115438853feccd6858e3942f683ee054b10ed1058a5797a60b4ddce4041cc790

Analysis

max time kernel
121s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 21:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8395b03f25335a08a6d8183e8ec1001.html
Size

38KB
MD5

b8395b03f25335a08a6d8183e8ec1001
SHA1

330d72405a47b9b01f3fb44c8cf2ec1218e5336f
SHA256

115438853feccd6858e3942f683ee054b10ed1058a5797a60b4ddce4041cc790
SHA512

1b62ca56128a165ecfde57abcbb4484a0c180189224aed97a103a9e6d3f2d2d43ac92a9b0811a57869c117f131b1e2376a8c711b6c551090ee08a0d688b3e9b9
SSDEEP

384:eCRQe4n2b0P2db57JJ/LVo2VXgSyE0YfxD7arebuCxoBoyMLrHCfzrp38GYZ:dRo2u2dTd5o2DyEPxVbuCxoBICfzr0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4192	4404	msedge.exe	90
PID 4404 wrote to memory of 4192	4404	msedge.exe	90
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 2440	4404	msedge.exe	91
PID 4404 wrote to memory of 4492	4404	msedge.exe	92
PID 4404 wrote to memory of 4492	4404	msedge.exe	92
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93
PID 4404 wrote to memory of 5096	4404	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b8395b03f25335a08a6d8183e8ec1001.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffef88f46f8,0x7ffef88f4708,0x7ffef88f4718
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10480754106256033842,7163641190941325132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4328 /prefetch:2
  2⤵
  PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1340

Network

DNS

www.videopompinigratis.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.videopompinigratis.net

IN A

Response
DNS

www.videopompinigratis.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.videopompinigratis.net

IN A
DNS

www.videopompinigratis.net

msedge.exe

Remote address:

8.8.8.8:53

Request

www.videopompinigratis.net

IN A
DNS

www.easy-dating.org

msedge.exe

Remote address:

8.8.8.8:53

Request

www.easy-dating.org

IN A

Response

www.easy-dating.org

IN CNAME

promo.easy-dating.org

promo.easy-dating.org

IN CNAME

promo-vip.ezzed.com

promo-vip.ezzed.com

IN A

91.199.255.48
DNS

www.easy-dating.org

msedge.exe

Remote address:

8.8.8.8:53

Request

www.easy-dating.org

IN A
DNS

promo.easy-dating.org

msedge.exe

Remote address:

8.8.8.8:53

Request

promo.easy-dating.org

IN A

Response

promo.easy-dating.org

IN CNAME

promo-vip.ezzed.com

promo-vip.ezzed.com

IN A

91.199.255.48
DNS

promo.easy-dating.org

msedge.exe

Remote address:

8.8.8.8:53

Request

promo.easy-dating.org

IN A
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
DNS

185.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.178.17.96.in-addr.arpa

IN PTR

Response

185.178.17.96.in-addr.arpa

IN PTR

a96-17-178-185deploystaticakamaitechnologiescom
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
GET

http://www.easy-dating.org/PROMO/script_carousel.php?siteid=81159&theme=white

msedge.exe

Remote address:

91.199.255.48:80

Request

GET /PROMO/script_carousel.php?siteid=81159&theme=white HTTP/1.1
Host: www.easy-dating.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 06 Mar 2024 21:23:59 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://c.easysexe.com/rewriter.php?filename=carousel&siteid=81159&theme=white
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
GET

http://www.easy-dating.org/PROMO/script_alertwindow.php?siteid=81159&close=1

msedge.exe

Remote address:

91.199.255.48:80

Request

GET /PROMO/script_alertwindow.php?siteid=81159&close=1 HTTP/1.1
Host: www.easy-dating.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Server: nginx
Date: Wed, 06 Mar 2024 21:23:59 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Keep-Alive: timeout=30
Location: https://c.easysexe.com/rewriter.php?filename=alertwindow&siteid=81159&close=1
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer-when-downgrade
DNS

c.easysexe.com

msedge.exe

Remote address:

8.8.8.8:53

Request

c.easysexe.com

IN A

Response

c.easysexe.com

IN CNAME

promo-vip.ezzed.com

promo-vip.ezzed.com

IN A

91.199.255.48
GET

http://promo.easy-dating.org/banner/index?site_id=136410&banner_id=517&default_language=it&tr4ck=468X60-see-more-click-here_S

msedge.exe

Remote address:

