Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

4c54cd7a4c...8.html

windows7-x64

1

4c54cd7a4c...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 17:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c54cd7a4cab600266b4be0cde8cffbd_JaffaCakes118.html

  • Size

    26KB

  • MD5

    4c54cd7a4cab600266b4be0cde8cffbd

  • SHA1

    e450b91f7ac5b77ff125c910900a84162d6b430d

  • SHA256

    b507e17eea773a3b4abf57c4ed445f311e1eba8bade444763cbbc332ae0b92a9

  • SHA512

    ff96598017c85938c06d43eb18ca8e0bd3e24059e6616c532228c8b2cd7eaad5e5aec335f644220b1f88ceeb057f4913908b1c95d70d32cf28d7f72b797e8e90

  • SSDEEP

    192:CyiQEczanE9vK5B6H6tdEVSNpETT6AxL5lf2t63B4hMn7Y06JfFNsLwlrD1zrz//:Cyi1E2CpfZ3B4X063lzAw1P

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c54cd7a4cab600266b4be0cde8cffbd_JaffaCakes118.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba54718
      2⤵
        PID:116
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        2⤵
          PID:4184
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4048
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
          2⤵
            PID:4744
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
            2⤵
              PID:2328
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
              2⤵
                PID:5036
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
                2⤵
                  PID:4944
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2120
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                  2⤵
                    PID:4408
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                    2⤵
                      PID:4132
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                      2⤵
                        PID:2456
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                        2⤵
                          PID:4244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,18276754485161020138,9140964229279928984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4628
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2428
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2616

