Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 11:04
Static task
static1
Behavioral task
behavioral1
Sample
94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html
-
Size
11KB
-
MD5
94987167f989eca4f8d7121d98090e6d
-
SHA1
4a649929f9614dbb944d32f02bb441a005d5c196
-
SHA256
dead099917e867bb57ef83f94c8aa8ae8c24c6f3fa5323e865d0809671b39398
-
SHA512
9be4213864d4bc5d5d6323fcb12dfbe9e7656f3c0bfd0f16429657fedd8fdce273b3e27fe1d49f3cc44643fa08e6a184472621a9df6596d8c8f91df5bacf02a0
-
SSDEEP
96:xXEW5FDgYcESCWHcfbfnniXJIonicK9D/8+A3K2MpfqXXb/vG/Xq0PnkdldUKLf5:ZEI76KB/zOb/u/XVPng2wRZL6ouGgVVg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4760 msedge.exe 4760 msedge.exe 1148 msedge.exe 1148 msedge.exe 4904 identity_helper.exe 4904 identity_helper.exe 5852 msedge.exe 5852 msedge.exe 5852 msedge.exe 5852 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe 1148 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1148 wrote to memory of 2984 1148 msedge.exe 82 PID 1148 wrote to memory of 2984 1148 msedge.exe 82 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 5016 1148 msedge.exe 83 PID 1148 wrote to memory of 4760 1148 msedge.exe 84 PID 1148 wrote to memory of 4760 1148 msedge.exe 84 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85 PID 1148 wrote to memory of 1436 1148 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\94987167f989eca4f8d7121d98090e6d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dd7f46f8,0x7ff8dd7f4708,0x7ff8dd7f47182⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:12⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:12⤵PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,2538153183829678254,5666373267905701351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5852
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3904
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Requestworkwear-shop.chIN AResponseworkwear-shop.chIN A185.117.169.232
-
Remote address:185.117.169.232:80RequestGET /counter.php HTTP/1.1
Host: workwear-shop.ch
Connection: keep-alive
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
ResponseHTTP/1.1 301 Moved Permanently
Date: Tue, 04 Jun 2024 11:04:41 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://workwear-shop.ch/counter.php
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.177.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.177.190.20.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTR
-
Remote address:185.117.169.232:443RequestGET /counter.php HTTP/2.0
host: workwear-shop.ch
upgrade-insecure-requests: 1
dnt: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
ResponseHTTP/2.0 404
date: Tue, 04 Jun 2024 11:04:41 GMT
content-type: text/html; charset=UTF-8
content-length: 16
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: strict-origin-when-cross-origin
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
-
Remote address:8.8.8.8:53Request232.169.117.185.in-addr.arpaIN PTRResponse232.169.117.185.in-addr.arpaIN PTRserver202hostfactorych
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.dual-a-0034.a-msedge.netg-bing-com.dual-a-0034.a-msedge.netIN CNAMEdual-a-0034.a-msedge.netdual-a-0034.a-msedge.netIN A204.79.197.237dual-a-0034.a-msedge.netIN A13.107.21.237
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3283E9F0469761902CF1FD64477760E6; domain=.bing.com; expires=Sun, 29-Jun-2025 11:04:42 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8F6EC7FDA5C4788B5073E956559336F Ref B: LON04EDGE1222 Ref C: 2024-06-04T11:04:42Z
date: Tue, 04 Jun 2024 11:04:42 GMT
-
GEThttps://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBRemote address:204.79.197.237:443RequestGET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEB HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3283E9F0469761902CF1FD64477760E6; _EDGE_S=SID=22052619738E683B01CB328D72F76925
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=K9xe48fLNdMVNOyXknsSqkFSNLLV6_xVXd59SAdcbH4; domain=.bing.com; expires=Sun, 29-Jun-2025 11:04:43 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 051B45B028E040B3B83B4171796179E1 Ref B: LON04EDGE1222 Ref C: 2024-06-04T11:04:43Z
date: Tue, 04 Jun 2024 11:04:42 GMT
-
GEThttps://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981Remote address:88.221.83.233:443RequestGET /aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3283E9F0469761902CF1FD64477760E6
ResponseHTTP/2.0 200
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B32407CA9489470F928A1C07316EEF3E Ref B: LON212050719029 Ref C: 2024-06-04T11:04:43Z
content-length: 0
date: Tue, 04 Jun 2024 11:04:43 GMT
