42ad0d070f0bfc1ef1d704fca8044762b0787d3c0e8a9965234989d8bc8eb4c4

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

122842a30914de7cf9342eb77ffce013.html
Size

16KB
MD5

122842a30914de7cf9342eb77ffce013
SHA1

5187639fd8c2d589fa42fd8a86581d0f09488d13
SHA256

42ad0d070f0bfc1ef1d704fca8044762b0787d3c0e8a9965234989d8bc8eb4c4
SHA512

35ec3b0d844e4a2dbdd3e0d9eee5676e8aba46c78f59924b823a561894ef3ba26eff03a69dbb1640274c91f42936e1fdb89cfb0cb7eeb61a072901c830575874
SSDEEP

384:S6IeK7MS/WukqV9FIRhfxSzahIvBl3LknV:SfeK5nFyfOa/nV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078632"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "946839769"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078632"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000a3b3956a920ab152b61a9ff6464b9084873f752220eb2a66031beb357bf7d25f000000000e8000000002000020000000c785892c01cf7625712837ee9462d7e8cb8d9b35f4a3eff29f19119337144ee120000000f5dbce337053a4a90b90137f4a37ba778cef4db7eb85c6d2c4cf683815d155e540000000497081ca119a6ae93acd8bdbe52ea9a9aea05f1ccfdd9a0fa8a7b87f78881c4e42c9305e4a908c647e7111a748126204fd47c90db65f73a6ec7e182be5f120d8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000a5eb12d7d197c973f0b9cdd75417ff9d8aff66ba8429134560fae5f855a66fc6000000000e8000000002000020000000d7479f1cb097bc91660e7187e99346a0fe293f90f4a222917688cd35811bd35820000000f1f0d4117a5ca5408497c3cc9beead59a0adc1670aefba9d66789a8d3ffb35494000000060f19984c6e2ab8378d332f08ba982bbd70e00589aa7ddfa284135e4db95f9479dc32ba18a6a6c76e33d5933a75387d2529690f42934945a7d5006d8c88ae747	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078632"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "951371338"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{63C81665-A4DB-11EE-9ECD-7E4216712C33} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0eb6d62e838da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0096962e838da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078632"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "946839769"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "951371338"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410462245"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4600	iexplore.exe
4600	iexplore.exe
1052	IEXPLORE.EXE
1052	IEXPLORE.EXE
1052	IEXPLORE.EXE
1052	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 1052	4600	iexplore.exe	89
PID 4600 wrote to memory of 1052	4600	iexplore.exe	89
PID 4600 wrote to memory of 1052	4600	iexplore.exe	89

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\122842a30914de7cf9342eb77ffce013.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4600 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1052

Network

DNS

stylessl.aliunicorn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stylessl.aliunicorn.com

IN A

Response

stylessl.aliunicorn.com

IN CNAME

stylessl.aliunicorn.com.gds.alibabadns.com

stylessl.aliunicorn.com.gds.alibabadns.com

IN CNAME

useast-scproxy.alibabacorp.com

useast-scproxy.alibabacorp.com

IN CNAME

useast-scproxy.alibabacorp.com.gds.alibabadns.com

useast-scproxy.alibabacorp.com.gds.alibabadns.com

IN A

47.246.136.140
DNS

stylessl.alibaba.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

stylessl.alibaba.com

IN A

Response

stylessl.alibaba.com

IN CNAME

100-us-scproxy.alibaba.com

100-us-scproxy.alibaba.com

IN CNAME

100-us-scproxy.alibaba.com.gds.alibabadns.com

100-us-scproxy.alibaba.com.gds.alibabadns.com

IN CNAME

useast-scproxy.alibaba.com

useast-scproxy.alibaba.com

IN CNAME

useast-scproxy.alibaba.com.gds.alibabadns.com

useast-scproxy.alibaba.com.gds.alibabadns.com

IN A

47.246.137.81
DNS

img.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.alicdn.com

IN A

Response

img.alicdn.com

IN CNAME

img.alicdn.com.danuoyi.alicdn.com

img.alicdn.com.danuoyi.alicdn.com

IN A

104.166.182.98

img.alicdn.com.danuoyi.alicdn.com

IN A

79.133.176.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.46.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.48.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.2.253

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.1.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.44.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.15.248

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.0.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.50.171

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.92.148

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.45.114

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.49.106

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.49.249

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.50.107

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.3.54
DNS

img.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.alicdn.com

IN A
GET

https://stylessl.alibaba.com/js/beacon_en.js

IEXPLORE.EXE

Remote address:

47.246.137.81:443

Request

GET /js/beacon_en.js HTTP/2.0
host: stylessl.alibaba.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:14:33 GMT
content-type: application/javascript
server: Tengine
vary: Accept-Encoding
traceid: 21032cb317036972735475246ed635
last-modified: Tue, 07 Feb 2023 09:12:01 GMT
cache-control: max-age=300
access-control-allow-origin: *
content-disposition: attachment; filename="js/beacon_en.js"
content-encoding: gzip
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 21032cb317036972735475246ed635
server-timing: rt;dur=0.276,eagleid;desc=21032cb317036972735475246ed635
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
GET

https://stylessl.aliunicorn.com/simg/single/icon/ask.gif

IEXPLORE.EXE

Remote address:

47.246.136.140:443

Request

GET /simg/single/icon/ask.gif HTTP/2.0
host: stylessl.aliunicorn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:14:33 GMT
content-type: image/gif
content-length: 1380
set-cookie: ali_apache_id=33.1.243.251.1703697273609.476778.1; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
x-server-id: 5dd621d318911325a05c259270f04ee8141bbe490e1e7b9bcc358da1ed5d9acc921c630316b46fd3
expires: Thu, 26 Dec 2024 17:14:33 GMT
cache-control: max-age=31536000
last-modified: Mon, 26 Mar 2018 06:55:57 GMT
etag: a3406b71_0
vary: Accept-Encoding
access-control-allow-origin: *
x-readtime: 1
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2101f3fb17036972736082610ef269
server-timing: rt;dur=0.003,eagleid;desc=2101f3fb17036972736082610ef269
GET

https://stylessl.aliunicorn.com/6v/apollo/core/core-sc%7C6v/apollo/mod/button/button-sc%7C6v/apollo/mod/form/form-sc%7C6v/apollo/mod/footer/footer-sc%7C6v/run/login/home/home-buyer%7CMODERN_BROWSER%7Cv_0_b030576d0.css

IEXPLORE.EXE

Remote address:

47.246.136.140:443

Request

GET /6v/apollo/core/core-sc%7C6v/apollo/mod/button/button-sc%7C6v/apollo/mod/form/form-sc%7C6v/apollo/mod/footer/footer-sc%7C6v/run/login/home/home-buyer%7CMODERN_BROWSER%7Cv_0_b030576d0.css HTTP/2.0
host: stylessl.aliunicorn.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:14:33 GMT
content-type: text/css
vary: Accept-Encoding
set-cookie: ali_apache_id=33.1.243.251.1703697273610.375240.2; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
x-server-id: 5dd621d318911325a05c259270f04ee86978561e8707b2eecc358da1ed5d9acc921c630316b46fd3
expires: Wed, 27 Dec 2023 17:15:03 GMT
cache-control: max-age=30
last-modified: Mon, 26 Mar 2018 06:55:57 GMT
vary: Accept-Encoding
access-control-allow-origin: *
x-readtime: 2
content-encoding: gzip
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2101f3fb17036972736082611ef269
server-timing: rt;dur=0.006,eagleid;desc=2101f3fb17036972736082611ef269
GET

https://stylessl.aliunicorn.com/simg/sprites/app/header.png?t=ba01a9cf_0

IEXPLORE.EXE

Remote address:

47.246.136.140:443

Request

GET /simg/sprites/app/header.png?t=ba01a9cf_0 HTTP/2.0
host: stylessl.aliunicorn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:14:56 GMT
content-type: image/png
content-length: 3240
set-cookie: ali_apache_id=33.1.243.251.1703697296888.476483.8; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
x-server-id: 5dd621d318911325a05c259270f04ee8141bbe490e1e7b9bcc358da1ed5d9acc921c630316b46fd3
expires: Thu, 26 Dec 2024 17:14:56 GMT
cache-control: max-age=31536000
last-modified: Mon, 26 Mar 2018 06:55:57 GMT
etag: ba01a9cf_0
vary: Accept-Encoding
access-control-allow-origin: *
x-readtime: 1
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2101f3fb17036972968862868ef269
server-timing: rt;dur=0.003,eagleid;desc=2101f3fb17036972968862868ef269
GET

https://stylessl.aliunicorn.com/simg/sprites/env/home/signin/ic-feedback-error.png?t=5a624905_0

IEXPLORE.EXE

Remote address:

47.246.136.140:443

Request

GET /simg/sprites/env/home/signin/ic-feedback-error.png?t=5a624905_0 HTTP/2.0
host: stylessl.aliunicorn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:14:56 GMT
content-type: image/png
content-length: 1260
set-cookie: ali_apache_id=33.1.243.251.1703697296888.374940.9; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
x-server-id: 5dd621d318911325a05c259270f04ee86978561e8707b2eecc358da1ed5d9acc921c630316b46fd3
expires: Thu, 26 Dec 2024 17:14:56 GMT
cache-control: max-age=31536000
last-modified: Mon, 26 Mar 2018 06:55:57 GMT
etag: 5a624905_0
vary: Accept-Encoding
access-control-allow-origin: *
x-readtime: 1
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2101f3fb17036972968862869ef269
server-timing: rt;dur=0.003,eagleid;desc=2101f3fb17036972968862869ef269
GET

https://stylessl.aliunicorn.com/simg/sprites/env/home/signin/facebook.gif?t=63d80463_0

IEXPLORE.EXE

Remote address:

47.246.136.140:443

Request

GET /simg/sprites/env/home/signin/facebook.gif?t=63d80463_0 HTTP/2.0
host: stylessl.aliunicorn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:15:16 GMT
content-type: image/gif
content-length: 1214
set-cookie: ali_apache_id=33.1.243.251.1703697316301.476358.0; path=/; domain=.alibaba.com; expires=Wed, 30-Nov-2084 01:01:01 GMT
x-server-id: 5dd621d318911325a05c259270f04ee8141bbe490e1e7b9bcc358da1ed5d9acc921c630316b46fd3
expires: Thu, 26 Dec 2024 17:15:16 GMT
cache-control: max-age=31536000
last-modified: Mon, 26 Mar 2018 06:55:57 GMT
etag: 63d80463_0
vary: Accept-Encoding
access-control-allow-origin: *
x-readtime: 0
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2101f3fb17036973162993263ef269
server-timing: rt;dur=0.004,eagleid;desc=2101f3fb17036973162993263ef269
DNS

81.137.246.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.137.246.47.in-addr.arpa

IN PTR

Response
DNS

140.136.246.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.136.246.47.in-addr.arpa

IN PTR

Response
DNS

146.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.177.190.20.in-addr.arpa

IN PTR

Response
DNS

12.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.17.96.in-addr.arpa

IN PTR

Response

12.179.17.96.in-addr.arpa

IN PTR

a96-17-179-12deploystaticakamaitechnologiescom
GET

https://img.alicdn.com/tps/TB1dsEEKFXXXXX7XVXXXXXXXXXX-740-420.jpg

IEXPLORE.EXE

Remote address:

104.166.182.98:443

Request

GET /tps/TB1dsEEKFXXXXX7XVXXXXXXXXXX-740-420.jpg HTTP/2.0
host: img.alicdn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: Tengine
content-type: image/jpeg
content-length: 34656
date: Sat, 23 Dec 2023 16:04:10 GMT
last-modified: Mon, 17 Jul 2023 05:02:15 GMT
picasso-ret-code: SUCCESS
picasso-cache-info: MISS
request-time: 0.105
traceid: 2ff602a417033474494745344e
picasso-image-type: normal
cache-control: max-age=31536000
ali-swift-global-savetime: 1703347450
via: cache35.l2us1[0,0,200-0,H], cache4.l2us1[0,0], cache1.ru7[0,0,200-0,H], cache11.ru7[3,0]
access-control-allow-origin: *
age: 349823
x-cache: HIT TCP_HIT dirn:12:280060277
x-swift-savetime: Mon, 25 Dec 2023 21:11:25 GMT
x-swift-cachetime: 31344765
s-rt: 3
vary: Accept
timing-allow-origin: *
eagleid: 68a6b69f17036972733775526e
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

98.182.166.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.182.166.104.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

226.20.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.20.18.104.in-addr.arpa

IN PTR

Response
DNS

gj.mmstat.com

Remote address:

8.8.8.8:53

Request

gj.mmstat.com

IN A

Response

gj.mmstat.com

IN CNAME

gj.gds.mmstat.com

gj.gds.mmstat.com

IN A

47.246.136.160
DNS

gj.mmstat.com

Remote address:

8.8.8.8:53

Request

gj.mmstat.com

IN A

Response

gj.mmstat.com

IN CNAME

gj.gds.mmstat.com

gj.gds.mmstat.com

IN A

47.246.136.160
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

img.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.alicdn.com

IN A

Response

img.alicdn.com

IN CNAME

img.alicdn.com.danuoyi.alicdn.com

img.alicdn.com.danuoyi.alicdn.com

IN A

104.166.182.98

img.alicdn.com.danuoyi.alicdn.com

IN A

79.133.176.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.46.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.48.252

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.2.253

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.1.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.44.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.15.248

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.0.251

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.50.171

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.92.148

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.45.114

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.49.106

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.49.249

img.alicdn.com.danuoyi.alicdn.com

IN A

163.181.50.107

img.alicdn.com.danuoyi.alicdn.com

IN A

47.246.3.54
DNS

img.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img.alicdn.com

IN A
DNS

i.alicdn.com

Remote address:

8.8.8.8:53

Request

i.alicdn.com

IN A

Response

i.alicdn.com

IN CNAME

areaall-resources-akamai.aliexpress.com

areaall-resources-akamai.aliexpress.com

IN CNAME

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

IN CNAME

eu1111.alicdn.com.edgekey.net

eu1111.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

i.alicdn.com

Remote address:

8.8.8.8:53

Request

i.alicdn.com

IN A

Response

i.alicdn.com

IN CNAME

areaall-resources-akamai.aliexpress.com

areaall-resources-akamai.aliexpress.com

IN CNAME

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

IN CNAME

eu1111.alicdn.com.edgekey.net

eu1111.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

s.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s.alicdn.com

IN A

Response

s.alicdn.com

IN CNAME

s.alicdn.com.gds.alibabadns.com

s.alicdn.com.gds.alibabadns.com

IN CNAME

www.alibaba.com.edgekey.net

www.alibaba.com.edgekey.net

IN CNAME

e11983.x.akamaiedge.net

e11983.x.akamaiedge.net

IN A

104.82.235.79
DNS

s.alicdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

s.alicdn.com

IN A

Response

s.alicdn.com

IN CNAME

s.alicdn.com.gds.alibabadns.com

s.alicdn.com.gds.alibabadns.com

IN CNAME

www.alibaba.com.edgekey.net

www.alibaba.com.edgekey.net

IN CNAME

e11983.x.akamaiedge.net

e11983.x.akamaiedge.net

IN A

104.82.235.79
GET

https://s.alicdn.com/@img/tfs/TB1lrY2vUT1gK0jSZFrXXcNCXXa-2200-600.png

IEXPLORE.EXE

Remote address:

104.82.235.79:443

Request

GET /@img/tfs/TB1lrY2vUT1gK0jSZFrXXcNCXXa-2200-600.png HTTP/2.0
host: s.alicdn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: image/png
content-length: 397091
server: Tengine
last-modified: Thu, 28 Sep 2023 00:36:20 GMT
picasso-ret-code: SUCCESS
picasso-cache-info: MISS
request-time: 0.255
traceid: 2103284317033474658464168ebac6
picasso-image-type: normal
cache-control: max-age=31536000
ali-swift-global-savetime: 1703347466
x-swift-savetime: Sat, 23 Dec 2023 16:04:26 GMT
x-swift-cachetime: 31536000
s-rt: 518
timing-allow-origin: *
eagleid: 2103284317033474658464168ebac6
real-source-url: https://img.alicdn.com/tfs/TB1lrY2vUT1gK0jSZFrXXcNCXXa-2200-600.png_q80.jpg
strict-transport-security: max-age=31536000
timing-allow-origin: *
eagleid: 2103284317033474658464168ebac6
server-timing: rt;dur=0.541,eagleid;desc=2103284317033474658464168ebac6
date: Wed, 27 Dec 2023 17:15:19 GMT
object-status: ttl=31536000,age=349910
served-from: 92.123.132.69
network_info: GB_LONDON_3257
timing-allow-origin: *
access-control-allow-origin: *
access-control-expose-headers: FW_IP
fw_ip: 104.82.235.79
DNS

100.5.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.5.17.2.in-addr.arpa

IN PTR

Response

100.5.17.2.in-addr.arpa

IN PTR

a2-17-5-100deploystaticakamaitechnologiescom
DNS

i.alicdn.com

Remote address:

8.8.8.8:53

Request

i.alicdn.com

IN A

Response

i.alicdn.com

IN CNAME

areaall-resources-akamai.aliexpress.com

areaall-resources-akamai.aliexpress.com

IN CNAME

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

areaall-resources-akamai.aliexpress.com.gds.alibabadns.com

IN CNAME

eu1111.alicdn.com.edgekey.net

eu1111.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

i.alicdn.com

Remote address:

8.8.8.8:53

Request

i.alicdn.com

IN A
DNS

79.235.82.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.235.82.104.in-addr.arpa

IN PTR

Response

79.235.82.104.in-addr.arpa

IN PTR

a104-82-235-79deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

8.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.179.17.96.in-addr.arpa

IN PTR

Response

8.179.17.96.in-addr.arpa

IN PTR

a96-17-179-8deploystaticakamaitechnologiescom
DNS

8.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.179.17.96.in-addr.arpa

IN PTR
DNS

209.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.135.221.88.in-addr.arpa

