUe_16BR3pQbWEyYzBjSCtRM3l4YlVzUStaajFrUWxRPQ&userLocale=en&timeZoneId=Etc%2FGMT&documentResourceKey.resourceKey&forceImportEnabled=true&key=AIzaSyCMp6sr4oTC18AWkE2Ii4UBZHTHEpGZWZM&%24unique=gc379

HTTP Response

403
172.217.168.234:443

blobcomments-pa.clients6.google.com

tls, http2

IEXPLORE.EXE

1.3kB
10.7kB
19
15
172.217.23.195:445

ssl.gstatic.com

260 B
5
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301705_1UVIX1BW7TVL4T1IZ&pid=21.2&w=1080&h=1920&c=4

tls, http2

49.8kB
1.4MB
1049
1046

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301473_1HBSI9G0ABXR5GSDS&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301040_1IYHHZNUS5XGPHJUX&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300965_1DQ2FNZEHERI9UUJI&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301398_1SI4JLH5HQE0ZMCJV&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301296_13RGXWTMPV4PYNPD7&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301705_1UVIX1BW7TVL4T1IZ&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.3kB
15
15
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=lgbuhupcrth7

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=lgbuhupcrth7

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=osukrd23hzh1

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=osukrd23hzh1

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9pwg4bxznux

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9pwg4bxznux

HTTP Response

200
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9ihfqrd5fe0p

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=9ihfqrd5fe0p

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=j2x44c3fei1e

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=j2x44c3fei1e

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=2i5s83lr3i23

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=2i5s83lr3i23

HTTP Response

200
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=u8nuzdmrkmxj

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=u8nuzdmrkmxj

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=sgj00jyx9pwr

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=sgj00jyx9pwr

HTTP Response

200
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=dlimc8ezdu51

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=dlimc8ezdu51

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=x2i4n0ua8b7r

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=x2i4n0ua8b7r

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=98oqamkp9qjh

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=98oqamkp9qjh

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=ty69agrl6ri3

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=ty69agrl6ri3

HTTP Response

200
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=xsts7awpxx8j

tls, http2

IEXPLORE.EXE

1.6kB
1.3kB
16
11

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=xsts7awpxx8j

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.1kB
523 B
11
7
172.217.23.195:443

https://ssl.gstatic.com/docs/common/cleardot.gif?zx=q18u968khw2r

tls, http2

IEXPLORE.EXE

1.5kB
1.3kB
14
10

HTTP Request

GET https://ssl.gstatic.com/docs/common/cleardot.gif?zx=q18u968khw2r

HTTP Response

200
172.217.23.195:443

ssl.gstatic.com

tls, http2

IEXPLORE.EXE

1.0kB
483 B
9
6

8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

200.81.21.72.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

200.81.21.72.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

IEXPLORE.EXE

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

172.217.23.206
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

play.google.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.251.36.14
8.8.8.8:53

drive.google.com

dns

IEXPLORE.EXE

62 B
78 B
1
1

DNS Request

drive.google.com

DNS Response

172.217.168.238
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.23.195
8.8.8.8:53

content.googleapis.com

dns

IEXPLORE.EXE

68 B
244 B
1
1

DNS Request

content.googleapis.com

DNS Response

172.217.168.202

172.217.23.202

216.58.208.106

216.58.214.10

142.250.179.138

142.251.36.42

172.217.168.234

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106
8.8.8.8:53

blobcomments-pa.clients6.google.com

dns

IEXPLORE.EXE

81 B
97 B
1
1

DNS Request

blobcomments-pa.clients6.google.com

DNS Response

172.217.168.234
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

238.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.168.217.172.in-addr.arpa
8.8.8.8:53

195.23.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

195.23.217.172.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

202.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.168.217.172.in-addr.arpa
8.8.8.8:53

234.168.217.172.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.168.217.172.in-addr.arpa
8.8.8.8:53

ssl.gstatic.com

dns

IEXPLORE.EXE

61 B
77 B
1
1

DNS Request

ssl.gstatic.com

DNS Response

172.217.23.195
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

254.109.26.67.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.109.26.67.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

214.80.50.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

214.80.50.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\19QTJWOB\cb=gapi[3].js

Filesize
77KB

MD5
f8641435b075d5b0a4e0e9efda7ed078

SHA1
f59a288c49b88045dbea3981904533b291fb04c4

SHA256
bb2275ed1c4a0d331755bc21d559e1fd796f3a7c0909887e187b12d5e0bade24

SHA512
8c595f19ad88e0ce76e881ef4973ef894da50e340ff600ecf3344fe5f81c3a2910d7dac27fdd47b1caaed1a24895babd0bef7c7894cd9af69b3c54b226e4cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\19QTJWOB\cleardot[1].gif

Filesize
43B

MD5
fc94fb0c3ed8a8f909dbc7630a0987ff

SHA1
56d45f8a17f5078a20af9962c992ca4678450765

SHA256
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

SHA512
c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FTKK3XKB\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request