6647386b944e3f3b0ca4846e25ecff49d6a02d500e41f8ae0707f7a7e8b84a0d

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d388de199117719940037a02c26c878.html
Size

3.5MB
MD5

3d388de199117719940037a02c26c878
SHA1

d6ee159e589001002f8debc1797ad02f36fd2cc0
SHA256

6647386b944e3f3b0ca4846e25ecff49d6a02d500e41f8ae0707f7a7e8b84a0d
SHA512

8de4ac7a1f3faa2267206d7fc1a8e9702244f2a5d19d951eee9c2754daa9016404a196bdf17a688fe3e75777dc93a39dcafbaf54975a06c1c3a7e72ef203cace
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfu:ovpjte4tT6Nu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000c36322b54e403db5329b9ee70194700bc46d4771c707a6e1a05096fd7818968a000000000e8000000002000020000000ce481daab62631e3793e4160b0e164c8cf6809e1ea0b63e5492b7f514bfde89f2000000045e2e265628a113e1f7a76bf08860dd37b277e27010a6f3c2e01e88d9037153840000000e2830481eb1ef452f41a63b4d8c8d88b566bb934f92ff1b98d03649232480224fd4d311f16b2430b60a1779c3976a2d83cecfe701da159e3630270eaa5c1d61a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1AA5FD3A-A42F-11EE-A0B6-D6F9353EB06D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4013356623"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078459"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00f798fc3b38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31078459"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4089763324"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015a2f750fe9ee1479ecf0c8cfb11934c00000000020000000000106600000001000020000000131c0db503f1fb7ea630cefdef3af006fa2341d34805dd8c447eddb5cb8b2b8d000000000e8000000002000020000000b04ef868904f55bd58ffb3c5803f5c40d9cf61f9851dd9091ef48d72b0e90b98200000008205fbeb8b201c7f15f97d6874f446eb3d545a6ad3d85b5cca55eacff3e126d540000000d0aaed079ffb41555de794d30c2c4f0ab8b0ffb8e0db41d5772401fb0bad59f9b43c0c1d36084cec7a29844708809d7a736b52cd511da1753972cac2005a7825	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410388252"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4013356623"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4089763324"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10cb91fc3b38da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31078459"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1200	iexplore.exe
1200	iexplore.exe
4328	IEXPLORE.EXE
4328	IEXPLORE.EXE
4328	IEXPLORE.EXE
4328	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 4328	1200	iexplore.exe	89
PID 1200 wrote to memory of 4328	1200	iexplore.exe	89
PID 1200 wrote to memory of 4328	1200	iexplore.exe	89

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3d388de199117719940037a02c26c878.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4328

Network

DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.57.101

static.cloudflareinsights.com

IN A

104.16.56.101
DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A
DNS

20.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.177.190.20.in-addr.arpa

IN PTR

Response
DNS

20.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.177.190.20.in-addr.arpa

IN PTR
DNS

ajax.googleapis.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

216.58.204.74
GET

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

IEXPLORE.EXE

Remote address:

216.58.204.74:443

Request

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 26 Dec 2023 08:03:44 GMT
expires: Wed, 25 Dec 2024 08:03:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 45452
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=24C6A2301BD867D62D81B1C31A3866F2; domain=.bing.com; expires=Sun, 19-Jan-2025 20:41:15 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9DE9E7C13CF444F091BFE3E5C7B9B9E8 Ref B: LON04EDGE1009 Ref C: 2023-12-26T20:41:15Z
date: Tue, 26 Dec 2023 20:41:15 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=24C6A2301BD867D62D81B1C31A3866F2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=ciUbq4Xu77GeQVtJH-DHWSZubvyyxpYHtmbI-_JO80g; domain=.bing.com; expires=Sun, 19-Jan-2025 20:41:15 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5CFB302C505142A08CDC079C206A2EF2 Ref B: LON04EDGE1009 Ref C: 2023-12-26T20:41:15Z
date: Tue, 26 Dec 2023 20:41:15 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=24C6A2301BD867D62D81B1C31A3866F2; MSPTC=ciUbq4Xu77GeQVtJH-DHWSZubvyyxpYHtmbI-_JO80g