                          Network

                          • flag-us
                            DNS
                            217.106.137.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            217.106.137.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            findbetterresults.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            findbetterresults.com
                            IN A
                            Response
                            findbetterresults.com
                            IN A
                            208.91.196.46
                          • flag-us
                            DNS
                            i1.cdn-image.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            i1.cdn-image.com
                            IN A
                            Response
                            i1.cdn-image.com
                            IN A
                            208.91.196.253
                          • flag-us
                            GET
                            http://i1.cdn-image.com/__media__/js/min.js?v1.9
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/js/min.js?v1.9 HTTP/1.1
                            Host: i1.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Content-Type: application/javascript
                            Content-Length: 8435
                            Last-Modified: Thu, 16 Feb 2023 20:25:06 GMT
                            Connection: keep-alive
                            ETag: "63ee9122-20f3"
                            Expires: Thu, 30 May 2024 17:53:54 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://i1.cdn-image.com/__media__/pics/8243/bg.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/bg.gif HTTP/1.1
                            Host: i1.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Content-Type: image/gif
                            Content-Length: 4474
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-117a"
                            Expires: Thu, 30 May 2024 17:53:54 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://findbetterresults.com/px.js?ch=1
                            msedge.exe
                            Remote address:
                            208.91.196.46:80
                            Request
                            GET /px.js?ch=1 HTTP/1.1
                            Host: findbetterresults.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Server: Apache
                            Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
                            ETag: "15a-5b952a63b81f1"
                            Accept-Ranges: bytes
                            Content-Length: 346
                            Keep-Alive: timeout=5, max=101
                            Connection: Keep-Alive
                            Content-Type: application/javascript
                          • flag-us
                            GET
                            http://findbetterresults.com/px.js?ch=2
                            msedge.exe
                            Remote address:
                            208.91.196.46:80
                            Request
                            GET /px.js?ch=2 HTTP/1.1
                            Host: findbetterresults.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: */*
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Server: Apache
                            Last-Modified: Wed, 20 Jan 2021 10:45:10 GMT
                            ETag: "15a-5b952a63b81f1"
                            Accept-Ranges: bytes
                            Content-Length: 346
                            Keep-Alive: timeout=5, max=93
                            Connection: Keep-Alive
                            Content-Type: application/javascript
                          • flag-us
                            GET
                            http://findbetterresults.com/sk-logabpstatus.php?a=c2Vkei9KZVZFamtuQ2lRVWx5a1RUSGtPczUzNElSQWhlU3pPekd3d0l3NXBERGZsZi9IZjl0MlNaOHdVaTMyWnpxRGN2bTRHcEljR05SNDBFeXVtRXp4ZFF4S2g3aFFVbjRLd3R2b1JZRDA9&b=false
                            msedge.exe
                            Remote address:
                            208.91.196.46:80
                            Request
                            GET /sk-logabpstatus.php?a=c2Vkei9KZVZFamtuQ2lRVWx5a1RUSGtPczUzNElSQWhlU3pPekd3d0l3NXBERGZsZi9IZjl0MlNaOHdVaTMyWnpxRGN2bTRHcEljR05SNDBFeXVtRXp4ZFF4S2g3aFFVbjRLd3R2b1JZRDA9&b=false HTTP/1.1
                            Host: findbetterresults.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.0 500 Internal Server Error
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Server: Apache
                            Content-Length: 0
                            Connection: close
                            Content-Type: text/html; charset=UTF-8
                          • flag-us
                            DNS
                            i4.cdn-image.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            i4.cdn-image.com
                            IN A
                            Response
                            i4.cdn-image.com
                            IN A
                            208.91.196.253
                          • flag-us
                            GET
                            http://i1.cdn-image.com/__media__/pics/8243/h_bg.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/h_bg.gif HTTP/1.1
                            Host: i1.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Content-Type: image/gif
                            Content-Length: 2218
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-8aa"
                            Expires: Thu, 30 May 2024 17:53:54 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://i1.cdn-image.com/__media__/pics/8243/rhs.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/rhs.gif HTTP/1.1
                            Host: i1.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:54 GMT
                            Content-Type: image/gif
                            Content-Length: 6763
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-1a6b"
                            Expires: Thu, 30 May 2024 17:53:54 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://i4.cdn-image.com/__media__/pics/8243/logo.png
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/logo.png HTTP/1.1
                            Host: i4.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:55 GMT
                            Content-Type: image/png
                            Content-Length: 4422
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-1146"
                            Expires: Thu, 30 May 2024 17:53:55 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            DNS
                            i2.cdn-image.com
                            msedge.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            i2.cdn-image.com
                            IN A
                            Response
                            i2.cdn-image.com
                            IN A
                            208.91.196.253
                          • flag-us
                            DNS
                            pxlspamanalyst-a.akamaihd.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            pxlspamanalyst-a.akamaihd.net
                            IN A
                            Response
                            pxlspamanalyst-a.akamaihd.net
                            IN CNAME
                            pxlspamanalyst-a.akamaihd.net.edgesuite.net
                            pxlspamanalyst-a.akamaihd.net.edgesuite.net
                            IN CNAME
                            a911.d.akamai.net
                            a911.d.akamai.net
                            IN A
                            96.16.53.165
                            a911.d.akamai.net
                            IN A
                            96.16.53.147
                          • flag-us
                            GET
                            http://i2.cdn-image.com/__media__/pics/8243/bg.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/bg.gif HTTP/1.1
