f9f50f3be1b6fb706f196e1f00240030825ce1d2f68e7f51e131a33287bd7b75

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 16:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de7201dfa162098e782d47085f317edd.html
Size

3.5MB
MD5

de7201dfa162098e782d47085f317edd
SHA1

c86183ed1bd5f59077e5812d58a7b81bcf095ac7
SHA256

f9f50f3be1b6fb706f196e1f00240030825ce1d2f68e7f51e131a33287bd7b75
SHA512

699191c78a230b91bcaa8113f08d93bfe421a64c0b272e22df9a91efd5e28e2020e4b62dfb7d97815b3089a025f07e2356b1ef47487e8658c3422a65d1569768
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAK:jvQjte4tT62K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
868	msedge.exe
868	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
824	identity_helper.exe
824	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe
4360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 1632	4360	msedge.exe	87
PID 4360 wrote to memory of 1632	4360	msedge.exe	87
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 4772	4360	msedge.exe	88
PID 4360 wrote to memory of 868	4360	msedge.exe	89
PID 4360 wrote to memory of 868	4360	msedge.exe	89
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90
PID 4360 wrote to memory of 1844	4360	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de7201dfa162098e782d47085f317edd.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8784446f8,0x7ff878444708,0x7ff878444718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17546605408885998501,15857350385817911550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

Network

DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
DNS

code.jquery.com

msedge.exe

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.130.137
DNS

maxcdn.bootstrapcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A

Response

maxcdn.bootstrapcdn.com

IN A

104.18.11.207

maxcdn.bootstrapcdn.com

IN A

104.18.10.207
DNS

maxcdn.bootstrapcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

maxcdn.bootstrapcdn.com

IN A
DNS

cdnjs.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

kit.fontawesome.com

msedge.exe

Remote address:

8.8.8.8:53

Request

kit.fontawesome.com

IN A

Response

kit.fontawesome.com

IN CNAME

kit.fontawesome.com.cdn.cloudflare.net

kit.fontawesome.com.cdn.cloudflare.net

IN A

172.64.147.188

kit.fontawesome.com.cdn.cloudflare.net

IN A

104.18.40.68
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR

Response
DNS

140.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.32.126.40.in-addr.arpa

IN PTR
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR
GET

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

msedge.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 569394
expires: Sat, 15 Mar 2025 16:30:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I665%2F%2F6QRnogX3QT6g2M1dkSjiJ0PkGHLcAWjT6UZb6R21sLKOkmKrrUbM6OoSmxHC4ek9Ry7WnS0dpUJn1MjfiplZqXTb9PJ8i8WGLVLqVOAlUXxWe5DBxDSMBNBY9nxpVYGVsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 86a048748bb223ef-LHR
alt-svc: h3=":443"; ma=86400
GET

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

msedge.exe

Remote address:

142.250.200.42:443

Request

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://code.jquery.com/jquery-3.1.1.min.js

msedge.exe

Remote address:

151.101.2.137:443

Request

GET /jquery-3.1.1.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 25 Mar 2024 16:30:00 GMT
age: 2786387
x-served-by: cache-lga21947-LGA, cache-lcy-eglc8600053-LCY
x-cache: HIT, HIT
x-cache-hits: 78, 51484
x-timer: S1711384200.409413,VS0,VE0
vary: Accept-Encoding
content-length: 30070
GET

https://code.jquery.com/jquery-3.2.1.slim.min.js

msedge.exe

Remote address:

151.101.2.137:443

Request

GET /jquery-3.2.1.slim.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 25 Mar 2024 16:30:00 GMT
age: 16480401
x-served-by: cache-lga21963-LGA, cache-lcy-eglc8600036-LCY
x-cache: HIT, HIT
x-cache-hits: 20, 166079
x-timer: S1711384200.409331,VS0,VE0
vary: Accept-Encoding
content-length: 23856
GET

https://kit.fontawesome.com/585b051251.js

msedge.exe

Remote address:

172.64.147.188:443

Request

GET /585b051251.js HTTP/2.0
host: kit.fontawesome.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:29:59 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F8ANVxH8EXGhtnJpLhkB
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 86a0486e9bd379c8-LHR
content-encoding: gzip
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

msedge.exe

Remote address:

104.18.11.207:443

Request

GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/2.0
host: maxcdn.bootstrapcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:00 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 01/15/2024 23:55:45
cdn-edgestorageid: 845
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 127ebfc7b1202ea45d8c4e9ae0b5c9da
cdn-cache: HIT
cf-cache-status: HIT
age: 606045
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 86a048745c7871e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

msedge.exe

Remote address:

104.18.11.207:443

Request

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/2.0
host: maxcdn.bootstrapcdn.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
origin: null
sec-ch-ua-mobile: ?0
intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:00 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: FR
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 02/05/2024 11:29:39
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 946
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d7490026275959d5f3148269f6c6dc66
cdn-cache: HIT
cf-cache-status: HIT
age: 595426
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 86a048745c7671e7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

188.147.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

188.147.64.172.in-addr.arpa

IN PTR

Response
DNS

175.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.178.17.96.in-addr.arpa

IN PTR

Response

175.178.17.96.in-addr.arpa

IN PTR

a96-17-178-175deploystaticakamaitechnologiescom
DNS

static.cloudflareinsights.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.79.73

static.cloudflareinsights.com

IN A

104.16.80.73
GET

https://static.cloudflareinsights.com/beacon.min.js

msedge.exe

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:00 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2023.10.0"
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 86a04877ef8c6377-LHR
content-encoding: gzip
DNS

ka-f.fontawesome.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ka-f.fontawesome.com

IN A

Response

ka-f.fontawesome.com

IN CNAME

ka-f.fontawesome.com.cdn.cloudflare.net

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.106.23

ka-f.fontawesome.com.cdn.cloudflare.net

IN A

172.64.107.23
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

msedge.exe

Remote address:

172.64.106.23:443

Request

GET /releases/v5.15.4/css/free.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:01 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15daa09affbc43879e6c6220fe3ec1dc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: PZTWPUzooBd05vDa0lIZlZXl-6e2ScL_0f_P9HwWpkRxUKt70yiY3Q==
age: 213279
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rcGD8%2F9rIVPqyy%2FVYo91Cx35Mpd49VoYORUD%2Bvw0QTbU4Thj0BPg%2BA%2FBqZ2OikbEPNRGzojD4XROBkwadI4NbrY9I411JyMWQ5yF5DyAS%2Fcv3cPgparS%2FumyUi6eCCykfD%2FVN8HpGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86a0487d29ea4170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

msedge.exe

Remote address:

172.64.106.23:443

Request

GET /releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251 HTTP/2.0
host: ka-f.fontawesome.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: null
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 25 Mar 2024 16:30:01 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c86145c1f4d8c302ebef9fae6aaf1f24.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: o1AIaW85G7wqMGTxv7H2q5GHL0Bfk-CJMxhCh84iyprOvXZpHB8QjA==
age: 213278
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cvioYMZKGFU345y5yFh3cUFC%2FEOKqbPdiQLDs29mbUadNDXepLAjywlCcKyRdFA5sRaGGUEJvvF6qhZH7JV35fuH7gDMMohd11jhLGx6fZkPOKarNW6G5%2B422wLnpT7bw3PfIMYFVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86a0487d29e84170-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR

Response
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR
DNS

207.11.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

207.11.18.104.in-addr.arpa

IN PTR
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR

Response

227.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f31e100net
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR
DNS

227.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.179.250.142.in-addr.arpa

IN PTR
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR

Response
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR
DNS

23.106.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.106.64.172.in-addr.arpa

IN PTR

Response
DNS

23.106.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.106.64.172.in-addr.arpa

IN PTR
DNS

23.106.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.106.64.172.in-addr.arpa

IN PTR
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR
DNS

183.142.211.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.142.211.20.in-addr.arpa

IN PTR

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

195.177.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.177.78.104.in-addr.arpa

