241638c227ec92646f6c1f7559d1bfab1e66d222f0b7be34837c0fc5c1e794d4

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 06:55 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e3ef702edd9cf7ea3ab3064b851c7fe_JaffaCakes118.html
Size

49KB
MD5

3e3ef702edd9cf7ea3ab3064b851c7fe
SHA1

d7cb00b28778cd46cf9a08f1fedf941bd6af4a8f
SHA256

241638c227ec92646f6c1f7559d1bfab1e66d222f0b7be34837c0fc5c1e794d4
SHA512

d89db37fb7b79480f204357422f1b3ecaeff4247d57bbb8de0aa48cbd53c01c3a66caa45a7a6249a2097805b92d465870f04ef3098b5a24af2cf266c21d0ee61
SSDEEP

1536:iiz0FpuFum44tVobZTVobv32VVobLvVobal884orPhVs:7umvkQFOal14orPhVs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
1224	msedge.exe
1224	msedge.exe
1728	identity_helper.exe
1728	identity_helper.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe
1224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 4708	1224	msedge.exe	81
PID 1224 wrote to memory of 4708	1224	msedge.exe	81
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2060	1224	msedge.exe	82
PID 1224 wrote to memory of 2776	1224	msedge.exe	83
PID 1224 wrote to memory of 2776	1224	msedge.exe	83
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84
PID 1224 wrote to memory of 4616	1224	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3e3ef702edd9cf7ea3ab3064b851c7fe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16570818802920278156,503672341685226060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

DNS

www.blogger.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.blogger.com

IN A

Response

www.blogger.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.201.169
DNS

ajax.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.179.74
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

msedge.exe

Remote address:

142.250.179.74:80

Request

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 93868
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 10 May 2024 06:04:36 GMT
Expires: Sat, 10 May 2025 06:04:36 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 262270
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
GET

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

msedge.exe

Remote address:

142.250.179.74:80

Request

GET /ajax/libs/jquery/1.5.2/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Timing-Allow-Origin: *
Content-Length: 85925
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 May 2024 09:12:27 GMT
Expires: Fri, 09 May 2025 09:12:27 GMT
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 337399
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
GET

https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

msedge.exe

Remote address:

142.250.201.169:443

Request

GET /static/v1/widgets/14020288-widget_css_bundle.css HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/static/v1/widgets/4144282483-widgets.js

msedge.exe

Remote address:

142.250.201.169:443

Request

GET /static/v1/widgets/4144282483-widgets.js HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7958390433489935733&zx=5524487a-2371-40c2-acfc-dadb98fd6863

msedge.exe

Remote address:

142.250.201.169:443

Request

GET /dyn-css/authorization.css?targetBlogID=7958390433489935733&zx=5524487a-2371-40c2-acfc-dadb98fd6863 HTTP/2.0
host: www.blogger.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic|Raleway:300

msedge.exe

Remote address:

142.250.178.138:80

Request

GET /css?family=Open+Sans:400,400italic,600,600italic|Raleway:300 HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Mon, 13 May 2024 06:55:46 GMT
Date: Mon, 13 May 2024 06:55:46 GMT
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Last-Modified: Mon, 13 May 2024 06:55:46 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrE.woff2

msedge.exe

Remote address:

172.217.20.163:80

Request

GET /s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrE.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 22416
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 May 2024 15:28:09 GMT
Expires: Fri, 09 May 2025 15:28:09 GMT
Cache-Control: public, max-age=31536000
Age: 314857
Last-Modified: Wed, 01 May 2024 20:31:55 GMT
Content-Type: font/woff2
DNS

yourjavascript.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yourjavascript.com

IN A

Response

yourjavascript.com

IN A

13.248.169.48

yourjavascript.com

IN A

76.223.54.146
GET

http://yourjavascript.com/00911305131/pagenavigation.txt.js

msedge.exe

Remote address:

13.248.169.48:80

Request

GET /00911305131/pagenavigation.txt.js HTTP/1.1
Host: yourjavascript.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: openresty
Date: Mon, 13 May 2024 06:55:46 GMT
Content-Type: text/html
Content-Length: 114
Connection: keep-alive
DNS

resources.blogblog.com

msedge.exe

Remote address:

8.8.8.8:53

Request

resources.blogblog.com

IN A

Response

resources.blogblog.com

IN CNAME

blogger.l.google.com

blogger.l.google.com

IN A

142.250.201.169
DNS

www.msbte.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.msbte.com

IN A

Response

www.msbte.com

IN A

174.133.117.27
GET

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

msedge.exe

Remote address:

142.250.201.169:443

Request

GET /img/icon18_wrench_allbkg.png HTTP/2.0
host: resources.blogblog.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

gate.iitkgp.ac.in

msedge.exe

Remote address:

8.8.8.8:53

Request

gate.iitkgp.ac.in

IN A

Response

gate.iitkgp.ac.in

IN A

203.110.245.213
DNS

widgets.amung.us

msedge.exe

Remote address:

8.8.8.8:53

Request

widgets.amung.us

IN A

Response

widgets.amung.us

IN A

104.22.75.171

widgets.amung.us

IN A

172.67.8.141

widgets.amung.us

IN A

104.22.74.171
GET

http://widgets.amung.us/classic.js

msedge.exe

Remote address:

104.22.75.171:80

Request

GET /classic.js HTTP/1.1
Host: widgets.amung.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Mon, 13 May 2024 06:55:46 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 12 Jan 2023 17:19:40 GMT
etag: W/"63c0412c-32c5"
expires: Tue, 14 May 2024 06:42:21 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
CF-Cache-Status: HIT
Age: 805
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8830beac98b46673-AMS
alt-svc: h3=":443"; ma=86400
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

3.bp.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

3.bp.blogspot.com

IN A

Response

3.bp.blogspot.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.179.97
GET

http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

msedge.exe

Remote address:

172.217.20.163:80

Request

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 48236
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 May 2024 22:59:15 GMT
Expires: Fri, 09 May 2025 22:59:15 GMT
Cache-Control: public, max-age=31536000
Age: 287791
Last-Modified: Thu, 14 Dec 2023 02:08:40 GMT
Content-Type: font/woff2
GET

http://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

msedge.exe

Remote address:

172.217.20.163:80

Request

GET /s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
Connection: keep-alive
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Referer: http://fonts.googleapis.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="apps-themes"
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Timing-Allow-Origin: *
Content-Length: 50296
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Thu, 09 May 2024 08:37:46 GMT
Expires: Fri, 09 May 2025 08:37:46 GMT
Cache-Control: public, max-age=31536000
Age: 339480
Last-Modified: Thu, 14 Dec 2023 02:10:01 GMT
Content-Type: font/woff2
GET

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/websoham&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

msedge.exe

Remote address:

163.70.151.35:80

Request

GET /plugins/like.php?href=https://www.facebook.com/websoham&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/like.php?href=https://www.facebook.com/websoham&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 13 May 2024 06:55:46 GMT
Connection: keep-alive
Content-Length: 0
GET

http://3.bp.blogspot.com/-qXV1qRPIjHY/UbqjmHPAHzI/AAAAAAAACUE/7_sAZf8tHLY/s1600/sprite_32x32.png

msedge.exe

Remote address:

142.250.179.97:80

Request

GET /-qXV1qRPIjHY/UbqjmHPAHzI/AAAAAAAACUE/7_sAZf8tHLY/s1600/sprite_32x32.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/png
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
ETag: "v943"
Expires: Tue, 14 May 2024 06:55:46 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="sprite_32x32.png"
X-Content-Type-Options: nosniff
Date: Mon, 13 May 2024 06:55:46 GMT
Server: fife
Content-Length: 3033
X-XSS-Protection: 0
GET

http://3.bp.blogspot.com/-B39xC4Ufk5g/Ud0G2vNjdiI/AAAAAAAACfE/2BVYbTyCUzk/s1600/email-icon.png

msedge.exe

Remote address:

142.250.179.97:80

Request

GET /-B39xC4Ufk5g/Ud0G2vNjdiI/AAAAAAAACfE/2BVYbTyCUzk/s1600/email-icon.png HTTP/1.1
Host: 3.bp.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Content-Disposition: inline;filename="email-icon.png"
X-Content-Type-Options: nosniff
Server: fife
Content-Length: 399
X-XSS-Protection: 0
Date: Mon, 13 May 2024 06:16:52 GMT
Expires: Tue, 14 May 2024 06:16:52 GMT
Cache-Control: public, max-age=86400, no-transform
Age: 2334
ETag: "v9f3"
Content-Type: image/png
Vary: Origin
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

74.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.179.250.142.in-addr.arpa

IN PTR

Response

74.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f101e100net
DNS

169.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.201.250.142.in-addr.arpa

IN PTR

Response

169.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f91e100net
DNS

138.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.178.250.142.in-addr.arpa

IN PTR

Response

138.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f101e100net
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

163.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.20.217.172.in-addr.arpa

IN PTR

Response

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f1631e100net

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f3�J

163.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f3�J
DNS

48.169.248.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.169.248.13.in-addr.arpa

IN PTR

Response

48.169.248.13.in-addr.arpa

IN PTR

a904c694c05102f30awsglobalacceleratorcom
DNS

171.75.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.75.22.104.in-addr.arpa

IN PTR

Response
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

t.dtscout.com

msedge.exe

Remote address:

8.8.8.8:53

Request

t.dtscout.com

IN A

Response

t.dtscout.com

IN A

141.101.120.10

t.dtscout.com

IN A

141.101.120.11
GET

https://t.dtscout.com/i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3e3ef702edd9cf7ea3ab3064b851c7fe_JaffaCakes118.html&j=

msedge.exe

Remote address:

141.101.120.10:443

Request

GET /i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3e3ef702edd9cf7ea3ab3064b851c7fe_JaffaCakes118.html&j= HTTP/2.0
host: t.dtscout.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Mon, 13 May 2024 06:55:47 GMT
content-type: application/javascript
x-s: ger1
set-cookie: m=1; Domain=dtscout.com; Expires=Mon, 13-May-2024 08:19:07 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
set-cookie: df=1715583347; Domain=dtscout.com; Expires=Wed, 21-Aug-2024 06:55:47 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.237
expires: Mon, 13 May 2024 06:55:46 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nqz1SgGYgVfKaBijLbDkRTW3vK5ZIcHdegba4YVRXT9T%2FAEAFEn56PkgmPC9GvhGmzhK1A4Yd0GdBKYvo48ZEm6aS86H9FTsnvgrMTbiQTl6E1a92BhCMhGkFWL62Ck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8830beaeea1e4183-LHR
content-encoding: br
GET

https://t.dtscout.com/pv/?_a=v&_h=&_ss=3py1a72186&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=lvma&_cb=_dtspv.c

msedge.exe

Remote address:

141.101.120.10:443

Request

GET /pv/?_a=v&_h=&_ss=3py1a72186&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=lvma&_cb=_dtspv.c HTTP/2.0
host: t.dtscout.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: m=1
cookie: df=1715583347

Response

HTTP/2.0 200

date: Mon, 13 May 2024 06:55:47 GMT
content-type: application/javascript
x-t: 0.149
x-c: 0
expires: Mon, 13 May 2024 06:55:46 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0KFfitbWTGAhWgzrqYTtv3%2Bn94%2Fl0ryJjQ9vPjyPuz7mQ8rQXAt%2B%2B7a8Jqt%2FYSL9wDNpRyW2N%2FiHaSEPhwYnitwO4om3s%2B5UnTSIrnP163Ax4ITFEYK4sZvSuJYGjMY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8830beaf6aac4183-LHR
content-encoding: br
DNS

97.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.179.250.142.in-addr.arpa

IN PTR

Response

97.179.250.142.in-addr.arpa

IN PTR

par21s20-in-f11e100net
DNS

10.120.101.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.120.101.141.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.106:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Mon, 13 May 2024 06:55:48 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.663d3e17.1715583348.213beb
DNS

106.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.61.62.23.in-addr.arpa

IN PTR

Response

106.61.62.23.in-addr.arpa

IN PTR

a23-62-61-106deploystaticakamaitechnologiescom
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