91.199.255.48:80

Request

GET /banner/index?site_id=136410&banner_id=517&default_language=it&tr4ck=468X60-see-more-click-here_S HTTP/1.1
Host: promo.easy-dating.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 06 Mar 2024 21:23:59 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Ez: backend=varan-25|prod|433
Pragma: public
Cache-Control: public, max-age=3600, stale-if-error=604800, stale-while-revalidate=3600
Expires: Wed, 06 Mar 2024 22:23:53 GMT
X-Promo: V5fpm-cached
EzCache: status=HIT
GET

http://promo.easy-dating.org/banner/index?site_id=98436&banner_id=520&default_language=it&tr4ck=160X600-tchat-webcam-amateur_S

msedge.exe

Remote address:

91.199.255.48:80

Request

GET /banner/index?site_id=98436&banner_id=520&default_language=it&tr4ck=160X600-tchat-webcam-amateur_S HTTP/1.1
Host: promo.easy-dating.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 06 Mar 2024 21:24:00 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Ez: backend=varan-27|prod|433
Pragma: public
Cache-Control: public, max-age=3600, stale-if-error=604800, stale-while-revalidate=3600
Expires: Wed, 06 Mar 2024 22:23:53 GMT
X-Promo: V5fpm-cached
EzCache: status=HIT
GET

http://promo.easy-dating.org/banner/index?site_id=98436&banner_id=515&default_language=it&tr4ck=160X600-see-more-click-here_S

msedge.exe

Remote address:

91.199.255.48:80

Request

GET /banner/index?site_id=98436&banner_id=515&default_language=it&tr4ck=160X600-see-more-click-here_S HTTP/1.1
Host: promo.easy-dating.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 06 Mar 2024 21:24:00 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=30
Ez: backend=varan-26|prod|433
Pragma: public
Cache-Control: public, max-age=3600, stale-if-error=604800, stale-while-revalidate=3600
Expires: Wed, 06 Mar 2024 22:23:53 GMT
X-Promo: V5fpm-cached
EzCache: status=HIT
GET

https://c.easysexe.com/rewriter.php?filename=carousel&siteid=81159&theme=white

msedge.exe

Remote address:

91.199.255.48:443

Request

GET /rewriter.php?filename=carousel&siteid=81159&theme=white HTTP/2.0
host: c.easysexe.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Wed, 06 Mar 2024 21:24:00 GMT
content-type: text/html; charset=UTF-8
location: https://c.easysexe.com/carousel/sexy?compatibility=1&site_id=81159&theme=white
ez: backend=varan-26|prod|433
x-promo: V5fpm-rewriter
ezcache: status=MISS
GET

https://c.easysexe.com/rewriter.php?filename=alertwindow&siteid=81159&close=1

msedge.exe

Remote address:

91.199.255.48:443

Request

GET /rewriter.php?filename=alertwindow&siteid=81159&close=1 HTTP/2.0
host: c.easysexe.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: nginx
date: Wed, 06 Mar 2024 21:24:00 GMT
content-type: text/html; charset=UTF-8
location: https://c.easysexe.com/alert-window?compatibility=1&position=right&site_id=81159&close=1
ez: backend=varan-27|prod|433
x-promo: V5fpm-rewriter
ezcache: status=MISS
GET

https://c.easysexe.com/carousel/sexy?compatibility=1&site_id=81159&theme=white

msedge.exe

Remote address:

91.199.255.48:443

Request

GET /carousel/sexy?compatibility=1&site_id=81159&theme=white HTTP/2.0
host: c.easysexe.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:00 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
ez: backend=varan-26|prod|433
pragma: public
expires: Thu, 07 Mar 2024 03:24:00 GMT
x-promo-cache-loaded: false
x-promo-cache-key: promo_v2_ch2_alert_window_index_schemehttps_59d99a40569ea8698b5ce62c40b8fdb2
cache-control: public, immutable, stale-if-error=604800, stale-while-revalidate=3600, max-age=21600
x-promo: V5fpm
ezcache: status=MISS
content-encoding: gzip
GET

https://c.easysexe.com/alert-window?compatibility=1&position=right&site_id=81159&close=1

msedge.exe

Remote address:

91.199.255.48:443

Request

GET /alert-window?compatibility=1&position=right&site_id=81159&close=1 HTTP/2.0
host: c.easysexe.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
ez: backend=varan-20|prod|433
pragma: public
expires: Thu, 07 Mar 2024 03:24:01 GMT
x-promo-cache-loaded: false
x-promo-cache-key: promo_v3_ch2_carousel_sexy_schemehttps_424006b66d6d738cc8abf0aef52025a6
cache-control: public, immutable, stale-if-error=604800, stale-while-revalidate=3600, max-age=21600
x-promo: V5fpm
ezcache: status=MISS
content-encoding: gzip
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=238C3598410F6805154B21A240B46944; domain=.bing.com; expires=Mon, 31-Mar-2025 21:24:01 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EFDF5941D0194B2D894CB9E35769AB54 Ref B: LON04EDGE0806 Ref C: 2024-03-06T21:24:01Z
date: Wed, 06 Mar 2024 21:24:00 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=238C3598410F6805154B21A240B46944

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=hlP1c6kYZhoUWXZZw2umsQ5z-6mq2aUvO4KgHBVHy9k; domain=.bing.com; expires=Mon, 31-Mar-2025 21:24:02 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43701CEC59F24D429B8923FFE12D8840 Ref B: LON04EDGE0806 Ref C: 2024-03-06T21:24:02Z
date: Wed, 06 Mar 2024 21:24:01 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=238C3598410F6805154B21A240B46944; MSPTC=hlP1c6kYZhoUWXZZw2umsQ5z-6mq2aUvO4KgHBVHy9k

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 16AB966978D3493691381D6E90A183E4 Ref B: LON04EDGE0806 Ref C: 2024-03-06T21:24:02Z
date: Wed, 06 Mar 2024 21:24:01 GMT
DNS

48.255.199.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.255.199.91.in-addr.arpa

IN PTR

Response

48.255.199.91.in-addr.arpa

IN PTR

promo-vip easyrencontrecom
DNS

www.sg8.info

msedge.exe

Remote address:

8.8.8.8:53

Request

www.sg8.info

IN A

Response
DNS

embed.redtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

embed.redtube.com

IN A

Response

embed.redtube.com

IN A

66.254.114.172
DNS

s.opfourpro.net

msedge.exe

Remote address:

8.8.8.8:53

Request

s.opfourpro.net

IN A

Response

s.opfourpro.net

IN CNAME

static-vip.ezzed.com

static-vip.ezzed.com

IN A

91.199.255.49
DNS

s.op4pro.com

msedge.exe

Remote address:

8.8.8.8:53

Request

s.op4pro.com

IN A

Response

s.op4pro.com

IN CNAME

static-vip.ezzed.com

static-vip.ezzed.com

IN A

91.199.255.49
GET

http://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:80

Request

GET /player/ HTTP/1.1
Host: embed.redtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

content-length: 0
location: https://embed.redtube.com/player/
GET

https://s.op4pro.com//images/tool-carousel/sexy/title-bg-blue.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET //images/tool-carousel/sexy/title-bg-blue.gif HTTP/2.0
host: s.op4pro.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: image/gif
content-length: 269
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
etag: "5d91ed35-10d"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
accept-ranges: bytes
GET

https://s.op4pro.com//images/tool-carousel/lite/sexy/sexy-37.jpg

msedge.exe

Remote address:

91.199.255.49:443

Request

GET //images/tool-carousel/lite/sexy/sexy-37.jpg HTTP/2.0
host: s.op4pro.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: image/jpeg
content-length: 7677
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
etag: "5d91ed35-1dfd"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
accept-ranges: bytes
DNS

static.delirez.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.delirez.com

IN A

Response

static.delirez.com

IN CNAME

static-vip.ezzed.com

static-vip.ezzed.com

IN A

91.199.255.49
GET

https://s.opfourpro.net/shared/banners/517_it-r1268391309.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /shared/banners/517_it-r1268391309.gif HTTP/2.0
host: s.opfourpro.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: image/gif
content-length: 41822
last-modified: Fri, 12 Mar 2010 10:55:09 GMT
etag: "4b9a1d8d-a35e"
ezstatic: SHARED:MISS KEY:v3_s.opfourpro.net/shared/banners/515_it-r1268391309.gif
accept-ranges: bytes
GET

