f05efbaa926b896dcb036da4c5627a19319314ab3e777360f3b84f5d15696ad5

Analysis

max time kernel
146s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1748c33944ad2b88acb124526ac83ccd.html
Size

3.5MB
MD5

1748c33944ad2b88acb124526ac83ccd
SHA1

e1816c8180730259d98b53305aab684211cd35ce
SHA256

f05efbaa926b896dcb036da4c5627a19319314ab3e777360f3b84f5d15696ad5
SHA512

030a502f6ce7cb80b77030f3a71037dfb4ba6f3abad3886a61772331af2f5536c42d111abb342544e14de34126d844965afa4bd78c65f58e3562d8887d0d60e5
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAt:jvQjte4tT62t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3355C987-A512-11EE-9963-E6683C810C58} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a400000000020000000000106600000001000020000000dcd6d5632a25755c0b0a5cee4ebf82b74176242860e4885303a0f67fcde8feea000000000e80000000020000200000006e07dc2643816744d37b75e17ad9ca364958002e0ece5ee9e8278e3f481df46e20000000ea11aee987d10452c3345e8bb46efeb5e41a8863d7c36fbabac7524a4466e69d400000000f310708257c61e884055fc5827a1bb832ffa59f0f9d37f49c5cfba0a8572cb1cd2432ed5b895072c6b0f477c9548a74deb2f0497b200b8e65acb2b998d46d4a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410485783"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078687"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "129777875"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078687"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078687"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3066820d1f39da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "129777875"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "134465399"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000025ba558cff15364f83b59eef6d4e53a4000000000200000000001066000000010000200000001d55415fb19427fe8663d888b3e6d15d1c85b088b966f435b8a1967a54b25403000000000e8000000002000020000000af4c335e52ce0f7a21f7606b6add0606587d64c35f937567eb0863cd66f365a52000000044832370ece681545f284e0bd8f913c2d8f904682cd2f8ca32f602e341bf2cc3400000008a0fb76048d3795ed01f82e42b6a42afe401aecc20a1e8029321c31f83857ebc04f7b0931eadebe27cae1bce0fbccfb177443c11dc166e5fcaadfbd5bf401dd4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20b0840d1f39da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4996	iexplore.exe
4996	iexplore.exe
64	IEXPLORE.EXE
64	IEXPLORE.EXE
64	IEXPLORE.EXE
64	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 64	4996	iexplore.exe	87
PID 4996 wrote to memory of 64	4996	iexplore.exe	87
PID 4996 wrote to memory of 64	4996	iexplore.exe	87

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1748c33944ad2b88acb124526ac83ccd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4996 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:64

Network

DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR
DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.57.101

static.cloudflareinsights.com

IN A

104.16.56.101
GET

https://static.cloudflareinsights.com/beacon.min.js

IEXPLORE.EXE

Remote address:

104.16.57.101:443

Request

GET /beacon.min.js HTTP/2.0
host: static.cloudflareinsights.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:46:59 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 83c572325f6c76b3-LHR
content-encoding: gzip
DNS

ajax.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
GET

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

IEXPLORE.EXE

Remote address:

142.250.200.42:443

Request

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 26 Dec 2023 08:03:44 GMT
expires: Wed, 25 Dec 2024 08:03:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 142989
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR
DNS

2.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.181.190.20.in-addr.arpa

IN PTR

Response
DNS

2.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.181.190.20.in-addr.arpa

IN PTR
DNS

2.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.181.190.20.in-addr.arpa

IN PTR
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.194.137
GET

https://code.jquery.com/jquery-3.1.1.min.js

IEXPLORE.EXE

Remote address:

151.101.2.137:443

Request

GET /jquery-3.1.1.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 27 Dec 2023 23:46:55 GMT
age: 8920213
x-served-by: cache-lga21947-LGA, cache-lhr7374-LHR
x-cache: HIT, HIT
x-cache-hits: 125, 62459
x-timer: S1703720815.127720,VS0,VE0
vary: Accept-Encoding
content-length: 30070
GET

https://code.jquery.com/jquery-3.2.1.slim.min.js

IEXPLORE.EXE

Remote address:

151.101.2.137:443

Request

GET /jquery-3.2.1.slim.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 27 Dec 2023 23:46:58 GMT
age: 8817018
x-served-by: cache-lga21963-LGA, cache-lhr7374-LHR
x-cache: HIT, HIT
x-cache-hits: 7, 64362
x-timer: S1703720819.943783,VS0,VE0
vary: Accept-Encoding
content-length: 23856
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

101.57.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.57.16.104.in-addr.arpa

IN PTR

Response
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

maxcdn.bootstrapcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.11.207

maxcdn.bootstrapcdn.com

IN A

104.18.10.207
DNS

maxcdn.bootstrapcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

IEXPLORE.EXE

Remote address:

104.18.11.207:443

Request

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:46:57 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 18:48:44
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 752
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 6f2d14e9436097e66447b103aa0360de
cdn-cache: HIT
cf-cache-status: HIT
age: 3788185
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83c57227ac4663db-LHR
alt-svc: h3=":443"; ma=86400
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

IEXPLORE.EXE

Remote address:

104.18.11.207:443

Request

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:46:59 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 19:43:16
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 58c4d2a17abe72bd8d781d31d184e375
cdn-cache: HIT
cf-cache-status: HIT
age: 818342
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83c57231ff8763db-LHR
alt-svc: h3=":443"; ma=86400
DNS

kit.fontawesome.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

kit.fontawesome.com

IN A

Response

kit.fontawesome.com

IN CNAME

kit.fontawesome.com.cdn.cloudflare.net

kit.fontawesome.com.cdn.cloudflare.net

IN A

172.64.147.188

kit.fontawesome.com.cdn.cloudflare.net

IN A

104.18.40.68
GET

https://kit.fontawesome.com/585b051251.js

IEXPLORE.EXE

Remote address:

172.64.147.188:443

Request

GET /585b051251.js HTTP/2.0
host: kit.fontawesome.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:46:58 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F6LD6IY6YckvyRkMcZuB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 83c5722cfa0d23f4-LHR
content-encoding: gzip
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR

Response
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR
DNS

ka-f.fontawesome.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ka-f.fontawesome.com

IN A

Response

ka-f.fontawesome.com

IN CNAME

ka-f.fontawesome.com.cdn.cloudflare.net

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.129.7

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.128.7
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

IEXPLORE.EXE

Remote address:

172.64.129.7:443

Request

GET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:47:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a6cdb6375fdb95e7faa936290e4601ac.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: YT9FQYj7vZ_KakKiizIuFx-3XfX-PypHpikCoZsYhuQXnmHLLouDZA==
age: 913391
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHyk%2BtdQZXTDnF1DcturvZZIqJSmn%2FJoKPX1RWRYZBXLbIUQ%2BkCPmhtQpJlpFCcDTATk%2Fpd%2BKQ6N4yuS5c0nF9D%2F1rGNhhsJES2EYlI3s4YZhOgLLrH3bYixDNu8IufbNO%2FuMIUbEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83c57235a9552407-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

IEXPLORE.EXE

Remote address:

172.64.129.7:443

Request

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:47:00 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c86145c1f4d8c302ebef9fae6aaf1f24.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: QIcC87JYgbMb_VuTYEQIEwBw-Kf23MyFAQE277-g0NmOsTOMgPw2sw==
age: 737861
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EIzm8L9d%2B8QPfsxPJMLmg%2FDkAguyFmbzqS6pzZqHoSAf1Sb57x47sEiAai%2FxBNtGAeWCYn2JUbxHRXTgdcCIWYCwgSbPD1mqgVAp8Gy2oBkiZYysrp1dMuhjcYio1kazv03QjGd5Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83c57235a9572407-LHR
alt-svc: h3=":443"; ma=86400
DNS

cdnjs.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

IEXPLORE.EXE

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
host: cdnjs.cloudflare.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 27 Dec 2023 23:46:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 6908
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: gzip
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1142210
expires: Mon, 16 Dec 2024 23:46:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2j9FMkzqt3uNtPUak5hXQzKKQPv1o00x7BM5JFx3XcMUgzzR8G4ft2%2F0KRCBFs0brruUpvogURhez1Q1adwGcaFrkgT47%2BqLAXb7KmIiL860U%2FJ8d4G8ArepgsqN0oezag%2BAvgiH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83c57230c9ff60f6-LHR
alt-svc: h3=":443"; ma=86400
DNS

188.147.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.147.64.172.in-addr.arpa

IN PTR

Response
DNS

188.147.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.147.64.172.in-addr.arpa

IN PTR
DNS

188.147.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.147.64.172.in-addr.arpa

IN PTR
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR
DNS

7.129.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.129.64.172.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 327646
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2E3EAC22A10841DD90624999272E9629 Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:38Z
date: Wed, 27 Dec 2023 23:48:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 323910
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B80418D4CDC74C62826D906BA5F6A342 Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:38Z
date: Wed, 27 Dec 2023 23:48:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301228_1ZEB78VKDYZSTECLD&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301228_1ZEB78VKDYZSTECLD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 355353
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 76DD5C830D2641BE8E75AFAD1A1985FC Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:38Z
date: Wed, 27 Dec 2023 23:48:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 391930
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D1D9CD82C20547718718C29553DB7775 Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:38Z
date: Wed, 27 Dec 2023 23:48:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 329955
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5408BDBE7EBE461B801D3FB33180B4A1 Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:38Z
date: Wed, 27 Dec 2023 23:48:37 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301637_1U8S4PA5ZCO5KZ9RL&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301637_1U8S4PA5ZCO5KZ9RL&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 334178
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 20D88208AE2C41D7AD5C124CBD404312 Ref B: LON04EDGE0809 Ref C: 2023-12-27T23:48:39Z
date: Wed, 27 Dec 2023 23:48:38 GMT
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response