                            Host: i2.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:55 GMT
                            Content-Type: image/gif
                            Content-Length: 4474
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-117a"
                            Expires: Thu, 30 May 2024 17:53:55 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://i2.cdn-image.com/__media__/pics/7867/srch-bg.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/7867/srch-bg.gif HTTP/1.1
                            Host: i2.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:55 GMT
                            Content-Type: image/gif
                            Content-Length: 1654
                            Last-Modified: Wed, 20 Jan 2021 10:46:09 GMT
                            Connection: keep-alive
                            ETag: "600809f1-676"
                            Expires: Thu, 30 May 2024 17:53:55 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            GET
                            http://i2.cdn-image.com/__media__/pics/8243/lhs.gif
                            msedge.exe
                            Remote address:
                            208.91.196.253:80
                            Request
                            GET /__media__/pics/8243/lhs.gif HTTP/1.1
                            Host: i2.cdn-image.com
                            Connection: keep-alive
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                            DNT: 1
                            Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                            Accept-Encoding: gzip, deflate
                            Accept-Language: en-US,en;q=0.9
                            Response
                            HTTP/1.1 200 OK
                            Server: nginx
                            Date: Thu, 16 May 2024 17:53:55 GMT
                            Content-Type: image/gif
                            Content-Length: 6724
                            Last-Modified: Wed, 20 Jan 2021 10:46:11 GMT
                            Connection: keep-alive
                            ETag: "600809f3-1a44"
                            Expires: Thu, 30 May 2024 17:53:55 GMT
                            Cache-Control: max-age=1209600
                            cache-control: public
                            Accept-Ranges: bytes
                          • flag-us
                            DNS
                            92.242.123.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            92.242.123.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            203.107.17.2.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            203.107.17.2.in-addr.arpa
                            IN PTR
                            Response
                            203.107.17.2.in-addr.arpa
                            IN PTR
                            a2-17-107-203deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            133.32.126.40.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            133.32.126.40.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            253.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            253.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            253.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            253.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            253.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            253.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            95.221.229.192.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            95.221.229.192.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            46.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            46.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            46.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            46.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            46.196.91.208.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            46.196.91.208.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            g.bing.com
                            Remote address:
                            8.8.8.8:53
                            Request
                            g.bing.com
                            IN A
                            Response
                            g.bing.com
                            IN CNAME
                            g-bing-com.dual-a-0034.a-msedge.net
                            g-bing-com.dual-a-0034.a-msedge.net
                            IN CNAME
                            dual-a-0034.a-msedge.net
                            dual-a-0034.a-msedge.net
                            IN A
                            204.79.197.237
                            dual-a-0034.a-msedge.net
                            IN A
                            13.107.21.237
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MUID=12492C1794E566F5039E389695C267ED; domain=.bing.com; expires=Tue, 10-Jun-2025 17:53:57 GMT; path=/; SameSite=None; Secure; Priority=High;
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: CC24572850764E75A8D6E00843E466A2 Ref B: LON04EDGE0610 Ref C: 2024-05-16T17:53:57Z
                            date: Thu, 16 May 2024 17:53:57 GMT
                          • flag-us
                            GET
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            Remote address:
                            204.79.197.237:443
                            Request
                            GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
                            host: g.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=12492C1794E566F5039E389695C267ED; _EDGE_S=SID=17875147ED15652E007745C6EC5D649F
                            Response
                            HTTP/2.0 204
                            cache-control: no-cache, must-revalidate
                            pragma: no-cache
                            expires: Fri, 01 Jan 1990 00:00:00 GMT
                            set-cookie: MSPTC=ogIXwt5MeyrNQyrUMHPLandcScgB4ImAJq_ZSxXrdJg; domain=.bing.com; expires=Tue, 10-Jun-2025 17:53:58 GMT; path=/; Partitioned; secure; SameSite=None
                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                            access-control-allow-origin: *
                            x-cache: CONFIG_NOCACHE
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 1A2E6E317696463DAA2A745EE9A4584F Ref B: LON04EDGE0610 Ref C: 2024-05-16T17:53:58Z
                            date: Thu, 16 May 2024 17:53:57 GMT
                          • flag-nl
                            GET
                            https://www.bing.com/aes/c.gif?RG=be23f626afbe4cf8aa6edf2a1835db89&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135402Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                            Remote address:
                            23.62.61.129:443
                            Request
                            GET /aes/c.gif?RG=be23f626afbe4cf8aa6edf2a1835db89&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135402Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
                            host: www.bing.com
                            accept-encoding: gzip, deflate
                            user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                            cookie: MUID=12492C1794E566F5039E389695C267ED
                            Response
                            HTTP/2.0 200
                            cache-control: private,no-store
                            pragma: no-cache
                            vary: Origin
                            p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: EC7AC95EE8D74EF49B86A7C5367B5D8B Ref B: BRU30EDGE0809 Ref C: 2024-05-16T17:53:58Z
                            content-length: 0
                            date: Thu, 16 May 2024 17:53:58 GMT
                            set-cookie: _EDGE_S=SID=17875147ED15652E007745C6EC5D649F; path=/; httponly; domain=bing.com