IN PTR

Response

195.177.78.104.in-addr.arpa

IN PTR

a104-78-177-195deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

182.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.178.17.96.in-addr.arpa

IN PTR

Response

182.178.17.96.in-addr.arpa

IN PTR

a96-17-178-182deploystaticakamaitechnologiescom
DNS

42.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.134.221.88.in-addr.arpa

IN PTR

Response

42.134.221.88.in-addr.arpa

IN PTR

a88-221-134-42deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388249_1ITQNLCZFZ5I7SWZ3&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388249_1ITQNLCZFZ5I7SWZ3&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 174803
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E72A355F985649A7875CCA1EFC01E93D Ref B: LON04EDGE0809 Ref C: 2024-03-25T16:30:41Z
date: Mon, 25 Mar 2024 16:30:41 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 348814
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BD3D95A615C4408AA18B41E80CA0E837 Ref B: LON04EDGE0809 Ref C: 2024-03-25T16:30:41Z
date: Mon, 25 Mar 2024 16:30:41 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 132331
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96A9ECBEB3564003B318BAFED8297638 Ref B: LON04EDGE0809 Ref C: 2024-03-25T16:30:41Z
date: Mon, 25 Mar 2024 16:30:41 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388248_12MWSVFEL5W1N3LWI&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388248_12MWSVFEL5W1N3LWI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 474664
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B667C21501694099884106933A796825 Ref B: LON04EDGE0809 Ref C: 2024-03-25T16:30:41Z
date: Mon, 25 Mar 2024 16:30:41 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR
DNS

183.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.178.17.96.in-addr.arpa

IN PTR

Response

183.178.17.96.in-addr.arpa

IN PTR

a96-17-178-183deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

192.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.178.17.96.in-addr.arpa

IN PTR

Response

192.178.17.96.in-addr.arpa

IN PTR

a96-17-178-192deploystaticakamaitechnologiescom
DNS

74.239.69.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.239.69.13.in-addr.arpa

IN PTR

Response
DNS

74.239.69.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.239.69.13.in-addr.arpa

IN PTR

104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

tls, http2

msedge.exe

1.9kB
10.5kB
17
20

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

HTTP Response

200
142.250.200.42:443

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

tls, http2

msedge.exe

2.9kB
38.6kB
38
38

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
151.101.2.137:443

https://code.jquery.com/jquery-3.1.1.min.js

tls, http2

msedge.exe

2.7kB
39.4kB
35
37

HTTP Request

GET https://code.jquery.com/jquery-3.1.1.min.js

HTTP Response

200
151.101.2.137:443

https://code.jquery.com/jquery-3.2.1.slim.min.js

tls, http2

msedge.exe

2.5kB
31.8kB
30
32

HTTP Request

GET https://code.jquery.com/jquery-3.2.1.slim.min.js

HTTP Response

200
172.64.147.188:443

https://kit.fontawesome.com/585b051251.js

tls, http2

msedge.exe

1.8kB
9.4kB
16
18

HTTP Request

GET https://kit.fontawesome.com/585b051251.js

HTTP Response

200
104.18.11.207:443

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

tls, http2

msedge.exe

3.3kB
43.6kB
45
48

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

HTTP Request

GET https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

HTTP Response

200

HTTP Response

200
104.18.11.207:443

maxcdn.bootstrapcdn.com

tls

msedge.exe

943 B
4.6kB
8
7
104.16.79.73:443

static.cloudflareinsights.com

tls, http2

msedge.exe

1.0kB
948 B
9
5
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js

tls, http2

msedge.exe

2.5kB
13.0kB
20
23

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js

HTTP Response

200
172.64.106.23:443

https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

tls, http2

msedge.exe

3.4kB
26.2kB
27
29

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251

HTTP Request

GET https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251

HTTP Response

200

HTTP Response

200
172.64.106.23:443

ka-f.fontawesome.com

tls

msedge.exe

891 B
4.6kB
8
7
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.2kB
18
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.2kB
18
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.3kB
8.1kB
17
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239339388248_12MWSVFEL5W1N3LWI&pid=21.2&w=1920&h=1080&c=4

tls, http2

43.3kB
1.2MB
871
867

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388249_1ITQNLCZFZ5I7SWZ3&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418581_1PW4UWMX6DVDU64ZR&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418582_18ZLZW09JZ7BHXRKX&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388248_12MWSVFEL5W1N3LWI&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

