Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 23:26 UTC
Static task
static1
Behavioral task
behavioral1
Sample
431dd0e077ea6f3f9f9ac1d896cc490b.html
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
431dd0e077ea6f3f9f9ac1d896cc490b.html
Resource
win10v2004-20231222-en
General
-
Target
431dd0e077ea6f3f9f9ac1d896cc490b.html
-
Size
3.5MB
-
MD5
431dd0e077ea6f3f9f9ac1d896cc490b
-
SHA1
56f5ed61342484847af423f7ac501b59d85564a4
-
SHA256
f670843a8f193acecd442e9ce4d687251029ebb3bde5962b90e37e32a64cc41f
-
SHA512
35de5792e57257df3527d83a61fee28d609367719e7671be4806705b359a635ce30ee3f1ff4a6c2d450fae8757fe3294659e3ea09b79d193342540285e23d1fc
-
SSDEEP
12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6N1+:jvpjte4tT6z+
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "933972714" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079049" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c0000000002000000000010660000000100002000000012b7948aaeb66aa883493feb4d47b27aa59931699e7e2e58c7608bee52aba8c5000000000e8000000002000020000000770f05587658d48a3e77a7e631926ab50fdcd5e71d9dd727cdf5beb70eb6457e200000002d1b22621bee3e46c2b7ab575f389cf0c9a815fb11e6acd74cc741626648ce8440000000c9e32463f08818919712018f71ae14fbbb1db711937590efe6e23fd133fd5d6823c6f1687403cb0e4c497be402b4e0d6233e7c806ca23da923c987d50ee1c1be iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079049" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "930689116" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40ceab41893ada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000b24af77f9e0684e8fb250ebe1d4482dff534ae24b75b2e5ae72a5389bd7d1a76000000000e8000000002000020000000b4ab7901171a04cf27bb57cee7935a5630978af8ec30a83dbcb56b0ee7a7bf67200000009d1d3dfaa318b109d2536790f092c8636760bbc4d4a4eb6264c17301c3ef05a64000000021e02da30c2da05b0533df6081a0f082e9639d33abfc9bcf3e3808c62cffde260c46c873f34d73308f9b9477f191ab3a33111695d636229060f3985ac300886a iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079049" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410641341" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{63185585-A67C-11EE-A0B6-E2269387CB8A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403fae41893ada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "930689116" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1168 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1168 iexplore.exe 1168 iexplore.exe 3564 IEXPLORE.EXE 3564 IEXPLORE.EXE 3564 IEXPLORE.EXE 3564 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1168 wrote to memory of 3564 1168 iexplore.exe 32 PID 1168 wrote to memory of 3564 1168 iexplore.exe 32 PID 1168 wrote to memory of 3564 1168 iexplore.exe 32
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\431dd0e077ea6f3f9f9ac1d896cc490b.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1168 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3564
-
Network
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request193.178.17.96.in-addr.arpaIN PTRResponse193.178.17.96.in-addr.arpaIN PTRa96-17-178-193deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requeststatic.cloudflareinsights.comIN AResponsestatic.cloudflareinsights.comIN A104.16.57.101static.cloudflareinsights.comIN A104.16.56.101
-
Remote address:104.16.57.101:443RequestGET /beacon.min.js HTTP/2.0
host: static.cloudflareinsights.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 83d447d15d9463d9-LHR
content-encoding: gzip
-
Remote address:8.8.8.8:53Requestajax.googleapis.comIN AResponseajax.googleapis.comIN A142.250.180.10
-
Remote address:142.250.180.10:443RequestGET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Dec 2023 09:52:39 GMT
expires: Fri, 27 Dec 2024 09:52:39 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 119215
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.a-0001.a-msedge.netg-bing-com.a-0001.a-msedge.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=38AAF0BA015B6E9723F1E34C007C6F02; domain=.bing.com; expires=Wed, 22-Jan-2025 18:59:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CBEA4DB309EA46EF96566214B6334AFC Ref B: LON04EDGE0607 Ref C: 2023-12-29T18:59:31Z