                            set-cookie: MUIDB=12492C1794E566F5039E389695C267ED; path=/; httponly; expires=Tue, 10-Jun-2025 17:53:58 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.7d3d3e17.1715882038.3a8d13a
                          • flag-us
                            DNS
                            pxlspamanalyst-a.akamaihd.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            pxlspamanalyst-a.akamaihd.net
                            IN A
                            Response
                            pxlspamanalyst-a.akamaihd.net
                            IN CNAME
                            pxlspamanalyst-a.akamaihd.net.edgesuite.net
                            pxlspamanalyst-a.akamaihd.net.edgesuite.net
                            IN CNAME
                            a911.d.akamai.net
                            a911.d.akamai.net
                            IN A
                            96.16.53.165
                            a911.d.akamai.net
                            IN A
                            96.16.53.147
                          • flag-us
                            DNS
                            237.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            237.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            129.61.62.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            129.61.62.23.in-addr.arpa
                            IN PTR
                            Response
                            129.61.62.23.in-addr.arpa
                            IN PTR
                            a23-62-61-129deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            129.61.62.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            129.61.62.23.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            43.58.199.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            43.58.199.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-nl
                            GET
                            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                            Remote address:
                            23.62.61.106:443
                            Request
                            GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                            host: www.bing.com
                            accept: */*
                            cookie: MUID=12492C1794E566F5039E389695C267ED; _EDGE_S=SID=17875147ED15652E007745C6EC5D649F; MSPTC=ogIXwt5MeyrNQyrUMHPLandcScgB4ImAJq_ZSxXrdJg; MUIDB=12492C1794E566F5039E389695C267ED
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-type: image/png
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            content-length: 1107
                            date: Thu, 16 May 2024 17:54:00 GMT
                            alt-svc: h3=":443"; ma=93600
                            x-cdn-traceid: 0.663d3e17.1715882040.2ab09d9
                          • flag-us
                            DNS
                            106.61.62.23.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            106.61.62.23.in-addr.arpa
                            IN PTR
                            Response
                            106.61.62.23.in-addr.arpa
                            IN PTR
                            a23-62-61-106deploystaticakamaitechnologiescom
                          • flag-us
                            DNS
                            133.211.185.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            133.211.185.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            183.59.114.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            183.59.114.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            198.187.3.20.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            198.187.3.20.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            0.204.248.87.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            0.204.248.87.in-addr.arpa
                            IN PTR
                            Response
                            0.204.248.87.in-addr.arpa
                            IN PTR
                            https-87-248-204-0lhrllnwnet
                          • flag-us
                            DNS
                            19.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            19.229.111.52.in-addr.arpa
                            IN PTR
                            Response
                          • flag-us
                            DNS
                            19.229.111.52.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            19.229.111.52.in-addr.arpa
                            IN PTR
                          • flag-us
                            DNS
                            tse1.mm.bing.net
                            Remote address:
                            8.8.8.8:53
                            Request
                            tse1.mm.bing.net
                            IN A
                            Response
                            tse1.mm.bing.net
                            IN CNAME
                            mm-mm.bing.net.trafficmanager.net
                            mm-mm.bing.net.trafficmanager.net
                            IN CNAME
                            dual-a-0001.a-msedge.net
                            dual-a-0001.a-msedge.net
                            IN A
                            204.79.197.200
                            dual-a-0001.a-msedge.net
                            IN A
                            13.107.21.200
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 638730
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 7AD0814D3C784231825034718C95E1FC Ref B: LON04EDGE0618 Ref C: 2024-05-16T17:55:41Z
                            date: Thu, 16 May 2024 17:55:41 GMT
                          • flag-us
                            GET
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            Remote address:
                            204.79.197.200:443
                            Request
                            GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                            host: tse1.mm.bing.net
                            accept: */*
                            accept-encoding: gzip, deflate, br
                            user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                            Response
                            HTTP/2.0 200
                            cache-control: public, max-age=2592000
                            content-length: 555746
                            content-type: image/jpeg
                            x-cache: TCP_HIT
                            access-control-allow-origin: *
                            access-control-allow-headers: *
                            access-control-allow-methods: GET, POST, OPTIONS
                            timing-allow-origin: *
                            report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                            nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                            accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                            x-msedge-ref: Ref A: 875FF08BAA064DB5B6EA350A3D3A0918 Ref B: LON04EDGE0618 Ref C: 2024-05-16T17:55:41Z
                            date: Thu, 16 May 2024 17:55:41 GMT
                          • flag-us
                            DNS
                            200.197.79.204.in-addr.arpa
                            Remote address:
                            8.8.8.8:53
                            Request
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            Response
                            200.197.79.204.in-addr.arpa
                            IN PTR
                            a-0001a-msedgenet
                          • 208.91.196.253:80
                            http://i1.cdn-image.com/__media__/pics/8243/bg.gif
                            http
                            msedge.exe
                            1.3kB
                             14.3kB
                             14
                            17

