caa351fd63ed94cd0ff6c0f3c798b292b33df2bda70f95c8c21d49f603cd845b

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 03:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ce09440912b5a505070e070927e5d62_JaffaCakes118.html
Size

175KB
MD5

5ce09440912b5a505070e070927e5d62
SHA1

c0edd981a446ef4f1f84a78910e3c97961c10607
SHA256

caa351fd63ed94cd0ff6c0f3c798b292b33df2bda70f95c8c21d49f603cd845b
SHA512

0616d4a352d4ff375f85e62ad4033a6c77ae58c9f07f647f9467e3d86339a22e73b08ea967b379904f259ae21532a53e84bbb3ec477dad4e81d565bc8c8b7215
SSDEEP

1536:Sqtz8hd8Wu8pI8Cd8hd8dQg0H//3oS3gGNkFAYfBCJis0+aeTH+WK/Lf1/hmnVSV:SOoT3g/F1BCJiCm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3700	msedge.exe
3700	msedge.exe
4424	identity_helper.exe
4424	identity_helper.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe
5692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 4816	3700	msedge.exe	83
PID 3700 wrote to memory of 4816	3700	msedge.exe	83
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 1300	3700	msedge.exe	84
PID 3700 wrote to memory of 3856	3700	msedge.exe	85
PID 3700 wrote to memory of 3856	3700	msedge.exe	85
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86
PID 3700 wrote to memory of 3000	3700	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5ce09440912b5a505070e070927e5d62_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff371246f8,0x7fff37124708,0x7fff37124718
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7330058087671994166,12821686788488520967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

konthaiusa.com

msedge.exe

Remote address:

8.8.8.8:53

Request

konthaiusa.com

IN A

Response
GET

http://fonts.googleapis.com/css?family=Arial

msedge.exe

Remote address:

216.58.204.74:80

Request

GET /css?family=Arial HTTP/1.1
Host: fonts.googleapis.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 400 Bad Request

Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
DNS

www.konthaiusa.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.konthaiusa.com

IN A

Response
DNS

www.youtube.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206
DNS

www.facebook.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.221.35
GET

http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:80

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Location: https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:80

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Location: https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

msedge.exe

Remote address:

157.240.221.35:80

Request

GET /plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75 HTTP/1.1
Host: www.facebook.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75
Content-Type: text/plain
Server: proxygen-bolt
Date: Mon, 20 May 2024 03:08:26 GMT
Connection: keep-alive
Content-Length: 0
GET

https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /embed/evMR3wn1LGk?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /embed/ygK7kej0BPA?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:443

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/2.0
host: www.youtube.com
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

73.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.31.126.40.in-addr.arpa

IN PTR

Response
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
GET

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:80

Request

GET /embed/gS2GhpTPLvQ?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Location: https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:80

Request

GET /embed/QMECDnECjJM?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Location: https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

msedge.exe

Remote address:

142.250.187.238:80

Request

GET /embed/ywSeSlVcY4w?wmode=Opaque HTTP/1.1
Host: www.youtube.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
X-Content-Type-Options: nosniff
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 20 May 2024 03:08:26 GMT
Location: https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

216.58.213.14:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 17168
Date: Mon, 20 May 2024 01:23:01 GMT
Expires: Mon, 20 May 2024 03:23:01 GMT
Cache-Control: public, max-age=7200
Age: 6325
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
DNS

i.ytimg.com

msedge.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.200.54
GET

https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

msedge.exe

Remote address:

216.58.201.118:443

Request

GET /vi/gS2GhpTPLvQ/sddefault.jpg HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

msedge.exe

Remote address:

216.58.201.118:443

Request

GET /vi/ygK7kej0BPA/sddefault.jpg HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

scontent.xx.fbcdn.net

msedge.exe

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

163.70.151.21
DNS

238.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

35.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.221.240.157.in-addr.arpa

IN PTR

Response

35.221.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-lhr8facebookcom
DNS

118.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.201.58.216.in-addr.arpa

IN PTR

Response

118.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1181e100net

118.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f22�J

118.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f22�J
DNS

21.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.151.70.163.in-addr.arpa

IN PTR

Response

21.151.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-02-lhr6fbcdnnet
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�G
DNS

googleads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.187.194
GET

https://googleads.g.doubleclick.net/pagead/id

msedge.exe

Remote address:

142.250.187.194:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://www.youtube.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

static.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

172.217.169.6
DNS

194.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.187.250.142.in-addr.arpa

IN PTR

Response

194.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f21e100net
GET

https://static.doubleclick.net/instream/ad_status.js

msedge.exe

Remote address:

172.217.169.6:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

jnn-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42
DNS

www.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

yt3.ggpht.com

msedge.exe

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

142.250.180.1
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

msedge.exe

Remote address:

216.58.201.106:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/8bwowYG5RNtA9FhY8KreTMIyRq72TB8rCtAEZTTrOhQ.js

msedge.exe

Remote address:

142.250.187.196:443

Request

GET /js/th/8bwowYG5RNtA9FhY8KreTMIyRq72TB8rCtAEZTTrOhQ.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

msedge.exe

Remote address:

142.250.180.1:443

Request

GET /ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

6.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.169.217.172.in-addr.arpa

IN PTR

Response

6.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f61e100net
DNS

106.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.201.58.216.in-addr.arpa

IN PTR

Response

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1061e100net

106.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f10�J

106.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f10�J
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

227.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.212.58.216.in-addr.arpa

IN PTR

Response

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f31e100net

227.212.58.216.in-addr.arpa

IN PTR

lhr25s28-in-f3�H

227.212.58.216.in-addr.arpa

IN PTR

ams16s22-in-f227�H
DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.179.238
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

msedge.exe

Remote address:

142.250.179.238:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3BFF4F65D21361BE197E5BE0D33460E9; domain=.bing.com; expires=Sat, 14-Jun-2025 03:08:33 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2533D1E7E7E742AF8B2B698F9628D24A Ref B: LON04EDGE0620 Ref C: 2024-05-20T03:08:33Z
date: Mon, 20 May 2024 03:08:32 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3BFF4F65D21361BE197E5BE0D33460E9; _EDGE_S=SID=0032C4BE520C61EA0089D03B53A660B7

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=wLI3DRezvWsCZOdjjTMxqzw7j2yNldMbstHHQKeX7B0; domain=.bing.com; expires=Sat, 14-Jun-2025 03:08:33 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1783053B13048919D00028BD51FE5FD Ref B: LON04EDGE0620 Ref C: 2024-05-20T03:08:33Z
date: Mon, 20 May 2024 03:08:32 GMT
GET

https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

Remote address:

23.62.61.97:443

Request

GET /aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3BFF4F65D21361BE197E5BE0D33460E9

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CAC111ED79B942F2AD452669103B1E44 Ref B: DUS30EDGE0708 Ref C: 2024-05-20T03:08:33Z
content-length: 0
date: Mon, 20 May 2024 03:08:33 GMT
set-cookie: _EDGE_S=SID=0032C4BE520C61EA0089D03B53A660B7; path=/; httponly; domain=bing.com
set-cookie: MUIDB=3BFF4F65D21361BE197E5BE0D33460E9; path=/; httponly; expires=Sat, 14-Jun-2025 03:08:33 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1716174513.f389b58
DNS

97.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.61.62.23.in-addr.arpa

IN PTR

Response

97.61.62.23.in-addr.arpa

IN PTR

a23-62-61-97deploystaticakamaitechnologiescom
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.97:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=3BFF4F65D21361BE197E5BE0D33460E9; _EDGE_S=SID=0032C4BE520C61EA0089D03B53A660B7; MSPTC=wLI3DRezvWsCZOdjjTMxqzw7j2yNldMbstHHQKeX7B0; MUIDB=3BFF4F65D21361BE197E5BE0D33460E9
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Mon, 20 May 2024 03:08:34 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.5d3d3e17.1716174514.f389cdc
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 415458
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A439705B4DF34F87928B586C9DEB935C Ref B: LON04EDGE1018 Ref C: 2024-05-20T03:10:13Z
date: Mon, 20 May 2024 03:10:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 638730
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE6E9420030B4D158A97111F6AE910D4 Ref B: LON04EDGE1018 Ref C: 2024-05-20T03:10:13Z
date: Mon, 20 May 2024 03:10:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 430689
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4CC534FB6581470DB682BFE33B38506C Ref B: LON04EDGE1018 Ref C: 2024-05-20T03:10:13Z
date: Mon, 20 May 2024 03:10:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 555746
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52D64EE66B1744E49DF3C09A70DEF8D1 Ref B: LON04EDGE1018 Ref C: 2024-05-20T03:10:13Z
date: Mon, 20 May 2024 03:10:13 GMT
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response

216.58.204.74:80

http://fonts.googleapis.com/css?family=Arial

http

msedge.exe

608 B
1.5kB
6
5

HTTP Request

GET http://fonts.googleapis.com/css?family=Arial

HTTP Response

400
142.250.187.238:80

http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

http

msedge.exe

1.4kB
1.2kB
9
8

HTTP Request

GET http://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Response

301

HTTP Request

GET http://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Response

301
157.240.221.35:80

http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

http

msedge.exe

967 B
685 B
7
6

HTTP Request

GET http://www.facebook.com/plugins/likebox.php?href=http://www.facebook.com/pages/konthaiusacom/177402280020?ref=tn_tnmn&width=250&colorscheme=light&show_faces=false&border_color=%23000000&stream=false&header=false&height=75