https://s.opfourpro.net/shared/banners/520_it-r1268391310.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /shared/banners/520_it-r1268391310.gif HTTP/2.0
host: s.opfourpro.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: image/gif
content-length: 16701
last-modified: Fri, 12 Mar 2010 10:55:09 GMT
etag: "4b9a1d8d-413d"
ezstatic: SHARED:MISS KEY:v3_s.opfourpro.net/shared/banners/517_it-r1268391309.gif
accept-ranges: bytes
GET

https://s.opfourpro.net/shared/banners/515_it-r1268391309.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /shared/banners/515_it-r1268391309.gif HTTP/2.0
host: s.opfourpro.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: image/gif
content-length: 27477
last-modified: Fri, 12 Mar 2010 10:55:10 GMT
etag: "4b9a1d8e-6b55"
ezstatic: SHARED:MISS KEY:v3_s.opfourpro.net/shared/banners/520_it-r1268391310.gif
accept-ranges: bytes
GET

https://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /player/ HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: openresty
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:02 GMT; Max-Age=1709846641; path=/; domain=redtube.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
location: /?id=0
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
x-rn-rsrv: ded8229
set-cookie: LBSERVERID=ded8229; path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /player/ HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 404

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:02 GMT; Max-Age=1709846641; path=/; domain=redtube.com
set-cookie: bs=xvevikfyl0dxlhgi6r7j6y0m83yxj54q; expires=Sat, 08-May-2088 18:48:02 GMT; Max-Age=2025120241; path=/; domain=redtube.com; secure; SameSite=None
content-encoding: gzip
x-rn-rsrv: ded8229
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/?id=0

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /?id=0 HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: LBSERVERID=ded8229

Response

HTTP/2.0 301

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
location: /?id=0
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
x-rn-rsrv: ded8232
set-cookie: LBSERVERID=ded8232; path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /player/ HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
x-trace: 2B4565CE09AE2790D95A86D348A9CEB6F78530B0091A7B1293529D058F00
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
location: /?id=0
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
x-rn-rsrv: ded7926
set-cookie: LBSERVERID=ded7926; path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/?id=0

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /?id=0 HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: bs=xvevikfyl0dxlhgi6r7j6y0m83yxj54q
cookie: LBSERVERID=ded8232

Response

HTTP/2.0 404

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
content-encoding: gzip
x-rn-rsrv: ded8232
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /player/ HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
x-trace: 2B29FA49856210C1FFAB8BD7600256F8700B875665479D2E0CA0C2CD5400
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
location: /?id=0
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
x-rn-rsrv: ded7926
set-cookie: LBSERVERID=ded7926; path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/?id=0

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /?id=0 HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: bs=xvevikfyl0dxlhgi6r7j6y0m83yxj54q
cookie: LBSERVERID=ded7926

Response

HTTP/2.0 404

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
x-trace: 2B98FB893E505DB04D341CBE5A168795391844BE105C33F37A0ABFEC2900
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
content-encoding: gzip
x-rn-rsrv: ded7926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/player/

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /player/ HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
location: /?id=0
vary: User-Agent
rating: RTA-5042-1996-1400-1577-RTA
x-rn-rsrv: ded8226
set-cookie: LBSERVERID=ded8226; path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/?id=0

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /?id=0 HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: bs=xvevikfyl0dxlhgi6r7j6y0m83yxj54q
cookie: LBSERVERID=ded7926

Response

HTTP/2.0 404

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
x-trace: 2B8782E9E845FE4BD7CACDAFA7AAD4A45C639461D97FEC261BF94CD2AB00
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
content-encoding: gzip
x-rn-rsrv: ded7926
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://embed.redtube.com/?id=0

msedge.exe

Remote address:

66.254.114.172:443

Request

GET /?id=0 HTTP/2.0
host: embed.redtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: object
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: bs=xvevikfyl0dxlhgi6r7j6y0m83yxj54q
cookie: LBSERVERID=ded8226