IN PTR

Response

209.135.221.88.in-addr.arpa

IN PTR

a88-221-135-209deploystaticakamaitechnologiescom
DNS

39.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.179.17.96.in-addr.arpa

IN PTR

Response

39.179.17.96.in-addr.arpa

IN PTR

a96-17-179-39deploystaticakamaitechnologiescom
DNS

39.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.179.17.96.in-addr.arpa

IN PTR
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

ynuf.alipay.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ynuf.alipay.com

IN A

Response

ynuf.alipay.com

IN CNAME

ynuf.alipaydns.com

ynuf.alipaydns.com

IN CNAME

default.ovs.us.wagbridge.ad.alibabacorp.com

default.ovs.us.wagbridge.ad.alibabacorp.com

IN CNAME

default.ovs.us.wagbridge.ad.alibabacorp.com.gds.alibabadns.com

default.ovs.us.wagbridge.ad.alibabacorp.com.gds.alibabadns.com

IN A

47.246.136.188
DNS

ynuf.alipay.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ynuf.alipay.com

IN A

Response

ynuf.alipay.com

IN CNAME

ynuf.alipaydns.com

ynuf.alipaydns.com

IN CNAME

default.ovs.us.wagbridge.ad.alibabacorp.com

default.ovs.us.wagbridge.ad.alibabacorp.com

IN CNAME

default.ovs.us.wagbridge.ad.alibabacorp.com.gds.alibabadns.com

default.ovs.us.wagbridge.ad.alibabacorp.com.gds.alibabadns.com

IN A

47.246.136.190
GET

https://ynuf.alipay.com/service/clear.png?xt=B4f7bf6a781a606f1054344c8daf46901&xa=intl-login

IEXPLORE.EXE

Remote address:

47.246.136.188:443

Request

GET /service/clear.png?xt=B4f7bf6a781a606f1054344c8daf46901&xa=intl-login HTTP/2.0
host: ynuf.alipay.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 17:15:40 GMT
content-type: image/png
content-length: 81
server: Tengine
x-application-context: umid-web:cn-prod:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
eagleeye-traceid: 2101d8f917036973400294605eb24b
strict-transport-security: max-age=0
timing-allow-origin: *
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.212

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.213

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.209

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.215

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.211

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.210

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.216

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.214
DNS

ocsp.dcocsp.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ocsp.dcocsp.cn

IN A

Response

ocsp.dcocsp.cn

IN CNAME

ocsp.dcocsp.cn.w.kunlunar.com

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.209

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.210

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.211

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.212

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.213

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.214

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.215

ocsp.dcocsp.cn.w.kunlunar.com

IN A

163.181.56.216
DNS

188.136.246.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.136.246.47.in-addr.arpa

IN PTR

Response
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

IEXPLORE.EXE

Remote address:

163.181.56.212:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Wed, 27 Dec 2023 16:17:41 GMT
Ali-Swift-Global-Savetime: 1703693861
Via: cache12.l2de2[0,0,200-0,H], cache7.l2de2[1,0], ens-cache3.de4[0,0,200-0,H], ens-cache4.de4[3,0]
Age: 3478
X-Cache: HIT TCP_MEM_HIT dirn:8:76160089
X-Swift-SaveTime: Wed, 27 Dec 2023 16:17:41 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62b1c17036973395654717e
GET

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAfIGC8YGxt%2Frz%2Fr4j%2B3c8U%3D

IEXPLORE.EXE

Remote address:

163.181.56.212:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAfIGC8YGxt%2Frz%2Fr4j%2B3c8U%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.dcocsp.cn

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Wed, 27 Dec 2023 17:07:41 GMT
Ali-Swift-Global-Savetime: 1703696861
Via: cache8.l2de2[201,202,200-0,M], cache1.l2de2[203,0], ens-cache1.de4[0,0,200-0,H], ens-cache4.de4[0,0]
Age: 478
X-Cache: HIT TCP_MEM_HIT dirn:9:154451972
X-Swift-SaveTime: Wed, 27 Dec 2023 17:07:41 GMT
X-Swift-CacheTime: 3600
Timing-Allow-Origin: *
EagleId: 2ff62b1c17036973399046058e
DNS

212.56.181.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.56.181.163.in-addr.arpa

IN PTR

Response
DNS

u.alicdn.com

Remote address:

8.8.8.8:53

Request

u.alicdn.com

IN A

Response

u.alicdn.com

IN CNAME

wildcard.alicdn.com.edgekey.net

wildcard.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

u.alicdn.com

Remote address:

8.8.8.8:53

Request

u.alicdn.com

IN A

Response

u.alicdn.com

IN CNAME

wildcard.alicdn.com.edgekey.net

wildcard.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

u.alicdn.com

Remote address:

8.8.8.8:53

Request

u.alicdn.com

IN A

Response

u.alicdn.com

IN CNAME

wildcard.alicdn.com.edgekey.net

wildcard.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

u.alicdn.com

Remote address:

8.8.8.8:53

Request

u.alicdn.com

IN A

Response

u.alicdn.com

IN CNAME

wildcard.alicdn.com.edgekey.net

wildcard.alicdn.com.edgekey.net

IN CNAME

e11956.x.akamaiedge.net

e11956.x.akamaiedge.net

IN A

104.82.235.52
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301027_1P8EBE4G3UJALA1HE&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301027_1P8EBE4G3UJALA1HE&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 391016
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D39D3239A7B849E9A6DB3A97120A8566 Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:07Z
date: Wed, 27 Dec 2023 17:16:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 384492
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4A12AA19374740EBBC5C44C39A3AB5E1 Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:07Z
date: Wed, 27 Dec 2023 17:16:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301460_1LJMCN8XKMH4PYVSW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301460_1LJMCN8XKMH4PYVSW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 345225
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0329DB629D0A4AF586094424A46D0249 Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:07Z
date: Wed, 27 Dec 2023 17:16:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 508519
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6DCD79056C524E0789C13C2AF803A5BF Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:07Z
date: Wed, 27 Dec 2023 17:16:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 296112
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4BEEF4B4031245EF8A97A14A4984AD9E Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:07Z
date: Wed, 27 Dec 2023 17:16:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 405726
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2EC9AF9430E94800B3C0EC23C7F9A88C Ref B: LON04EDGE0608 Ref C: 2023-12-27T17:16:08Z
date: Wed, 27 Dec 2023 17:16:07 GMT
DNS

21.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.179.17.96.in-addr.arpa

IN PTR

Response

21.179.17.96.in-addr.arpa

IN PTR

a96-17-179-21deploystaticakamaitechnologiescom
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

9.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.179.17.96.in-addr.arpa

IN PTR

Response

9.179.17.96.in-addr.arpa

IN PTR

a96-17-179-9deploystaticakamaitechnologiescom

47.246.137.81:443

stylessl.alibaba.com

tls, http2

IEXPLORE.EXE

1.3kB
14.7kB
20
18
47.246.137.81:443

https://stylessl.alibaba.com/js/beacon_en.js

tls, http2

IEXPLORE.EXE

2.2kB
33.5kB
35
33

HTTP Request

GET https://stylessl.alibaba.com/js/beacon_en.js

HTTP Response

200
47.246.136.140:443

https://stylessl.aliunicorn.com/simg/sprites/env/home/signin/facebook.gif?t=63d80463_0

tls, http2

IEXPLORE.EXE

4.5kB
60.0kB
67
56

HTTP Request

GET https://stylessl.aliunicorn.com/simg/single/icon/ask.gif

HTTP Request

GET https://stylessl.aliunicorn.com/6v/apollo/core/core-sc%7C6v/apollo/mod/button/button-sc%7C6v/apollo/mod/form/form-sc%7C6v/apollo/mod/footer/footer-sc%7C6v/run/login/home/home-buyer%7CMODERN_BROWSER%7Cv_0_b030576d0.css

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://stylessl.aliunicorn.com/simg/sprites/app/header.png?t=ba01a9cf_0

HTTP Request

GET https://stylessl.aliunicorn.com/simg/sprites/env/home/signin/ic-feedback-error.png?t=5a624905_0

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://stylessl.aliunicorn.com/simg/sprites/env/home/signin/facebook.gif?t=63d80463_0