HTTP Response

301
142.250.187.238:443

https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

tls, http2

msedge.exe

6.6kB
202.9kB
110
161

HTTP Request

GET https://www.youtube.com/embed/evMR3wn1LGk?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/ygK7kej0BPA?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Request

GET https://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque
142.250.187.238:80

http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/gS2GhpTPLvQ?wmode=Opaque

HTTP Response

301
142.250.187.238:80

http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/QMECDnECjJM?wmode=Opaque

HTTP Response

301
142.250.187.238:80

http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

http

msedge.exe

799 B
695 B
7
6

HTTP Request

GET http://www.youtube.com/embed/ywSeSlVcY4w?wmode=Opaque

HTTP Response

301
157.240.221.35:443

www.facebook.com

tls

msedge.exe

2.1kB
18.6kB
18
24
216.58.213.14:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.4kB
13
18

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
216.58.201.118:443

https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg

tls, http2

msedge.exe

3.8kB
82.3kB
56
68

HTTP Request

GET https://i.ytimg.com/vi/gS2GhpTPLvQ/sddefault.jpg

HTTP Request

GET https://i.ytimg.com/vi/ygK7kej0BPA/sddefault.jpg
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

6.7kB
185.5kB
98
164
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
163.70.151.21:443

static.xx.fbcdn.net

tls

msedge.exe

989 B
2.9kB
9
7
142.250.187.194:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

msedge.exe

1.8kB
7.0kB
15
17

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
172.217.169.6:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

msedge.exe

1.8kB
6.9kB
15
15

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
216.58.201.106:443

jnn-pa.googleapis.com

tls, http2

msedge.exe

999 B
6.2kB
9
8
216.58.201.106:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

msedge.exe

2.5kB
7.7kB
22
24

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.201.106:443

jnn-pa.googleapis.com

tls, http2

msedge.exe

999 B
6.2kB
9
8
216.58.201.106:443

jnn-pa.googleapis.com

tls

msedge.exe

931 B
5.1kB
9
7
216.58.201.106:443

jnn-pa.googleapis.com

tls

msedge.exe

931 B
5.1kB
9
7
142.250.187.196:443

https://www.google.com/js/th/8bwowYG5RNtA9FhY8KreTMIyRq72TB8rCtAEZTTrOhQ.js

tls, http2

msedge.exe

2.5kB
28.2kB
30
31

HTTP Request

GET https://www.google.com/js/th/8bwowYG5RNtA9FhY8KreTMIyRq72TB8rCtAEZTTrOhQ.js
142.250.180.1:443

https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj

tls, http2

msedge.exe

1.9kB
12.6kB
16
19

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_kKqNeL3cYjYNkFmifDFE3XRspqNa0XYqzqcmi30Ic=s68-c-k-c0x00ffffff-no-rj
142.250.179.238:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

msedge.exe

3.2kB
10.1kB
32
35

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
142.250.179.238:443

play.google.com

tls, http2

msedge.exe

1.0kB
7.9kB
10
10
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

tls, http2

2.5kB
9.0kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8dC7FF0SBiDovPFPJkfSUfTVUCUzdvs-IoynTk1IaafvLZChWN9snYPs0I3r8-9ti7AyNKSHhWIGMDxY9uiSwa8h2ad_4DmedjMF-uHCemq-l8a9EOak0ORqk3n1DbFDzq8TGJHzB8ywF1eprsI4kvOBkVyHn8jy7evHswSsbfstVVH6E%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D99aeec4315351d0e05a08a68b967418e&TIME=20240426T133054Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644&muid=3EBA0D95A4930C635584F13F751694E4

HTTP Response

204
23.62.61.97:443

https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

tls, http2

1.5kB
5.4kB
17
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=98286c894c3248b89c500606d9064ea9&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T133054Z&adUnitId=11730597&localId=w:3EBA0D95-A493-0C63-5584-F13F751694E4&deviceId=6966564702259644

HTTP Response

200
23.62.61.97:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.6kB
6.4kB
17
13

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

78.4kB
2.1MB
1557
1551

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

konthaiusa.com

dns

msedge.exe

60 B
133 B
1
1

DNS Request

konthaiusa.com
8.8.8.8:53

www.konthaiusa.com

dns

msedge.exe

64 B
137 B
1
1

DNS Request

www.konthaiusa.com
8.8.8.8:53

www.youtube.com

dns

msedge.exe

61 B
271 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

172.217.169.78

142.250.179.238

142.250.180.14

142.250.187.206
8.8.8.8:53

www.facebook.com

dns

msedge.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.221.35
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

73.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

73.31.126.40.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
142.250.187.238:443

www.youtube.com

https

msedge.exe

69.1kB
1.1MB
196
826
8.8.8.8:53

i.ytimg.com

dns

msedge.exe

57 B
297 B
1
1

DNS Request

i.ytimg.com

DNS Response

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.22

216.58.212.214

216.58.212.246

172.217.169.86

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22

142.250.200.54
8.8.8.8:53

static.xx.fbcdn.net

dns

msedge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

scontent.xx.fbcdn.net

dns

msedge.exe

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

238.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.187.250.142.in-addr.arpa
8.8.8.8:53