104.16.57.101:443

static.cloudflareinsights.com

tls, http2

IEXPLORE.EXE

1.4kB
3.8kB
17
10
104.16.57.101:443

https://static.cloudflareinsights.com/beacon.min.js

tls, http2

IEXPLORE.EXE

2.7kB
11.5kB
29
20

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js

HTTP Response

200
142.250.200.42:443

ajax.googleapis.com

tls, http2

IEXPLORE.EXE

1.6kB
5.5kB
17
11
142.250.200.42:443

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

tls, http2

IEXPLORE.EXE

3.0kB
37.9kB
44
37

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

HTTP Response

200
151.101.2.137:443

code.jquery.com

tls, http2

IEXPLORE.EXE

1.2kB
6.4kB
17
15
151.101.2.137:443

https://code.jquery.com/jquery-3.2.1.slim.min.js

tls, http2

IEXPLORE.EXE

3.7kB
68.0kB
64
62

HTTP Request

GET https://code.jquery.com/jquery-3.1.1.min.js

HTTP Response

200

HTTP Request

GET https://code.jquery.com/jquery-3.2.1.slim.min.js

HTTP Response

200
104.18.11.207:443

maxcdn.bootstrapcdn.com

tls, http2

IEXPLORE.EXE

1.2kB
6.0kB
17
12
104.18.11.207:443

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

tls, http2

IEXPLORE.EXE

3.6kB
51.2kB
62
56

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

HTTP Response

200

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

HTTP Response

200
172.64.147.188:443

kit.fontawesome.com

tls, http2

IEXPLORE.EXE

1.2kB
4.7kB
14
9
172.64.147.188:443

https://kit.fontawesome.com/585b051251.js

tls, http2

IEXPLORE.EXE

1.9kB
9.8kB
21
15

HTTP Request

GET https://kit.fontawesome.com/585b051251.js

HTTP Response

200
172.64.129.7:443

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

tls, http2

IEXPLORE.EXE

2.2kB
25.3kB
33
26

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

HTTP Response

200

HTTP Response

200
172.64.129.7:443

ka-f.fontawesome.com

tls, http2

IEXPLORE.EXE

1.1kB
5.9kB
15
10
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

tls, http2

IEXPLORE.EXE

1.8kB
11.8kB
25
19

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

HTTP Response

200
104.17.25.14:443

cdnjs.cloudflare.com

tls, http2

IEXPLORE.EXE

1.2kB
3.7kB
16
11
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.7kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301637_1U8S4PA5ZCO5KZ9RL&pid=21.2&w=1080&h=1920&c=4

tls, http2

77.2kB
2.2MB
1593
1588

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300925_1WNJI31X17K21EZ5K&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301304_1KWQNFDZMYS43H6WK&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301228_1ZEB78VKDYZSTECLD&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301358_1ZPBGXJ99CUBJXGTN&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301713_1BAGKMP8PJ38B402W&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301637_1U8S4PA5ZCO5KZ9RL&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
16
14

8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

158.240.127.40.in-addr.arpa

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

static.cloudflareinsights.com

dns

IEXPLORE.EXE

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.57.101

104.16.56.101
8.8.8.8:53

ajax.googleapis.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

2.181.190.20.in-addr.arpa

dns

213 B
157 B
3
1

DNS Request

2.181.190.20.in-addr.arpa

DNS Request

2.181.190.20.in-addr.arpa

DNS Request

2.181.190.20.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

219 B
112 B
3
1

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

code.jquery.com

dns

IEXPLORE.EXE

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.2.137

151.101.66.137

151.101.130.137

151.101.194.137
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

137.2.101.151.in-addr.arpa

dns

144 B
132 B
2
1

DNS Request

137.2.101.151.in-addr.arpa

DNS Request

137.2.101.151.in-addr.arpa
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

101.57.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

101.57.16.104.in-addr.arpa
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

IEXPLORE.EXE

138 B
101 B
2
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.11.207

104.18.10.207
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

kit.fontawesome.com

dns

IEXPLORE.EXE

65 B
149 B
1
1

DNS Request

kit.fontawesome.com

DNS Response

172.64.147.188

104.18.40.68
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

207.11.18.104.in-addr.arpa

dns

288 B
134 B
4
1

DNS Request

207.11.18.104.in-addr.arpa

DNS Request

207.11.18.104.in-addr.arpa

DNS Request

207.11.18.104.in-addr.arpa

DNS Request

207.11.18.104.in-addr.arpa
8.8.8.8:53

ka-f.fontawesome.com

dns

IEXPLORE.EXE

66 B
151 B
1
1

DNS Request

ka-f.fontawesome.com

DNS Response

172.64.129.7

172.64.128.7
8.8.8.8:53

cdnjs.cloudflare.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

188.147.64.172.in-addr.arpa

dns

219 B
135 B
3
1

DNS Request

188.147.64.172.in-addr.arpa

DNS Request

188.147.64.172.in-addr.arpa

DNS Request

188.147.64.172.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

142 B
133 B
2
1

DNS Request

14.25.17.104.in-addr.arpa

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

7.129.64.172.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

7.129.64.172.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

208.194.73.20.in-addr.arpa

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

194.178.17.96.in-addr.arpa

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

146 B
212 B
2
2

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

284 B
157 B
4
1

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

43.229.111.52.in-addr.arpa

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

55.36.223.20.in-addr.arpa

DNS Request

55.36.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0A013ETK\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QPBAQNGM\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request