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 99612C76EEAB4DBB955C53C66FF9AB7E Ref B: LON04EDGE1009 Ref C: 2023-12-26T20:41:15Z
date: Tue, 26 Dec 2023 20:41:15 GMT
GET

https://static.cloudflareinsights.com/beacon.min.js

IEXPLORE.EXE

Remote address:

104.16.57.101:443

Request

GET /beacon.min.js HTTP/2.0
host: static.cloudflareinsights.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:16 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 83bc24c76def6373-LHR
content-encoding: gzip
DNS

78.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.117.19.2.in-addr.arpa

IN PTR

Response

78.117.19.2.in-addr.arpa

IN PTR

a2-19-117-78deploystaticakamaitechnologiescom
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.130.137

code.jquery.com

IN A

151.101.194.137
DNS

code.jquery.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A
DNS

101.57.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.57.16.104.in-addr.arpa

IN PTR

Response
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
GET

https://code.jquery.com/jquery-3.1.1.min.js

IEXPLORE.EXE

Remote address:

151.101.2.137:443

Request

GET /jquery-3.1.1.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 26 Dec 2023 20:41:19 GMT
age: 8822677
x-served-by: cache-lga21947-LGA, cache-lon420146-LON
x-cache: HIT, HIT
x-cache-hits: 128, 19678
x-timer: S1703623279.379562,VS0,VE0
vary: Accept-Encoding
content-length: 30070
GET

https://code.jquery.com/jquery-3.2.1.slim.min.js

IEXPLORE.EXE

Remote address:

151.101.2.137:443

Request

GET /jquery-3.2.1.slim.min.js HTTP/2.0
host: code.jquery.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 26 Dec 2023 20:41:26 GMT
age: 8719486
x-served-by: cache-lga21963-LGA, cache-lon420146-LON
x-cache: HIT, HIT
x-cache-hits: 5, 27529
x-timer: S1703623287.885954,VS0,VE0
vary: Accept-Encoding
content-length: 23856
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

maxcdn.bootstrapcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.10.207

maxcdn.bootstrapcdn.com

IN A

104.18.11.207
DNS

maxcdn.bootstrapcdn.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

IEXPLORE.EXE

Remote address:

104.18.10.207:443

Request

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: text/css, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:23 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/23/2023 10:15:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 946
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d9b7ababe2fcb946f25bd60ef88cb64d
cdn-cache: HIT
cf-cache-status: HIT
age: 2217946
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83bc24f2abee718d-LHR
alt-svc: h3=":443"; ma=86400
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

IEXPLORE.EXE

Remote address:

104.18.10.207:443

Request

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:36 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: gzip
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 10/31/2023 19:43:16
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 951
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 58c4d2a17abe72bd8d781d31d184e375
cdn-cache: HIT
cf-cache-status: HIT
age: 696602
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 83bc2542f844718d-LHR
alt-svc: h3=":443"; ma=86400
DNS

207.10.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.10.18.104.in-addr.arpa

IN PTR

Response
DNS

kit.fontawesome.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

kit.fontawesome.com

IN A

Response

kit.fontawesome.com

IN CNAME

kit.fontawesome.com.cdn.cloudflare.net

kit.fontawesome.com.cdn.cloudflare.net

IN A

104.18.40.68

kit.fontawesome.com.cdn.cloudflare.net

IN A

172.64.147.188
GET

https://kit.fontawesome.com/585b051251.js

IEXPLORE.EXE

Remote address:

104.18.40.68:443

Request

GET /585b051251.js HTTP/2.0
host: kit.fontawesome.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:26 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F6JGCc5fI4gms7Ak5eDj
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 83bc25058ec94133-LHR
content-encoding: gzip
DNS

167.109.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.109.18.2.in-addr.arpa