35.221.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.221.240.157.in-addr.arpa
8.8.8.8:53

118.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

118.201.58.216.in-addr.arpa
8.8.8.8:53

21.151.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

21.151.70.163.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

msedge.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.187.194
8.8.8.8:53

static.doubleclick.net

dns

msedge.exe

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

172.217.169.6
142.250.187.194:443

googleads.g.doubleclick.net

https

msedge.exe

5.2kB
10.0kB
29
38
8.8.8.8:53

194.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

194.187.250.142.in-addr.arpa
8.8.8.8:53

jnn-pa.googleapis.com

dns

msedge.exe

67 B
243 B
1
1

DNS Request

jnn-pa.googleapis.com

DNS Response

216.58.201.106

216.58.204.74

216.58.212.202

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42
8.8.8.8:53

www.google.com

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

yt3.ggpht.com

dns

msedge.exe

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

142.250.180.1
216.58.201.106:443

jnn-pa.googleapis.com

https

msedge.exe

14.7kB
229.1kB
86
196
8.8.8.8:53

6.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.169.217.172.in-addr.arpa
8.8.8.8:53

106.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

106.201.58.216.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.187.250.142.in-addr.arpa
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.180.250.142.in-addr.arpa
8.8.8.8:53

227.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

227.212.58.216.in-addr.arpa
8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.179.238
142.250.179.238:443

play.google.com

https

msedge.exe

21.8kB
15.9kB
60
78
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
224.0.0.251:5353

463 B
7
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

97.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

97.61.62.23.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
142.250.187.194:443

googleads.g.doubleclick.net

https

msedge.exe

5.3kB
6.1kB
32
38

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
d4a997662921ab40eb6f167eac2a8237

SHA1
940175337e4b09344c9ea8bc07fcb89f1e1a20cd

SHA256
e3df9bd9f1fa83a62d4f4c11fe9a9a1838f7fcd2d6ee9bb3b7bb94ca6f723169

SHA512
478dcd216bbd714cc6589f2b149da8e1871d9da11db069153f77b71a70a8f7d58f75958f0f5cc60d71f4a478e49e3ae86268726959523d511f625b0d5fd1668c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
317fd949d5cbc8f0be771310566364b3

SHA1
e2ddbf1e8dbea944851cfda6f94150de9325159c

SHA256
c474bada947ab7a810db5a08a3149e673583be9df052914dd8c69ca91f6fd01d

SHA512
42ed9d414881d297c7243ce1e4390a80d60d3e1ad9c1bfb59502b72fda37dd473bec249cf724de146b759ad9dc509943026013fc7928912daf528e2110ad2b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ee07056e10451cd7fe76b554d85f657

SHA1
f2cb6a3e902f101c60c6bafba6b57aca4d4c286a

SHA256
19e66ccc7c4a68b42c667d227f9f0d4fec6251ce5972a021a48492133093e66f

SHA512
cedf196c65503c28c648f9cef6359a0691868c87af71b3d858d0e45f05a20ef2a59370ddb4e4bb17bb1294d168df718dfdbdd72f34b52f4c7b56f38dd9ff678a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69428a1956d1caf48a488060a408ea69

SHA1
ed617984d565021524810552070ef8b49e57a7bc

SHA256
07c0cd5d865ec91ae3a962237281f6a3a632b4c2128602fd99f50ff31fac1f6d

SHA512
c13b515e29f8e8b76667d59dc7164126c78a478d754f311da156c4044fab8b184f8d9205024f335a37c3640fc8b92f314a4eede3068ce0d3052905897fa4b433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95651c221bbdf8c80b642e8477dca5bb

SHA1
e7463be9e1f224e16e44b7af5e0d1f0bfaa2cd69

SHA256
710fc1954bfeea2a294967443f84cb983a163ba3e03709d70f0cff4fd206156d

SHA512
a71eaae1e27668e178e8109f459e96a02ae8e2376a633bde2f0fc7a4f1f69242d7ccc76648dad4eb810d3f809f40dc44b532cebf857e2a6eec5c310973e7bddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f713d02e988e8d74b887730028cfa17

SHA1
36f72eaf8d3feda51c9b4656cf1d026b3d0c21f5

SHA256
e77bc3ef218c619b0fcc26891c9df6562acf16e07639fd465daa03088121bf93

SHA512
9e245b55938c5ea0fadbbca72555708cd100f3155bcbb6b5a3db1d9542cd3b332adc8ab8c8955948bd5154b62500b3ff81b075a4152679f01a1b834a17b7f688

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response