Response

HTTP/2.0 404

server: openresty
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: text/html; charset=UTF-8
set-cookie: platform=pc; expires=Thu, 12-May-2078 18:48:04 GMT; Max-Age=1709846642; path=/; domain=redtube.com
content-encoding: gzip
x-rn-rsrv: ded8226
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://static.delirez.com/styles/tool-alert-window/style1.min.css

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /styles/tool-alert-window/style1.min.css HTTP/2.0
host: static.delirez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:01 GMT
content-type: text/css
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
vary: Accept-Encoding
etag: W/"5d91ed35-416"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
content-encoding: gzip
GET

https://static.delirez.com/images/tool-alert-window/white-label/style2_bg.png

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /images/tool-alert-window/white-label/style2_bg.png HTTP/2.0
host: static.delirez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:02 GMT
content-type: image/png
content-length: 2423
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
etag: "5d91ed35-977"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
accept-ranges: bytes
GET

https://static.delirez.com/images/tool-alert-window/loader.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /images/tool-alert-window/loader.gif HTTP/2.0
host: static.delirez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.delirez.com/styles/tool-alert-window/style1.min.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:03 GMT
content-type: image/gif
content-length: 1222
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
etag: "5d91ed35-4c6"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
accept-ranges: bytes
GET

https://static.delirez.com/images/tool-alert-window/style2_bgaccept.gif

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /images/tool-alert-window/style2_bgaccept.gif HTTP/2.0
host: static.delirez.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://static.delirez.com/styles/tool-alert-window/style1.min.css
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:03 GMT
content-type: image/gif
content-length: 7142
last-modified: Mon, 30 Sep 2019 11:55:33 GMT
etag: "5d91ed35-1be6"
cache-control: public, max-age=2592000, immutable, stale-while-revalidate=3600, stale-if-error=604800
accept-ranges: bytes
DNS

tracking.cercagratis.it

msedge.exe

Remote address:

8.8.8.8:53

Request

tracking.cercagratis.it

IN A

Response
DNS

www.hypercounter.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.hypercounter.com

IN A

Response

www.hypercounter.com

IN A

173.239.21.125
DNS

172.114.254.66.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.114.254.66.in-addr.arpa

IN PTR

Response

172.114.254.66.in-addr.arpa

IN PTR

reflectededge reflectednet
DNS

49.255.199.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.255.199.91.in-addr.arpa

IN PTR

Response

49.255.199.91.in-addr.arpa

IN PTR

static-vipezzedcom
DNS

11.2.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.2.37.23.in-addr.arpa

IN PTR

Response

11.2.37.23.in-addr.arpa

IN PTR

a23-37-2-11deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

secure.run-forest.run

msedge.exe

Remote address:

8.8.8.8:53

Request

secure.run-forest.run

IN A

Response

secure.run-forest.run

IN CNAME

static-vip.run-forest.run

static-vip.run-forest.run

IN CNAME

static-vip.ezzed.com

static-vip.ezzed.com

IN A

91.199.255.49
GET

https://secure.run-forest.run/n/gfx?ts=1708857725000&hash=a0b9f3d74839cff0a75d769ae767ad2d&crop=203%2C592%2C518&size=600&cs=a76dcfe66d51e2a8c685dcf527f692a2

msedge.exe

Remote address:

91.199.255.49:443

Request

GET /n/gfx?ts=1708857725000&hash=a0b9f3d74839cff0a75d769ae767ad2d&crop=203%2C592%2C518&size=600&cs=a76dcfe66d51e2a8c685dcf527f692a2 HTTP/2.0
host: secure.run-forest.run
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 06 Mar 2024 21:24:03 GMT
content-type: image/webp
content-length: 57802
cache-control: max-age=2628000, public, stale-if-error=604800, stale-while-revalidate=3600, immutable
etag: W/"e1ca-1q2r5wJOJMydTOGxe5OQmU/rNVQ"
ezcache: STATUS=HIT KEY=webp:/n/gfx?ts=1708857725000&hash=a0b9f3d74839cff0a75d769ae767ad2d&crop=203%2C592%2C518&size=600&cs=a76dcfe66d51e2a8c685dcf527f692a2
access-control-allow-origin: *
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f14�I
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 354107
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A6316E32047465EA2C916179E757C4D Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:40Z
date: Wed, 06 Mar 2024 21:24:40 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 334566
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2497F1AE6FAE4D46BF97F56C3003F9F0 Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:40Z
date: Wed, 06 Mar 2024 21:24:40 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 223754
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9DB97118DEE24B4E8D6D939A674EFCC3 Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:40Z
date: Wed, 06 Mar 2024 21:24:40 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 340835
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 342EC0A699424659A3E9D94EC8866DE9 Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:41Z
date: Wed, 06 Mar 2024 21:24:40 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 210530
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 68BA83BC5136456AB6239FCF2E33CC9A Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:41Z
date: Wed, 06 Mar 2024 21:24:40 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 246852
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3B8960D1C9B14CB48C884EF2ECADC12F Ref B: LON04EDGE0610 Ref C: 2024-03-06T21:24:41Z
date: Wed, 06 Mar 2024 21:24:41 GMT
DNS