                            HTTP Request

                            GET http://i1.cdn-image.com/__media__/js/min.js?v1.9

                            HTTP Response

                            200

                            HTTP Request

                            GET http://i1.cdn-image.com/__media__/pics/8243/bg.gif

                            HTTP Response

                            200
                          • 208.91.196.46:80
                            http://findbetterresults.com/px.js?ch=1
                            http
                            msedge.exe
                            634 B
                             880 B
                             7
                            6

                            HTTP Request

                            GET http://findbetterresults.com/px.js?ch=1

                            HTTP Response

                            200
                          • 208.91.196.46:80
                            http://findbetterresults.com/sk-logabpstatus.php?a=c2Vkei9KZVZFamtuQ2lRVWx5a1RUSGtPczUzNElSQWhlU3pPekd3d0l3NXBERGZsZi9IZjl0MlNaOHdVaTMyWnpxRGN2bTRHcEljR05SNDBFeXVtRXp4ZFF4S2g3aFFVbjRLd3R2b1JZRDA9&b=false
                            http
                            msedge.exe
                            1.1kB
                             1.0kB
                             6
                            6

                            HTTP Request

                            GET http://findbetterresults.com/px.js?ch=2

                            HTTP Response

                            200

                            HTTP Request

                            GET http://findbetterresults.com/sk-logabpstatus.php?a=c2Vkei9KZVZFamtuQ2lRVWx5a1RUSGtPczUzNElSQWhlU3pPekd3d0l3NXBERGZsZi9IZjl0MlNaOHdVaTMyWnpxRGN2bTRHcEljR05SNDBFeXVtRXp4ZFF4S2g3aFFVbjRLd3R2b1JZRDA9&b=false

                            HTTP Response

                            500
                          • 208.91.196.253:80
                            http://i1.cdn-image.com/__media__/pics/8243/h_bg.gif
                            http
                            msedge.exe
                            743 B
                             2.8kB
                             8
                            7

                            HTTP Request

                            GET http://i1.cdn-image.com/__media__/pics/8243/h_bg.gif

                            HTTP Response

                            200
                          • 208.91.196.253:80
                            http://i1.cdn-image.com/__media__/pics/8243/rhs.gif
                            http
                            msedge.exe
                            834 B
                             7.5kB
                             10
                            11

                            HTTP Request

                            GET http://i1.cdn-image.com/__media__/pics/8243/rhs.gif

                            HTTP Response

                            200
                          • 208.91.196.253:80
                            http://i4.cdn-image.com/__media__/pics/8243/logo.png
                            http
                            msedge.exe
                            789 B
                             5.1kB
                             9
                            9

                            HTTP Request

                            GET http://i4.cdn-image.com/__media__/pics/8243/logo.png

                            HTTP Response

                            200
                          • 208.91.196.253:80
                            http://i2.cdn-image.com/__media__/pics/8243/bg.gif
                            http
                            msedge.exe
                            787 B
                             5.2kB
                             9
                            9

                            HTTP Request

                            GET http://i2.cdn-image.com/__media__/pics/8243/bg.gif

                            HTTP Response

                            200
                          • 208.91.196.253:80
                            http://i2.cdn-image.com/__media__/pics/7867/srch-bg.gif
                            http
                            msedge.exe
                            746 B
                             2.3kB
                             8
                            7

                            HTTP Request

                            GET http://i2.cdn-image.com/__media__/pics/7867/srch-bg.gif

                            HTTP Response

                            200
                          • 208.91.196.253:80
                            http://i2.cdn-image.com/__media__/pics/8243/lhs.gif
                            http
                            msedge.exe
                            834 B
                             7.5kB
                             10
                            10

                            HTTP Request

                            GET http://i2.cdn-image.com/__media__/pics/8243/lhs.gif

                            HTTP Response

                            200
                          • 96.16.53.165:445
                            pxlspamanalyst-a.akamaihd.net
                            260 B
                             5
                          • 204.79.197.237:443
                            https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4
                            tls, http2
                            2.5kB
                             9.0kB
                             19
                            16

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                            HTTP Response

                            204

                            HTTP Request

                            GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8PNyhoCcQSNYp_bLABahDVjVUCUyXiFdR7cah062wtPkpteap8tLpGB4WgknVfm22Gon3qIk_V1q5rBuJugdPGZNfwYuZtNVpCQQKhiy8YHOzjAfz5c5gI3-PoixPCYaj_SGbhX2xyN38mkaJYvrMJHK2NPiuUD-mzRd7V_BMY2Hye50i%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D3e3089cba3fd1de3992befe0121ccef9&TIME=20240426T135402Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

                            HTTP Response

                            204
                          • 23.62.61.129:443
                            https://www.bing.com/aes/c.gif?RG=be23f626afbe4cf8aa6edf2a1835db89&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135402Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644
                            tls, http2
                            1.5kB
                             5.4kB
                             17
                            12