date: Fri, 29 Dec 2023 18:59:30 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=38AAF0BA015B6E9723F1E34C007C6F02
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=VUh8OtVWxH01nOVNbTSktYptvTuCJUFz9m5bmyOqi48; domain=.bing.com; expires=Wed, 22-Jan-2025 18:59:31 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A2D748D04989499EBE4FC6382F651F70 Ref B: LON04EDGE0607 Ref C: 2023-12-29T18:59:31Z
date: Fri, 29 Dec 2023 18:59:30 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=Remote address:204.79.197.200:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=38AAF0BA015B6E9723F1E34C007C6F02; MSPTC=VUh8OtVWxH01nOVNbTSktYptvTuCJUFz9m5bmyOqi48
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D045BAE6B484D64AF77BC637A19395A Ref B: LON04EDGE0607 Ref C: 2023-12-29T18:59:31Z
date: Fri, 29 Dec 2023 18:59:30 GMT
-
Remote address:8.8.8.8:53Request101.57.16.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request101.57.16.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request101.57.16.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request9.228.82.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request10.180.250.142.in-addr.arpaIN PTRResponse10.180.250.142.in-addr.arpaIN PTRlhr25s32-in-f101e100net
-
Remote address:8.8.8.8:53Requestcode.jquery.comIN AResponsecode.jquery.comIN A151.101.130.137code.jquery.comIN A151.101.194.137code.jquery.comIN A151.101.66.137code.jquery.comIN A151.101.2.137
-
Remote address:151.101.130.137:443RequestGET /jquery-3.1.1.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 29 Dec 2023 18:59:36 GMT
age: 9075774
x-served-by: cache-lga21947-LGA, cache-lhr7393-LHR
x-cache: HIT, HIT
x-cache-hits: 125, 30077
x-timer: S1703876376.180864,VS0,VE0
vary: Accept-Encoding
content-length: 30070
-
Remote address:151.101.130.137:443RequestGET /jquery-3.2.1.slim.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 29 Dec 2023 18:59:43 GMT
age: 8972583
x-served-by: cache-lga21963-LGA, cache-lhr7393-LHR
x-cache: HIT, HIT
x-cache-hits: 7, 35233
x-timer: S1703876384.511186,VS0,VE0
vary: Accept-Encoding
content-length: 23856
-
Remote address:8.8.8.8:53Request233.38.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request233.38.18.104.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request137.130.101.151.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request137.130.101.151.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Requestmaxcdn.bootstrapcdn.comIN AResponsemaxcdn.bootstrapcdn.comIN A104.18.10.207maxcdn.bootstrapcdn.comIN A104.18.11.207
-
Remote address:104.18.10.207:443RequestGET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/23/2023 10:15:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 946
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d9b7ababe2fcb946f25bd60ef88cb64d
cdn-cache: HIT
cf-cache-status: HIT
age: 2617774
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83d44807cc7a2401-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:104.18.10.207:443RequestGET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 19:43:16
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 385680b1da2fe6b2deb6aba22df1cca4
cdn-cache: HIT
cf-cache-status: HIT
age: 508372
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83d44835df2f2401-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request41.110.16.96.in-addr.arpaIN PTRResponse41.110.16.96.in-addr.arpaIN PTRa96-16-110-41deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request207.10.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestkit.fontawesome.comIN AResponsekit.fontawesome.comIN CNAMEkit.fontawesome.com.cdn.cloudflare.netkit.fontawesome.com.cdn.cloudflare.netIN A104.18.40.68kit.fontawesome.com.cdn.cloudflare.netIN A172.64.147.188
-
Remote address:104.18.40.68:443RequestGET /585b051251.js HTTP/2.0
host: kit.fontawesome.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F6PN3tXqjcpIz_y1S99C
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 83d4482339a3dc45-LHR
content-encoding: gzip
-
Remote address:8.8.8.8:53Request234.187.250.142.in-addr.arpaIN PTRResponse234.187.250.142.in-addr.arpaIN PTRlhr25s34-in-f101e100net
-