84.117.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.117.19.2.in-addr.arpa

IN PTR

Response

84.117.19.2.in-addr.arpa

IN PTR

a2-19-117-84deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response

91.199.255.48:80

promo.easy-dating.org

msedge.exe

288 B
184 B
6
4
91.199.255.48:80

promo.easy-dating.org

msedge.exe

288 B
184 B
6
4
91.199.255.48:80

promo.easy-dating.org

msedge.exe

288 B
144 B
6
3
91.199.255.48:80

http://www.easy-dating.org/PROMO/script_carousel.php?siteid=81159&theme=white

http

msedge.exe

626 B
755 B
6
5

HTTP Request

GET http://www.easy-dating.org/PROMO/script_carousel.php?siteid=81159&theme=white

HTTP Response

301
91.199.255.48:80

http://www.easy-dating.org/PROMO/script_alertwindow.php?siteid=81159&close=1

http

msedge.exe

625 B
754 B
6
5

HTTP Request

GET http://www.easy-dating.org/PROMO/script_alertwindow.php?siteid=81159&close=1

HTTP Response

301
91.199.255.48:80

http://promo.easy-dating.org/banner/index?site_id=98436&banner_id=515&default_language=it&tr4ck=160X600-see-more-click-here_S

http

msedge.exe

2.0kB
3.7kB
10
8

HTTP Request

GET http://promo.easy-dating.org/banner/index?site_id=136410&banner_id=517&default_language=it&tr4ck=468X60-see-more-click-here_S

HTTP Response

200

HTTP Request

GET http://promo.easy-dating.org/banner/index?site_id=98436&banner_id=520&default_language=it&tr4ck=160X600-tchat-webcam-amateur_S

HTTP Response

200

HTTP Request

GET http://promo.easy-dating.org/banner/index?site_id=98436&banner_id=515&default_language=it&tr4ck=160X600-see-more-click-here_S

HTTP Response

200
91.199.255.48:443

c.easysexe.com

tls

msedge.exe

972 B
3.6kB
8
6
91.199.255.48:443

https://c.easysexe.com/alert-window?compatibility=1&position=right&site_id=81159&close=1

tls, http2

msedge.exe

3.7kB
104.3kB
53
86

HTTP Request

GET https://c.easysexe.com/rewriter.php?filename=carousel&siteid=81159&theme=white

HTTP Request

GET https://c.easysexe.com/rewriter.php?filename=alertwindow&siteid=81159&close=1

HTTP Response

301

HTTP Response

301

HTTP Request

GET https://c.easysexe.com/carousel/sexy?compatibility=1&site_id=81159&theme=white

HTTP Request

GET https://c.easysexe.com/alert-window?compatibility=1&position=right&site_id=81159&close=1

HTTP Response

200

HTTP Response

200
204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

tls, http2

2.2kB
9.2kB
23
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=d231972a87e9439094de06b51bd22458&localId=w:E50FD854-0373-F3F8-5EA0-C41D8800F2D2&deviceId=6896193422179112&anid=