                            HTTP Request

                            GET https://www.bing.com/aes/c.gif?RG=be23f626afbe4cf8aa6edf2a1835db89&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T135402Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

                            HTTP Response

                            200
                          • 96.16.53.147:445
                            pxlspamanalyst-a.akamaihd.net
                            260 B
                             5
                          • 96.16.53.165:139
                            pxlspamanalyst-a.akamaihd.net
                            260 B
                             5
                          • 23.62.61.106:443
                            https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                            tls, http2
                            1.7kB
                             6.4kB
                             18
                            13

                            HTTP Request

                            GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                            HTTP Response

                            200
                          • 204.79.197.200:443
                            tse1.mm.bing.net
                            tls, http2
                            1.2kB
                             8.1kB
                             16
                            14
                          • 204.79.197.200:443
                            https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                            tls, http2
                            47.9kB
                             1.2MB
                             923
                            917

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                            HTTP Request

                            GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                            HTTP Response

                            200

                            HTTP Response

                            200
                          • 8.8.8.8:53
                            217.106.137.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            217.106.137.52.in-addr.arpa

                          • 8.8.8.8:53
                            findbetterresults.com
                            dns
                            msedge.exe
                            67 B
                             83 B
                             1
                            1

                            DNS Request

                            findbetterresults.com

                            DNS Response

                            208.91.196.46

                          • 8.8.8.8:53
                            i1.cdn-image.com
                            dns
                            msedge.exe
                            62 B
                             78 B
                             1
                            1

                            DNS Request

                            i1.cdn-image.com

                            DNS Response

                            208.91.196.253

                          • 8.8.8.8:53
                            i4.cdn-image.com
                            dns
                            msedge.exe
                            62 B
                             78 B
                             1
                            1

                            DNS Request

                            i4.cdn-image.com

                            DNS Response

                            208.91.196.253

                          • 8.8.8.8:53
                            i2.cdn-image.com
                            dns
                            msedge.exe
                            62 B
                             78 B
                             1
                            1

                            DNS Request

                            i2.cdn-image.com

                            DNS Response

                            208.91.196.253

                          • 8.8.8.8:53
                            pxlspamanalyst-a.akamaihd.net
                            dns
                            75 B
                             189 B
                             1
                            1

                            DNS Request

                            pxlspamanalyst-a.akamaihd.net

                            DNS Response

                            96.16.53.165
                            96.16.53.147

                          • 8.8.8.8:53
                            92.242.123.52.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            92.242.123.52.in-addr.arpa

                          • 8.8.8.8:53
                            203.107.17.2.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            203.107.17.2.in-addr.arpa

                          • 8.8.8.8:53
                            133.32.126.40.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            133.32.126.40.in-addr.arpa

                          • 8.8.8.8:53
                            253.196.91.208.in-addr.arpa
                            dns
                            219 B
                             219 B
                             3
                            3

                            DNS Request

                            253.196.91.208.in-addr.arpa

                            DNS Request

                            253.196.91.208.in-addr.arpa

                            DNS Request

                            253.196.91.208.in-addr.arpa

                          • 8.8.8.8:53
                            95.221.229.192.in-addr.arpa
                            dns
                            73 B
                             144 B
                             1
                            1

                            DNS Request

                            95.221.229.192.in-addr.arpa

                          • 8.8.8.8:53
                            46.196.91.208.in-addr.arpa
                            dns
                            216 B
                             216 B
                             3
                            3

                            DNS Request

                            46.196.91.208.in-addr.arpa

                            DNS Request

                            46.196.91.208.in-addr.arpa

                            DNS Request

                            46.196.91.208.in-addr.arpa

                          • 8.8.8.8:53
                            g.bing.com
                            dns
                            56 B
                             151 B
                             1
                            1

                            DNS Request

                            g.bing.com

                            DNS Response

                            204.79.197.237
                            13.107.21.237

                          • 8.8.8.8:53
                            pxlspamanalyst-a.akamaihd.net
                            dns
                            75 B
                             189 B
                             1
                            1

                            DNS Request

                            pxlspamanalyst-a.akamaihd.net

                            DNS Response

                            96.16.53.165
                            96.16.53.147

                          • 8.8.8.8:53
                            237.197.79.204.in-addr.arpa
                            dns
                            73 B
                             143 B
                             1
                            1

                            DNS Request

                            237.197.79.204.in-addr.arpa

                          • 8.8.8.8:53
                            129.61.62.23.in-addr.arpa
                            dns
                            142 B
                             135 B
                             2
                            1