code.jquery.com

dns

msedge.exe

61 B
125 B
1
1

DNS Request

code.jquery.com

DNS Response

151.101.2.137

151.101.194.137

151.101.66.137

151.101.130.137
8.8.8.8:53

maxcdn.bootstrapcdn.com

dns

msedge.exe

138 B
101 B
2
1

DNS Request

maxcdn.bootstrapcdn.com

DNS Request

maxcdn.bootstrapcdn.com

DNS Response

104.18.11.207

104.18.10.207
8.8.8.8:53

cdnjs.cloudflare.com

dns

msedge.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

kit.fontawesome.com

dns

msedge.exe

65 B
149 B
1
1

DNS Request

kit.fontawesome.com

DNS Response

172.64.147.188

104.18.40.68
8.8.8.8:53

140.32.126.40.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

140.32.126.40.in-addr.arpa

DNS Request

140.32.126.40.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

146 B
147 B
2
1

DNS Request

149.220.183.52.in-addr.arpa

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

137.2.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

137.2.101.151.in-addr.arpa
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

188.147.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

188.147.64.172.in-addr.arpa
8.8.8.8:53

175.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

175.178.17.96.in-addr.arpa
8.8.8.8:53

static.cloudflareinsights.com

dns

msedge.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.79.73

104.16.80.73
8.8.8.8:53

ka-f.fontawesome.com

dns

msedge.exe

66 B
151 B
1
1

DNS Request

ka-f.fontawesome.com

DNS Response

172.64.106.23

172.64.107.23
8.8.8.8:53

207.11.18.104.in-addr.arpa

dns

216 B
134 B
3
1

DNS Request

207.11.18.104.in-addr.arpa

DNS Request

207.11.18.104.in-addr.arpa

DNS Request

207.11.18.104.in-addr.arpa
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

219 B
112 B
3
1

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

10.180.250.142.in-addr.arpa
8.8.8.8:53

227.179.250.142.in-addr.arpa

dns

222 B
112 B
3
1

DNS Request

227.179.250.142.in-addr.arpa

DNS Request

227.179.250.142.in-addr.arpa

DNS Request

227.179.250.142.in-addr.arpa
8.8.8.8:53

73.79.16.104.in-addr.arpa

dns

213 B
133 B
3
1

DNS Request

73.79.16.104.in-addr.arpa

DNS Request

73.79.16.104.in-addr.arpa

DNS Request

73.79.16.104.in-addr.arpa
8.8.8.8:53

23.106.64.172.in-addr.arpa

dns

216 B
134 B
3
1

DNS Request

23.106.64.172.in-addr.arpa

DNS Request

23.106.64.172.in-addr.arpa

DNS Request

23.106.64.172.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa
224.0.0.251:5353

518 B
8
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

140 B
156 B
2
1

DNS Request

50.23.12.20.in-addr.arpa

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

183.142.211.20.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

183.142.211.20.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

142 B
270 B
2
2

DNS Request

41.110.16.96.in-addr.arpa

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

195.177.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

195.177.78.104.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

182.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

182.178.17.96.in-addr.arpa
8.8.8.8:53

42.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

42.134.221.88.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

219 B
106 B
3
1

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

183.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

183.178.17.96.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

192.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

192.178.17.96.in-addr.arpa
8.8.8.8:53

74.239.69.13.in-addr.arpa

dns

142 B
145 B
2
1

DNS Request

74.239.69.13.in-addr.arpa

DNS Request

74.239.69.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
e023b3043e32a3cd8fa460b26abdf364

SHA1
beeb114bad88032c6de7c87e7f6a3b68bb07a01a

SHA256
26b4bd5a14a70800982249375df785a3fc679027e0450b51d91cab4675ec6fa5

SHA512
164ab304f88fe63e8e486d746c6d9bde88641abc2d46499d1f21280be9e06ab30cf7498b1cb34fcd280241ce5da2be41f21b1ee27153f1597205e3a471654883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86fb50a8ae83300a4a960784619da391

SHA1
578bdeff6590fdbbb964dc3bf889d84b7f8c1931

SHA256
37db596eded751070a92ced8f1449e6d190e1c381926650c7d352f22326a6986

SHA512
40c79672cd65de709bef134451b234dbfff8bb54e6e16ee324beb7cb4f5b981f95dd4efb662c3e24388d27b431a88f373a210ff81962c688edf2588169c9049d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
440bcda68be7f40e37eacebddaf12da0

SHA1
64b36e92491a4339b3208f91a12b05957c0573ea

SHA256
15ba9ae444645353d6fc4a43463116584c86f4197ed130d051a730a42a96cbaa

SHA512
63b25087491025dcf4dbd05579a6fc11da058512393d9cae72aaee230670088ed34c5156952ddaf17111a2ec4e346924054fd15d42b9ce95d620b06bd8a8eb23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f22d674e8129119cee420a42cbb99e8

SHA1
86975605d35189b0a283ccd976374552e541a4ac

SHA256
ba7f58c70cacd3b8d308cd21addd71fa0e344639094a4db2392ef8967f20e888

SHA512
ac6d31698d3469b9480da7c807cfaf72883dee21e37b1caeba6470e2691f1d83c602e12f5cc342a10b64116cb8bbae14724b5755d8eb5ae243fed065299dcaf5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request