HTTP Response

200
47.246.136.140:443

stylessl.aliunicorn.com

tls, http2

IEXPLORE.EXE

1.5kB
14.2kB
20
17
104.166.182.98:443

img.alicdn.com

tls, http2

IEXPLORE.EXE

1.2kB
7.4kB
17
15
104.166.182.98:443

https://img.alicdn.com/tps/TB1dsEEKFXXXXX7XVXXXXXXXXXX-740-420.jpg

tls, http2

IEXPLORE.EXE

2.7kB
43.1kB
43
39

HTTP Request

GET https://img.alicdn.com/tps/TB1dsEEKFXXXXX7XVXXXXXXXXXX-740-420.jpg

HTTP Response

200
104.166.182.98:445

img.alicdn.com

260 B
5
79.133.176.252:445

img.alicdn.com

260 B
5
47.246.46.252:445

img.alicdn.com

260 B
5
47.246.48.252:445

img.alicdn.com

260 B
5
47.246.2.253:445

img.alicdn.com

260 B
5
163.181.1.251:445

img.alicdn.com

260 B
5
47.246.44.251:445

img.alicdn.com

260 B
5
47.246.15.248:445

img.alicdn.com

260 B
5
47.246.136.160:445

gj.mmstat.com

260 B
5
163.181.0.251:445

img.alicdn.com

260 B
5
47.246.50.171:445

img.alicdn.com

260 B
5
163.181.92.148:445

img.alicdn.com

260 B
5
163.181.49.106:445

img.alicdn.com

260 B
5
47.246.49.249:445

img.alicdn.com

260 B
5
163.181.50.107:445

img.alicdn.com

260 B
5
47.246.3.54:445

img.alicdn.com

260 B
5
47.246.45.114:445

img.alicdn.com

260 B
5
104.82.235.52:445

i.alicdn.com

260 B
5
104.82.235.79:443

s.alicdn.com

tls, http2

IEXPLORE.EXE

1.3kB
6.0kB
19
16
104.82.235.79:443

https://s.alicdn.com/@img/tfs/TB1lrY2vUT1gK0jSZFrXXcNCXXa-2200-600.png

tls, http2

IEXPLORE.EXE

20.2kB
417.1kB
312
308

HTTP Request

GET https://s.alicdn.com/@img/tfs/TB1lrY2vUT1gK0jSZFrXXcNCXXa-2200-600.png

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.3kB
8.2kB
17
12
47.246.136.188:443

https://ynuf.alipay.com/service/clear.png?xt=B4f7bf6a781a606f1054344c8daf46901&xa=intl-login

tls, http2

IEXPLORE.EXE

1.3kB
5.8kB
14
11

HTTP Request

GET https://ynuf.alipay.com/service/clear.png?xt=B4f7bf6a781a606f1054344c8daf46901&xa=intl-login

HTTP Response

200
47.246.136.188:443

ynuf.alipay.com

tls, http2

IEXPLORE.EXE

1.2kB
5.3kB
13
10
163.181.56.212:80

http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAfIGC8YGxt%2Frz%2Fr4j%2B3c8U%3D

http

IEXPLORE.EXE

856 B
4.1kB
8
6

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAh%2BGPuPqpJ%2B6HYKDYmC9RI%3D

HTTP Response

200

HTTP Request

GET http://ocsp.dcocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHv1Dj%2BciPJEWH5JNtwL5Y07mRqwQUxBF%2BiECGwkG%2FZfMa4bRTQKOr7H0CEAfIGC8YGxt%2Frz%2Fr4j%2B3c8U%3D

HTTP Response

200
104.82.235.52:445

u.alicdn.com

260 B
5
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4

tls, http2

94.9kB
2.4MB
1767
1765

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301027_1P8EBE4G3UJALA1HE&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300950_1CI16BMH94QQ9WZ43&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301460_1LJMCN8XKMH4PYVSW&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301222_1FJU5PIOORZE0KYBN&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301383_1L76EFRJ4S38LB1VW&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301631_1JS0AMCX251CLJ5OX&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.3kB
17
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14

8.8.8.8:53

stylessl.aliunicorn.com

dns

IEXPLORE.EXE

69 B
220 B
1
1

DNS Request

stylessl.aliunicorn.com

DNS Response

47.246.136.140
8.8.8.8:53

stylessl.alibaba.com

dns

IEXPLORE.EXE

66 B
225 B
1
1

DNS Request

stylessl.alibaba.com

DNS Response

47.246.137.81
8.8.8.8:53

img.alicdn.com

dns

IEXPLORE.EXE

120 B
353 B
2
1

DNS Request

img.alicdn.com

DNS Request

img.alicdn.com

DNS Response

104.166.182.98

79.133.176.252

47.246.46.252

47.246.48.252

47.246.2.253

163.181.1.251

47.246.44.251

47.246.15.248

163.181.0.251

47.246.50.171

163.181.92.148

47.246.45.114

163.181.49.106

47.246.49.249

163.181.50.107

47.246.3.54
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

81.137.246.47.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

81.137.246.47.in-addr.arpa
8.8.8.8:53

140.136.246.47.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

140.136.246.47.in-addr.arpa
8.8.8.8:53

146.177.190.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

146.177.190.20.in-addr.arpa
8.8.8.8:53

12.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

12.179.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

98.182.166.104.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

98.182.166.104.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

226.20.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.20.18.104.in-addr.arpa
8.8.8.8:53