104.22.74.171
DNS

whos.amung.us

Remote address:

8.8.8.8:53

Request

whos.amung.us

IN A

Response

whos.amung.us

IN A

172.67.8.141

whos.amung.us

IN A

104.22.75.171

whos.amung.us

IN A

104.22.74.171
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

17.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.143.109.104.in-addr.arpa

IN PTR

Response

17.143.109.104.in-addr.arpa

IN PTR

a104-109-143-17deploystaticakamaitechnologiescom
DNS

gate2014resultwa.blogspot.com

msedge.exe

Remote address:

8.8.8.8:53

Request

gate2014resultwa.blogspot.com

IN A

Response

gate2014resultwa.blogspot.com

IN CNAME

blogspot.l.googleusercontent.com

blogspot.l.googleusercontent.com

IN A

142.250.75.225
GET

http://gate2014resultwa.blogspot.com/favicon.ico

msedge.exe

Remote address:

142.250.75.225:80

Request

GET /favicon.ico HTTP/1.1
Host: gate2014resultwa.blogspot.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/x-icon; charset=UTF-8
Expires: Mon, 13 May 2024 06:56:30 GMT
Date: Mon, 13 May 2024 06:56:30 GMT
Cache-Control: private, max-age=86400
Last-Modified: Thu, 14 Mar 2024 03:43:14 GMT
ETag: W/"e67e7c9371799864a996f1e1b45557e81458867797ffe3a0daa08bd8bb266dfb"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 412
Server: GSE
DNS

225.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.75.250.142.in-addr.arpa

IN PTR

Response

225.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f11e100net
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response

142.250.179.74:80

http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

http

msedge.exe

2.2kB
97.8kB
41
75

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

HTTP Response

200
142.250.179.74:80

http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

http

msedge.exe

2.1kB
89.6kB
38
69

HTTP Request

GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js

HTTP Response

200
142.250.201.169:443

https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7958390433489935733&zx=5524487a-2371-40c2-acfc-dadb98fd6863

tls, http2

msedge.exe

3.8kB
67.3kB
52
68

HTTP Request

GET https://www.blogger.com/static/v1/widgets/14020288-widget_css_bundle.css

HTTP Request

GET https://www.blogger.com/static/v1/widgets/4144282483-widgets.js

HTTP Request

GET https://www.blogger.com/dyn-css/authorization.css?targetBlogID=7958390433489935733&zx=5524487a-2371-40c2-acfc-dadb98fd6863
142.250.178.138:80

http://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic|Raleway:300

http

msedge.exe

744 B
2.9kB
8
8

HTTP Request

GET http://fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic|Raleway:300

HTTP Response

200
142.250.74.226:445

pagead2.googlesyndication.com

260 B
5
172.217.20.163:80

http://fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrE.woff2

http

msedge.exe

1.1kB
24.1kB
15
23

HTTP Request

GET http://fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVuEorCIPrE.woff2

HTTP Response

200
13.248.169.48:80

http://yourjavascript.com/00911305131/pagenavigation.txt.js

http

msedge.exe

608 B
431 B
6
4

HTTP Request

GET http://yourjavascript.com/00911305131/pagenavigation.txt.js

HTTP Response

200
142.250.201.169:443

https://resources.blogblog.com/img/icon18_wrench_allbkg.png

tls, http2

msedge.exe

1.8kB
7.2kB
15
16

HTTP Request

GET https://resources.blogblog.com/img/icon18_wrench_allbkg.png
104.22.75.171:80

http://widgets.amung.us/classic.js

http

msedge.exe

767 B
7.8kB
10
12

HTTP Request

GET http://widgets.amung.us/classic.js

HTTP Response

200
172.217.20.163:80

http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

http

msedge.exe

1.6kB
50.7kB
25
42

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

HTTP Response

200
172.217.20.163:80

http://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

http

msedge.exe

1.6kB
52.8kB
25
43

HTTP Request

GET http://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

HTTP Response

200
163.70.151.35:80

http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/websoham&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

http

msedge.exe

911 B
629 B
7
6

HTTP Request

GET http://www.facebook.com/plugins/like.php?href=https://www.facebook.com/websoham&layout=button_count&show_faces=false&width=50&action=like&colorscheme=light&height=21