HTTP Response

204
66.254.114.172:80

http://embed.redtube.com/player/

http

msedge.exe

778 B
322 B
7
5

HTTP Request

GET http://embed.redtube.com/player/

HTTP Response

301
91.199.255.49:443

https://s.op4pro.com//images/tool-carousel/lite/sexy/sexy-37.jpg

tls, http2

msedge.exe

1.9kB
12.5kB
16
20

HTTP Request

GET https://s.op4pro.com//images/tool-carousel/sexy/title-bg-blue.gif

HTTP Response

200

HTTP Request

GET https://s.op4pro.com//images/tool-carousel/lite/sexy/sexy-37.jpg

HTTP Response

200
91.199.255.49:443

https://s.opfourpro.net/shared/banners/515_it-r1268391309.gif

tls, http2

msedge.exe

3.7kB
93.4kB
53
77

HTTP Request

GET https://s.opfourpro.net/shared/banners/517_it-r1268391309.gif

HTTP Request

GET https://s.opfourpro.net/shared/banners/520_it-r1268391310.gif

HTTP Request

GET https://s.opfourpro.net/shared/banners/515_it-r1268391309.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200
91.199.255.49:443

s.opfourpro.net

tls

msedge.exe

972 B
3.5kB
8
7
91.199.255.49:443

s.opfourpro.net

tls

msedge.exe

972 B
3.5kB
8
7
66.254.114.172:443

https://embed.redtube.com/?id=0

tls, http2

msedge.exe

4.1kB
31.7kB
50
61

HTTP Request

GET https://embed.redtube.com/player/

HTTP Response

301

HTTP Request

GET https://embed.redtube.com/player/

HTTP Request

GET https://embed.redtube.com/?id=0

HTTP Response

404

HTTP Response

301

HTTP Request

GET https://embed.redtube.com/player/

HTTP Request

GET https://embed.redtube.com/?id=0

HTTP Response

301

HTTP Request

GET https://embed.redtube.com/player/

HTTP Response

404

HTTP Request

GET https://embed.redtube.com/?id=0

HTTP Response

301

HTTP Request

GET https://embed.redtube.com/player/

HTTP Response

404

HTTP Request

GET https://embed.redtube.com/?id=0

HTTP Response

301

HTTP Response

404

HTTP Request

GET https://embed.redtube.com/?id=0

HTTP Response

404
91.199.255.49:443

https://static.delirez.com/images/tool-alert-window/style2_bgaccept.gif

tls, http2

msedge.exe

2.4kB
16.4kB
21
24

HTTP Request

GET https://static.delirez.com/styles/tool-alert-window/style1.min.css

HTTP Response

200

HTTP Request

GET https://static.delirez.com/images/tool-alert-window/white-label/style2_bg.png

HTTP Response

200

HTTP Request

GET https://static.delirez.com/images/tool-alert-window/loader.gif

HTTP Request

GET https://static.delirez.com/images/tool-alert-window/style2_bgaccept.gif

HTTP Response

200

HTTP Response

200
92.241.164.227:80

msedge.exe

260 B
5
173.239.21.125:80

www.hypercounter.com

msedge.exe

260 B
5
92.241.164.227:80

msedge.exe

260 B
5
173.239.21.125:80

www.hypercounter.com

msedge.exe

260 B
5
91.199.255.49:443

https://secure.run-forest.run/n/gfx?ts=1708857725000&hash=a0b9f3d74839cff0a75d769ae767ad2d&crop=203%2C592%2C518&size=600&cs=a76dcfe66d51e2a8c685dcf527f692a2

tls, http2

msedge.exe

3.0kB
63.8kB
40
54

HTTP Request

GET https://secure.run-forest.run/n/gfx?ts=1708857725000&hash=a0b9f3d74839cff0a75d769ae767ad2d&crop=203%2C592%2C518&size=600&cs=a76dcfe66d51e2a8c685dcf527f692a2

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4

tls, http2

66.8kB
1.8MB
1307
1301

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301182_15RUNGDSFF0MLDKK2&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301288_1GU97O2L0EVD7325U&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418565_1OUCQO7VP7RV95UTY&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301591_1PGV0364HK4XMTTCN&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418566_1KUOCUMD7VRU52NBF&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301697_1IS6I39WFTNHNV537&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
9.5kB
17
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
9.5kB
17
15