IN PTR

Response

167.109.18.2.in-addr.arpa

IN PTR

a2-18-109-167deploystaticakamaitechnologiescom
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

ka-f.fontawesome.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

ka-f.fontawesome.com

IN A

Response

ka-f.fontawesome.com

IN CNAME

ka-f.fontawesome.com.cdn.cloudflare.net

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.129.7

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.128.7
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

IEXPLORE.EXE

Remote address:

172.64.129.7:443

Request

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:27 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cdd8daeefcf66738f6e908663e79c33e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: SdXvnaSWwMp_0mQuLuqbSwY9dx-jnzgmuNDzrlpAuo3xX5adPKuUAQ==
age: 3415713
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sq1lz1aDgtlMn7t0QrN9lDrXgwNBKvIK3Zdr%2FPQouMf9RJe03a%2FYT8iKoKqaRRN8PRPA59v5gwAQb2iiMHVM7N6NBU%2FCa0bSs2yoR5bKi2KQPrwNxYc%2BOOWouCJ6Mi5DMX82DR4pUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83bc25096a7363ef-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

IEXPLORE.EXE

Remote address:

172.64.129.7:443

Request

GET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
accept: */*
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:27 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 b74ec591a994ce96ac6e89b5e760c4bc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: TYSmI2kiJYfQ84gdtq8ycMAjSASBK9LE_LDQawtGQhJvXEtQBq_-3A==
age: 696663
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4hajpfgCw08m0P7TizzeIYXNe0nixAf25329YYnz1FUDZCccffXT2Epm0Qol3oAfqb44QDC%2BS3qKOliBy5Y2ivR2SDRDdNui1BYZPM8UWH0ZLrJqz3KW0vse5CrD1bfATRSz%2FjINA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83bc25096a7263ef-LHR
alt-svc: h3=":443"; ma=86400
DNS

cdnjs.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

IEXPLORE.EXE

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
host: cdnjs.cloudflare.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: file:
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Tue, 26 Dec 2023 20:41:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 6908
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: gzip
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2392037
expires: Sun, 15 Dec 2024 20:41:27 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkGZ3h8qVQqY7XUYtt094snWb7JAyw6fKBgBpC89GdkgGctI0zn%2FQvlPyXBpQYBZzajQ2utgFsFRl%2B02eKn5H%2B%2BsR1ExD3RNlJLtgDGOMx8g8uczIX6K2VhjgOV%2FSh6Zsp%2FFTVlo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 83bc250aeddf77a0-LHR
alt-svc: h3=":443"; ma=86400
DNS

68.40.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.40.18.104.in-addr.arpa

IN PTR

Response
DNS

7.129.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.129.64.172.in-addr.arpa

IN PTR

Response
DNS

7.129.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.129.64.172.in-addr.arpa

IN PTR
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR
DNS

112.27.33.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.27.33.23.in-addr.arpa

IN PTR

Response

112.27.33.23.in-addr.arpa

IN PTR

a23-33-27-112deploystaticakamaitechnologiescom
DNS

112.27.33.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.27.33.23.in-addr.arpa

IN PTR

Response

112.27.33.23.in-addr.arpa

IN PTR

a23-33-27-112deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

216.58.204.74:443

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

tls, http2

IEXPLORE.EXE

2.5kB
37.8kB
42
35

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

HTTP Response

200
216.58.204.74:443

ajax.googleapis.com

tls, http2

IEXPLORE.EXE

1.1kB
5.5kB
16
12
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

tls, http2

2.7kB
9.4kB
23
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=87af87fbdf89413199637d275377637b&localId=w:8DF2633F-10BE-C247-8B12-9A64CE5AE8FE&deviceId=6896190589629886&anid=