HTTP Response

301
142.250.179.97:80

http://3.bp.blogspot.com/-qXV1qRPIjHY/UbqjmHPAHzI/AAAAAAAACUE/7_sAZf8tHLY/s1600/sprite_32x32.png

http

msedge.exe

787 B
3.9kB
8
8

HTTP Request

GET http://3.bp.blogspot.com/-qXV1qRPIjHY/UbqjmHPAHzI/AAAAAAAACUE/7_sAZf8tHLY/s1600/sprite_32x32.png

HTTP Response

200
142.250.179.97:80

http://3.bp.blogspot.com/-B39xC4Ufk5g/Ud0G2vNjdiI/AAAAAAAACfE/2BVYbTyCUzk/s1600/email-icon.png

http

msedge.exe

739 B
1.1kB
7
6

HTTP Request

GET http://3.bp.blogspot.com/-B39xC4Ufk5g/Ud0G2vNjdiI/AAAAAAAACfE/2BVYbTyCUzk/s1600/email-icon.png

HTTP Response

200
163.70.151.35:443

www.facebook.com

tls

msedge.exe

1.9kB
6.0kB
14
15
141.101.120.10:443

https://t.dtscout.com/pv/?_a=v&_h=&_ss=3py1a72186&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=lvma&_cb=_dtspv.c

tls, http2

msedge.exe

2.0kB
7.7kB
16
18

HTTP Request

GET https://t.dtscout.com/i/?l=file%3A%2F%2F%2FC%3A%2FUsers%2FAdmin%2FAppData%2FLocal%2FTemp%2F3e3ef702edd9cf7ea3ab3064b851c7fe_JaffaCakes118.html&j=

HTTP Response

200

HTTP Request

GET https://t.dtscout.com/pv/?_a=v&_h=&_ss=3py1a72186&_pv=1&_ls=0&_u1=1&_u3=1&_cc=gb&_pl=d&_cbid=lvma&_cb=_dtspv.c

HTTP Response

200
142.250.179.66:139

pagead2.googlesyndication.com

260 B
5
23.62.61.106:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.4kB
6.3kB
16
11

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
172.67.8.141:445

whos.amung.us

260 B
5
104.22.75.171:445

whos.amung.us

260 B
5
104.22.74.171:445

whos.amung.us

260 B
5
142.250.75.225:80

http://gate2014resultwa.blogspot.com/favicon.ico

http

msedge.exe

647 B
1.1kB
6
6

HTTP Request

GET http://gate2014resultwa.blogspot.com/favicon.ico

HTTP Response

200

8.8.8.8:53

www.blogger.com

dns

msedge.exe

61 B
108 B
1
1

DNS Request

www.blogger.com

DNS Response

142.250.201.169
8.8.8.8:53

ajax.googleapis.com

dns

msedge.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.179.74
8.8.8.8:53

yourjavascript.com

dns

msedge.exe

64 B
96 B
1
1

DNS Request

yourjavascript.com

DNS Response

13.248.169.48

76.223.54.146
142.250.201.169:443

www.blogger.com

https

msedge.exe

3.7kB
7.5kB
9
11
8.8.8.8:53

resources.blogblog.com

dns

msedge.exe

68 B
115 B
1
1

DNS Request

resources.blogblog.com

DNS Response

142.250.201.169
8.8.8.8:53

www.msbte.com

dns

msedge.exe

59 B
75 B
1
1

DNS Request

www.msbte.com

DNS Response

174.133.117.27
8.8.8.8:53

gate.iitkgp.ac.in

dns

msedge.exe

63 B
79 B
1
1

DNS Request

gate.iitkgp.ac.in

DNS Response

203.110.245.213
8.8.8.8:53

widgets.amung.us

dns

msedge.exe

62 B
110 B
1
1

DNS Request

widgets.amung.us

DNS Response

104.22.75.171

172.67.8.141

104.22.74.171
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

3.bp.blogspot.com

dns

msedge.exe

63 B
124 B
1
1

DNS Request

3.bp.blogspot.com

DNS Response

142.250.179.97
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

74.179.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

74.179.250.142.in-addr.arpa
8.8.8.8:53

169.201.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

169.201.250.142.in-addr.arpa
8.8.8.8:53

138.178.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

138.178.250.142.in-addr.arpa
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