gj.mmstat.com

dns

59 B
96 B
1
1

DNS Request

gj.mmstat.com

DNS Response

47.246.136.160
8.8.8.8:53

gj.mmstat.com

dns

59 B
96 B
1
1

DNS Request

gj.mmstat.com

DNS Response

47.246.136.160
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

360 B
158 B
5
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

284 B
135 B
4
1

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

157.123.68.40.in-addr.arpa

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

292 B
144 B
4
1

DNS Request

161.19.199.152.in-addr.arpa

DNS Request

161.19.199.152.in-addr.arpa

DNS Request

161.19.199.152.in-addr.arpa

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

171.39.242.20.in-addr.arpa

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

img.alicdn.com

dns

IEXPLORE.EXE

120 B
353 B
2
1

DNS Request

img.alicdn.com

DNS Request

img.alicdn.com

DNS Response

104.166.182.98

79.133.176.252

47.246.46.252

47.246.48.252

47.246.2.253

163.181.1.251

47.246.44.251

47.246.15.248

163.181.0.251

47.246.50.171

163.181.92.148

47.246.45.114

163.181.49.106

47.246.49.249

163.181.50.107

47.246.3.54
8.8.8.8:53

i.alicdn.com

dns

116 B
540 B
2
2

DNS Request

i.alicdn.com

DNS Request

i.alicdn.com

DNS Response

104.82.235.52

DNS Response

104.82.235.52
8.8.8.8:53

s.alicdn.com

dns

IEXPLORE.EXE

116 B
382 B
2
2

DNS Request

s.alicdn.com

DNS Request

s.alicdn.com

DNS Response

104.82.235.79

DNS Response

104.82.235.79
8.8.8.8:53

100.5.17.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

100.5.17.2.in-addr.arpa
8.8.8.8:53

i.alicdn.com

dns

116 B
270 B
2
1

DNS Request

i.alicdn.com

DNS Request

i.alicdn.com

DNS Response

104.82.235.52
8.8.8.8:53

79.235.82.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

79.235.82.104.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

8.179.17.96.in-addr.arpa

dns

140 B
133 B
2
1

DNS Request

8.179.17.96.in-addr.arpa

DNS Request

8.179.17.96.in-addr.arpa
8.8.8.8:53

209.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

209.135.221.88.in-addr.arpa
8.8.8.8:53

39.179.17.96.in-addr.arpa

dns

142 B
135 B
2
1

DNS Request

39.179.17.96.in-addr.arpa

DNS Request

39.179.17.96.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

ynuf.alipay.com

dns

IEXPLORE.EXE

122 B
466 B
2
2

DNS Request

ynuf.alipay.com

DNS Request

ynuf.alipay.com

DNS Response

47.246.136.188

DNS Response

47.246.136.190
8.8.8.8:53

ocsp.dcocsp.cn

dns

IEXPLORE.EXE

120 B
462 B
2
2

DNS Request

ocsp.dcocsp.cn

DNS Request

ocsp.dcocsp.cn

DNS Response

163.181.56.212

163.181.56.213

163.181.56.209

163.181.56.215

163.181.56.211

163.181.56.210

163.181.56.216

163.181.56.214

DNS Response

163.181.56.209

163.181.56.210

163.181.56.211

163.181.56.212

163.181.56.213

163.181.56.214

163.181.56.215

163.181.56.216
8.8.8.8:53

188.136.246.47.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

188.136.246.47.in-addr.arpa
8.8.8.8:53

212.56.181.163.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

212.56.181.163.in-addr.arpa
8.8.8.8:53

u.alicdn.com

dns

116 B
306 B
2
2

DNS Request

u.alicdn.com

DNS Request

u.alicdn.com

DNS Response

104.82.235.52

DNS Response

104.82.235.52
8.8.8.8:53

u.alicdn.com

dns

116 B
306 B
2
2

DNS Request

u.alicdn.com

DNS Request

u.alicdn.com

DNS Response

104.82.235.52

DNS Response

104.82.235.52
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

18.134.221.88.in-addr.arpa

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

21.179.17.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

21.179.17.96.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

9.179.17.96.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

9.179.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
e8dc8277914241e3ca6e1ae951dff064

SHA1
b37790b78dd0e2163186e9e4465688b1f38f0b6e

SHA256
6d779af1307e63eb593cf176e8e4d1dbe8a0b1b892b48b4d624c5262b3a4ff3c

SHA512
719e87c365d474629d33679b588358022f304f29e5b062bfa4641238b3dd47b188ee15a574601e99eaf8ad37ae844db4f160b8be6009c732b51db9cdb6d450b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
d037592abafae31dc3b6a706a5883e1a

SHA1
e06b6fa18c60ae0658a74fe4db8ba11925f76bae

SHA256
6f9e52553488df2ec4264878195d39445f77f236d30e9ac36ce7975ae9617b6a

SHA512
e34633ac75dabea341cbb5aa9b8f2d70af73c2433477064b06520990a2b93da7e5c7b75743505760bdcd2270c5a52f5d999433bd350821b0564753a46b3682c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC42B.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request