                            DNS Request

                            129.61.62.23.in-addr.arpa

                            DNS Request

                            129.61.62.23.in-addr.arpa

                          • 8.8.8.8:53
                            43.58.199.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            43.58.199.20.in-addr.arpa

                          • 8.8.8.8:53
                            106.61.62.23.in-addr.arpa
                            dns
                            71 B
                             135 B
                             1
                            1

                            DNS Request

                            106.61.62.23.in-addr.arpa

                          • 224.0.0.251:5353
                            msedge.exe
                            588 B
                             9
                          • 8.8.8.8:53
                            133.211.185.52.in-addr.arpa
                            dns
                            73 B
                             147 B
                             1
                            1

                            DNS Request

                            133.211.185.52.in-addr.arpa

                          • 8.8.8.8:53
                            183.59.114.20.in-addr.arpa
                            dns
                            72 B
                             158 B
                             1
                            1

                            DNS Request

                            183.59.114.20.in-addr.arpa

                          • 8.8.8.8:53
                            198.187.3.20.in-addr.arpa
                            dns
                            71 B
                             157 B
                             1
                            1

                            DNS Request

                            198.187.3.20.in-addr.arpa

                          • 8.8.8.8:53
                            0.204.248.87.in-addr.arpa
                            dns
                            71 B
                             116 B
                             1
                            1

                            DNS Request

                            0.204.248.87.in-addr.arpa

                          • 8.8.8.8:53
                            19.229.111.52.in-addr.arpa
                            dns
                            144 B
                             158 B
                             2
                            1

                            DNS Request

                            19.229.111.52.in-addr.arpa

                            DNS Request

                            19.229.111.52.in-addr.arpa

                          • 8.8.8.8:53
                            tse1.mm.bing.net
                            dns
                            62 B
                             173 B
                             1
                            1

                            DNS Request

                            tse1.mm.bing.net

                            DNS Response

                            204.79.197.200
                            13.107.21.200

                          • 8.8.8.8:53
                            200.197.79.204.in-addr.arpa
                            dns
                            73 B
                             106 B
                             1
                            1

                            DNS Request

                            200.197.79.204.in-addr.arpa

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            c9c4c494f8fba32d95ba2125f00586a3

                            SHA1

                            8a600205528aef7953144f1cf6f7a5115e3611de

                            SHA256

                            a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                            SHA512

                            9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            4dc6fc5e708279a3310fe55d9c44743d

                            SHA1

                            a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                            SHA256

                            a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                            SHA512

                            5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            771b4a0e8af8b63f2253715611cce30d

                            SHA1

                            b477fa3112740afc840864ed33cf2fcb86e27e6f

                            SHA256

                            4574031ec73e60c9543a4994dff01900c127130429db5e847627c7bd28a5374c

                            SHA512

                            b052eb9241e6af1955787aaa3b02fecde37ef313a4a408e4480e2485b6599e7baacda2b77104cdc3a681b8c605c521616a7ee2627b68dfd472d1216cc861ed6f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            f79e0ded1210c6cf6e6f4ffc4b2f6b20

                            SHA1

                            e3a1c84ab3ae1a4e97c8c3ad63c9764b57e59afd

                            SHA256

                            0f113f5b6732a4f63503f87977f6d92d3e001636b6474a0f41bfb35652a3045d

                            SHA512

                            2cf4608cade5ad6820529770a1491ff897d97c2cb15ad80354143ab2bd390c7f09d30a51b426790ab7a0cee8a676251edb2b2fe2e475785e7da3883ccdd3ff56

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            46295cac801e5d4857d09837238a6394

                            SHA1

                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                            SHA256

                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                            SHA512

                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            206702161f94c5cd39fadd03f4014d98

                            SHA1

                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                            SHA256

                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                            SHA512

                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            acd0f0e4278f4b07ca59a4641057ff02

                            SHA1

                            217a3f9546595d28d13b61cd8e6473e082031d4d

                            SHA256

                            3ef7b3d92ceb50c76685224179a011510994903e623e5a3f40db07e3bd216d6c

                            SHA512

                            682ba63a87e51402b2b49f0de3ef54027db7db552683c34f0dcf197d7ea5c747850f1b8a93735b81b0ae54b36bd6614966d3f970c82c223c8aee2fce6932c7fb

                            Download Submit

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.