240.197.17.2.in-addr.arpa
8.8.8.8:53

163.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

163.20.217.172.in-addr.arpa
8.8.8.8:53

48.169.248.13.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

48.169.248.13.in-addr.arpa
8.8.8.8:53

171.75.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

171.75.22.104.in-addr.arpa
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

t.dtscout.com

dns

msedge.exe

59 B
91 B
1
1

DNS Request

t.dtscout.com

DNS Response

141.101.120.10

141.101.120.11
8.8.8.8:53

97.179.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

97.179.250.142.in-addr.arpa
8.8.8.8:53

10.120.101.141.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

10.120.101.141.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

106.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

106.61.62.23.in-addr.arpa
224.0.0.251:5353

msedge.exe

594 B
9
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

172.67.8.141

104.22.75.171

104.22.74.171
8.8.8.8:53

whos.amung.us

dns

59 B
107 B
1
1

DNS Request

whos.amung.us

DNS Response

172.67.8.141

104.22.75.171

104.22.74.171
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

17.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

17.143.109.104.in-addr.arpa
8.8.8.8:53

gate2014resultwa.blogspot.com

dns

msedge.exe

75 B
134 B
1
1

DNS Request

gate2014resultwa.blogspot.com

DNS Response

142.250.75.225
8.8.8.8:53

225.75.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

225.75.250.142.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

23.236.111.52.in-addr.arpa

DNS Request

23.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
741B

MD5
75a42a5c54ce3f29bcb8b7df59d4aa4a

SHA1
c64b159f79807009b5081c17d6aca56fc89796f5

SHA256
7b71904690d23008c29060071c5631c4a3f77dd7fb6f51bca2d5105f5f2a1c3c

SHA512
88272173ca285cd1eea628bbf1ac3afe4d85c1d12bc79d54772da7710c2a39bfbb1b663e8f49eeaec28fbdd88cc7d4298d296fcd3c1ec180bed37260d47797bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fdd120933e08609fb021d75fd7973ec

SHA1
813d7ed0acaf2e04d06e01660d353f62227e1988

SHA256
230ce3ca672d78cd9b0723089f18aa650033b1948db5f8c47736731cbca9e20f

SHA512
4e2fb8b7524ee571f3b41158f643f0c5ac2520409c74d0caddd6c6fb50b398acc8dbc0795e5d6230d685d27c3be271023521c6f03c993b8d978855fe6b003383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a96ee27a6a1de2a07b4805040f41ad6

SHA1
dec77a2bba83b0558fbbdd5bad42c0600bf6ad1a

SHA256
0fc9cd7d6994879ccd1c8d573dc29da025d7607fe87d7813fea3cb72d13bb991

SHA512
9ca56b1e8ee9fc821356ba963135ef844cde26cafcad24c0e1cad4334273f1f123c06be650e6bb1ba340b06257c7606398f978a7ee15bcde3383c27589ad863f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2510f8915b5a7aa7bb04c55e2971da0

SHA1
811d319283ba07d4f5d4312b156347c582869fb8

SHA256
9ffd11c6d6e80cfaa2e964bdef11f04e95e3fd588a88791fa934b3a46ec592f4

SHA512
7786683931709e554a60e87a25ae472d807c1df3b0f9ba7fb80d980a37ad9081ef097a9e70f2f8698100738f9fc831ad39855d322036e45b1083be6fb816a498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fb199ae014d3b7b47c3f2c31940383e

SHA1
31cb5aceca9669405001f8b947ff0a8dced285fa

SHA256
b6b08a6f94f3c24fcd824b46116073cae432c0e7e49f44df743eff1abd3d064a

SHA512
1fff0c02caecb13bbbdcc6bce496c53b548a62dc24cae8f718bc38b5376ab49fd6e425793eb6377fe5db57e6235685bff6d2c9fed678dee483e921f6de4b5f3b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request