8.8.8.8:53

www.videopompinigratis.net

dns

msedge.exe

216 B
145 B
3
1

DNS Request

www.videopompinigratis.net

DNS Request

www.videopompinigratis.net

DNS Request

www.videopompinigratis.net
8.8.8.8:53

www.easy-dating.org

dns

msedge.exe

130 B
134 B
2
1

DNS Request

www.easy-dating.org

DNS Request

www.easy-dating.org

DNS Response

91.199.255.48
8.8.8.8:53

promo.easy-dating.org

dns

msedge.exe

134 B
116 B
2
1

DNS Request

promo.easy-dating.org

DNS Request

promo.easy-dating.org

DNS Response

91.199.255.48
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

185.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

185.178.17.96.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

c.easysexe.com

dns

msedge.exe

60 B
106 B
1
1

DNS Request

c.easysexe.com

DNS Response

91.199.255.48
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

48.255.199.91.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

48.255.199.91.in-addr.arpa
8.8.8.8:53

www.sg8.info

dns

msedge.exe

58 B
137 B
1
1

DNS Request

www.sg8.info
8.8.8.8:53

embed.redtube.com

dns

msedge.exe

63 B
79 B
1
1

DNS Request

embed.redtube.com

DNS Response

66.254.114.172
8.8.8.8:53

s.opfourpro.net

dns

msedge.exe

61 B
111 B
1
1

DNS Request

s.opfourpro.net

DNS Response

91.199.255.49
8.8.8.8:53

s.op4pro.com

dns

msedge.exe

58 B
105 B
1
1

DNS Request

s.op4pro.com

DNS Response

91.199.255.49
8.8.8.8:53

static.delirez.com

dns

msedge.exe

64 B
111 B
1
1

DNS Request

static.delirez.com

DNS Response

91.199.255.49
8.8.8.8:53

tracking.cercagratis.it

dns

msedge.exe

69 B
137 B
1
1

DNS Request

tracking.cercagratis.it
8.8.8.8:53

www.hypercounter.com

dns

msedge.exe

66 B
82 B
1
1

DNS Request

www.hypercounter.com

DNS Response

173.239.21.125
8.8.8.8:53

172.114.254.66.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

172.114.254.66.in-addr.arpa
8.8.8.8:53

49.255.199.91.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

49.255.199.91.in-addr.arpa
8.8.8.8:53

11.2.37.23.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

11.2.37.23.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

secure.run-forest.run

dns

msedge.exe

67 B
142 B
1
1

DNS Request

secure.run-forest.run

DNS Response

91.199.255.49
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
224.0.0.251:5353

388 B
6
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

84.117.19.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

84.117.19.2.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
758B

MD5
bed1234255a698450b6c822818f87de1

SHA1
e33094aacb80fa3bde443e945aee44008146b4e2

SHA256
8309382cd2841824d76c5a8a12fb1eed6c11cb86926eb7c438c518f32b1bf8a4

SHA512
940443a640fc71f2d2f65e9d6587dd86af72ff593b7cd498b9bfb4470c0170bae1733b5325e6f0bb11f55fa4bb6f7e3c930c84bcab4d1cc2cf5863a2d99de67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec87f09d3065b74bac315fe1e3b56c08

SHA1
13126ec096513ffead98e25ff6613be8b1a449a2

SHA256
79f15f715002ed93e11600a3145346e57236be39031c96301181fb4deaee5a3a

SHA512
dd0ad437acf4941ff80019fb8c7d0b1faaeda7d64a9b6cb8c5efb1beabd0276f1477128d13ad62ff25a9b1c80dbf4772c7a69d17ce1d526e1c4492cc9e41c74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
469769f7f45167a93c24b0c9bab86c0e

SHA1
a76ef645646ceb90353cb5fbdcb91fc4c030d201

SHA256
115ce0fa605a0da02f6832ec33fc2bb2ea1f6de81304c9f118f8d8da485eb656

SHA512
00f42cab5fae0a7bcdf9ff1fd8db986d03a10ed455172b69a952a34c2116a337330a2e4b7d78299ce322fd43b4187d69c044165e699223435a336c337364fbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70a66807b4e29d14c990092c1fd7793e

SHA1
0c79c79ca8d9be013f276ceacd8da340b2564f73

SHA256
86b14c75a9292195fc3da349bc3a309d481cbdad640216b4f7809c46798b95c6

SHA512
f3e96ab99520853e81cf767482fa8dff68f75df430323f4966a2c93bc683242676a61d3ea88e8cd3db17d62c8c29dee5630d85ddf9cbb54840ad8692481f5b67

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request