Remote address:8.8.8.8:53Request68.40.18.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestka-f.fontawesome.comIN AResponseka-f.fontawesome.comIN CNAMEka-f.fontawesome.com.cdn.cloudflare.netka-f.fontawesome.com.cdn.cloudflare.netIN A172.64.128.7ka-f.fontawesome.com.cdn.cloudflare.netIN A172.64.129.7
-
GEThttps://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251IEXPLORE.EXERemote address:172.64.128.7:443RequestGET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
ResponseHTTP/2.0 200
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cdd8daeefcf66738f6e908663e79c33e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: SdXvnaSWwMp_0mQuLuqbSwY9dx-jnzgmuNDzrlpAuo3xX5adPKuUAQ==
age: 3668812
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W68SKLe9X%2FYzWt00YzB%2F8Hy6ispTsGSBSTDMOYTkxTkhNFGM87XCMGIerJKeAOWN3tFL%2BaSS7mThI%2FZsS0wDT2EiKtYPQ9TJfxoKuIsdfDLxJWMU0Dx7mHxhuu6kLLEHX2x%2FaguH%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83d448348bc163be-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:172.64.128.7:443RequestGET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
ResponseHTTP/2.0 200
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b74ec591a994ce96ac6e89b5e760c4bc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: TYSmI2kiJYfQ84gdtq8ycMAjSASBK9LE_LDQawtGQhJvXEtQBq_-3A==
age: 949762
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BfaoaS4cbUi9Ccz1vCKCHkToUyT8n6yXqxgHy6JudzVLjZJl%2FngSllfZGchjx39%2FWq225hMhtB2HCtSzMLY1vOanff%2BW4tpz22Na2ryK0Za0teHM3yeum6Q8U%2BuugOge0B%2BsZZN8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83d448348bbe63be-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN AResponsecdnjs.cloudflare.comIN A104.17.25.14cdnjs.cloudflare.comIN A104.17.24.14
-
Remote address:8.8.8.8:53Requestcdnjs.cloudflare.comIN A
-
Remote address:104.17.25.14:443RequestGET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
host: cdnjs.cloudflare.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript; charset=utf-8
content-length: 6908
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: gzip
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2645136
expires: Wed, 18 Dec 2024 18:59:46 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBtPUw1Em1QhUdIqvAZMEGZMp51YVJh7KF3XVFPRH5uk0gp60ki4%2FPSH4Gr%2BNPt8twJNIdTBauBCc55d9zejcGuFlDMPEW2RX4HjPD6OoVDQ8kvvYjZfQXQHTCCaYhUrA7vIuvqy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83d448350bd2418b-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request7.128.64.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request7.128.64.172.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request14.25.17.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request71.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request157.123.68.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request161.19.199.152.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request171.39.242.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request217.135.221.88.in-addr.arpaIN PTRResponse217.135.221.88.in-addr.arpaIN PTRa88-221-135-217deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request53.179.17.96.in-addr.arpaIN PTRResponse53.179.17.96.in-addr.arpaIN PTRa96-17-179-53deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request22.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request68.179.17.96.in-addr.arpaIN PTRResponse68.179.17.96.in-addr.arpaIN PTRa96-17-179-68deploystaticakamaitechnologiescom
-
1.7kB 11.3kB 24 20
HTTP Request
GET https://static.cloudflareinsights.com/beacon.min.jsHTTP Response
200 -
1.0kB 3.6kB 13 9
-
142.250.180.10:443https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jstls, http2IEXPLORE.EXE3.2kB 40.2kB 47 37
HTTP Request
GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.jsHTTP Response
200 -
1.5kB 8.2kB 19 13
-
204.79.197.200:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=tls, http22.1kB 11.0kB 23 21
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ac548b33b31f40ca94474fb660a47277&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=HTTP Response
204 -
3.7kB 63.9kB 61 60
HTTP Request
GET https://code.jquery.com/jquery-3.1.1.min.jsHTTP Response
200HTTP Request