HTTP Response

204
104.16.57.101:443

https://static.cloudflareinsights.com/beacon.min.js

tls, http2

IEXPLORE.EXE

1.7kB
11.3kB
24
18

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js

HTTP Response

200
104.16.57.101:443

static.cloudflareinsights.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
14
9
151.101.2.137:443

https://code.jquery.com/jquery-3.2.1.slim.min.js

tls, http2

IEXPLORE.EXE

3.5kB
65.3kB
62
60

HTTP Request

GET https://code.jquery.com/jquery-3.1.1.min.js

HTTP Response

200

HTTP Request

GET https://code.jquery.com/jquery-3.2.1.slim.min.js

HTTP Response

200
151.101.2.137:443

code.jquery.com

tls, http2

IEXPLORE.EXE

1.2kB
6.5kB
18
15
104.18.10.207:443

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

tls, http2

IEXPLORE.EXE

3.7kB
51.8kB
63
56

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

HTTP Response

200

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

HTTP Response

200
104.18.10.207:443

maxcdn.bootstrapcdn.com

tls, http2

IEXPLORE.EXE

1.2kB
5.9kB
17
10
20.231.121.79:80

46 B
1
104.18.40.68:443

https://kit.fontawesome.com/585b051251.js

tls, http2

IEXPLORE.EXE

1.5kB
9.8kB
21
15

HTTP Request

GET https://kit.fontawesome.com/585b051251.js

HTTP Response

200
104.18.40.68:443

kit.fontawesome.com

tls, http2

IEXPLORE.EXE

1.1kB
4.7kB
15
10
172.64.129.7:443

ka-f.fontawesome.com

tls, http2

IEXPLORE.EXE

1.3kB
5.9kB
16
10
172.64.129.7:443

https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

tls, http2

IEXPLORE.EXE

2.6kB
25.3kB
34
26

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

HTTP Response

200

HTTP Response

200
104.17.25.14:443

cdnjs.cloudflare.com

tls, http2

IEXPLORE.EXE

1.2kB
3.7kB
16
10
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

tls, http2

IEXPLORE.EXE

2.1kB
12.1kB
30
23

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

HTTP Response

200
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

2.3kB
9.7kB
21
15

8.8.8.8:53

static.cloudflareinsights.com

dns

IEXPLORE.EXE

150 B
107 B
2
1

DNS Request

static.cloudflareinsights.com

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.57.101

104.16.56.101
8.8.8.8:53

20.177.190.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

20.177.190.20.in-addr.arpa

DNS Request

20.177.190.20.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

IEXPLORE.EXE

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

216.58.204.74
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

78.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

78.117.19.2.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

code.jquery.com

dns

IEXPLORE.EXE

122 B
125 B
2
1

DNS Request

code.jquery.com

DNS Request

code.jquery.com

DNS Response

151.101.2.137

151.101.66.137

151.101.130.137

151.101.194.137
8.8.8.8:53

101.57.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

101.57.16.104.in-addr.arpa
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

137.2.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

137.2.101.151.in-addr.arpa
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

IEXPLORE.EXE

138 B
101 B
2
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.10.207

104.18.11.207
8.8.8.8:53

207.10.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

207.10.18.104.in-addr.arpa
8.8.8.8:53

kit.fontawesome.com

dns

IEXPLORE.EXE

65 B
149 B
1
1

DNS Request

kit.fontawesome.com

DNS Response

104.18.40.68

172.64.147.188
8.8.8.8:53

167.109.18.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

167.109.18.2.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

ka-f.fontawesome.com

dns

IEXPLORE.EXE

66 B
151 B
1
1

DNS Request

ka-f.fontawesome.com

DNS Response

172.64.129.7

172.64.128.7
8.8.8.8:53

cdnjs.cloudflare.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

68.40.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

68.40.18.104.in-addr.arpa
8.8.8.8:53

7.129.64.172.in-addr.arpa

dns

142 B
133 B
2
1

DNS Request

7.129.64.172.in-addr.arpa

DNS Request

7.129.64.172.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

56.126.166.20.in-addr.arpa

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

112.27.33.23.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

112.27.33.23.in-addr.arpa

DNS Request

112.27.33.23.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

142 B
116 B
2
1

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

43.229.111.52.in-addr.arpa

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NSWVVUXL\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QSO8CY24\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15