GET https://code.jquery.com/jquery-3.2.1.slim.min.jsHTTP Response
200 -
1.1kB 6.4kB 16 15
-
104.18.10.207:443https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jstls, http2IEXPLORE.EXE3.5kB 49.8kB 60 55
HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.cssHTTP Response
200HTTP Request
GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.jsHTTP Response
200 -
1.1kB 5.9kB 15 10
-
3.0kB 9.8kB 24 15
HTTP Request
GET https://kit.fontawesome.com/585b051251.jsHTTP Response
200 -
1.2kB 4.7kB 14 9
-
172.64.128.7:443https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251tls, http2IEXPLORE.EXE2.9kB 25.3kB 34 25
HTTP Request
GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251HTTP Request
GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251HTTP Response
200HTTP Response
200 -
1.5kB 570 B 15 8
-
1.1kB 92 B 6 2
-
104.17.25.14:443https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jstls, http2IEXPLORE.EXE2.2kB 11.7kB 26 18
HTTP Request
GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsHTTP Response
200 -
921 B 4.5kB 13 8
-
1.5kB 8.7kB 17 13
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
193.178.17.96.in-addr.arpa
-
75 B 107 B 1 1
DNS Request
static.cloudflareinsights.com
DNS Response
104.16.57.101104.16.56.101
-
65 B 81 B 1 1
DNS Request
ajax.googleapis.com
DNS Response
142.250.180.10
-
56 B 158 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.20013.107.21.200
-
216 B 134 B 3 1
DNS Request
101.57.16.104.in-addr.arpa
DNS Request
101.57.16.104.in-addr.arpa
DNS Request
101.57.16.104.in-addr.arpa
-
219 B 144 B 3 1
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
DNS Request
95.221.229.192.in-addr.arpa
-
146 B 106 B 2 1
DNS Request
200.197.79.204.in-addr.arpa
DNS Request
200.197.79.204.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
9.228.82.20.in-addr.arpa
-
73 B 112 B 1 1
DNS Request
10.180.250.142.in-addr.arpa
-
61 B 125 B 1 1
DNS Request
code.jquery.com
DNS Response
151.101.130.137151.101.194.137151.101.66.137151.101.2.137
-
144 B 134 B 2 1
DNS Request
233.38.18.104.in-addr.arpa
DNS Request
233.38.18.104.in-addr.arpa
-
148 B 134 B 2 1
DNS Request
137.130.101.151.in-addr.arpa
DNS Request
137.130.101.151.in-addr.arpa
-
69 B 101 B 1 1
DNS Request
maxcdn.bootstrapcdn.com
DNS Response
104.18.10.207104.18.11.207
-
71 B 135 B 1 1
DNS Request
41.110.16.96.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
207.10.18.104.in-addr.arpa
-
65 B 149 B 1 1
DNS Request
kit.fontawesome.com
DNS Response
104.18.40.68172.64.147.188
-
74 B 113 B 1 1
DNS Request
234.187.250.142.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
68.40.18.104.in-addr.arpa
-
66 B 151 B 1 1
DNS Request
ka-f.fontawesome.com
DNS Response
172.64.128.7172.64.129.7
-
132 B 98 B 2 1
DNS Request
cdnjs.cloudflare.com
DNS Request
cdnjs.cloudflare.com
DNS Response
104.17.25.14104.17.24.14
-
142 B 133 B 2 1
DNS Request
7.128.64.172.in-addr.arpa
DNS Request
7.128.64.172.in-addr.arpa
-
71 B 133 B 1 1
DNS Request
14.25.17.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
71.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
161.19.199.152.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
157.123.68.40.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
171.39.242.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
217.135.221.88.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
53.179.17.96.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
22.236.111.52.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
68.179.17.96.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5dd1d068fdb5fe90b6c05a5b3940e088c
SHA10d96f9df8772633a9df4c81cf323a4ef8998ba59
SHA2566153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
SHA5127aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
84KB
MD5e071abda8fe61194711cfc2ab99fe104
SHA1f647a6d37dc4ca055ced3cf64bbc1f490070acba
SHA25685556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
SHA51253a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65
-
Filesize
83KB
MD52f6b11a7e914718e0290410e85366fe9
SHA169bb69e25ca7d5ef0935317584e6153f3fd9a88c
SHA25605b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
SHA5120d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db