set-cookie: _EDGE_S=SID=22052619738E683B01CB328D72F76925; path=/; httponly; domain=bing.com
set-cookie: MUIDB=3283E9F0469761902CF1FD64477760E6; path=/; httponly; expires=Sun, 29-Jun-2025 11:04:43 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.e553dd58.1717499083.38b19209
-
Remote address:8.8.8.8:53Request233.83.221.88.in-addr.arpaIN PTRResponse233.83.221.88.in-addr.arpaIN PTRa88-221-83-233deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request233.83.221.88.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request237.197.79.204.in-addr.arpaIN PTR
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:88.221.83.233:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=3283E9F0469761902CF1FD64477760E6; _EDGE_S=SID=22052619738E683B01CB328D72F76925; MSPTC=K9xe48fLNdMVNOyXknsSqkFSNLLV6_xVXd59SAdcbH4; MUIDB=3283E9F0469761902CF1FD64477760E6
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Tue, 04 Jun 2024 11:04:58 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.e553dd58.1717499098.38b1d5dc
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request103.169.127.40.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request144.107.17.2.in-addr.arpaIN PTRResponse144.107.17.2.in-addr.arpaIN PTRa2-17-107-144deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEdual-a-0001.a-msedge.netdual-a-0001.a-msedge.netIN A204.79.197.200dual-a-0001.a-msedge.netIN A13.107.21.200
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 637660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 48DF66F98E0F4FD78D03C09879D50D76 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
date: Tue, 04 Jun 2024 11:06:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 835660
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 06848E74083B44FE9EBD17E61FD3D650 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
date: Tue, 04 Jun 2024 11:06:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 634564
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AF6D9B87217C4165B4B8338BE150DA11 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
date: Tue, 04 Jun 2024 11:06:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FFC8FE7BE2C04821B0C9DEF0817A2D69 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
date: Tue, 04 Jun 2024 11:06:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 770657
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EBC0AAA978A4DFC9B5CA87726CC9C45 Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:19Z
date: Tue, 04 Jun 2024 11:06:18 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:204.79.197.200:443RequestGET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3BA2FD7933C44B589734BC057B157D5D Ref B: LON04EDGE1114 Ref C: 2024-06-04T11:06:20Z
date: Tue, 04 Jun 2024 11:06:19 GMT
-
Remote address:8.8.8.8:53Request200.197.79.204.in-addr.arpaIN PTRResponse200.197.79.204.in-addr.arpaIN PTRa-0001a-msedgenet
-
Remote address:8.8.8.8:53Request3.173.189.20.in-addr.arpaIN PTRResponse
-
833 B 630 B 8 6
HTTP Request
GET http://workwear-shop.ch/counter.phpHTTP Response
301 -
288 B 184 B 6 4
-
1.8kB 4.9kB 14 15
HTTP Request
GET https://workwear-shop.ch/counter.phpHTTP Response
404 -
204.79.197.237:443https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBtls, http22.5kB 9.0kB 20 17
HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XEmWtMK4qtf4LiMrmuwaqTVUCUwQfMJooFvWyLoJSr1bPvNsjdR3Z5h-aeer08-DeVn3bv3PiQB-CtTs6XYqTLjdPekyBCX2LLXjB5WGM7ZcnYTKiT6ft95WjucZaEENKnnvonGvEltFAA7itq3gGJW-XacyF1RsRops-j2sMMKd3cV8%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D7cbe7cf12f681b3af7f51aca740fa5b0&TIME=20240508T110126Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981&muid=F93159F48ABC3E2BDF7350B998F17BEBHTTP Response
204 -
88.221.83.233:443https://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981tls, http21.6kB 8.1kB 19 14
HTTP Request
GET https://www.bing.com/aes/c.gif?RG=0387016ed1e147f29bac31e7f50f0dd3&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T110126Z&adUnitId=11730597&localId=w:F93159F4-8ABC-3E2B-DF73-50B998F17BEB&deviceId=6825829378917981HTTP Response
200 -
88.221.83.233:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.7kB 6.4kB 18 12
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
1.2kB 8.1kB 16 14
-
204.79.197.200:443https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2148.8kB 4.4MB 3176 3170
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370639330_1D80T5H13WVAODNQ8&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370639702_1LY06F7YB2ZF9D3G5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370639703_1XZVEAKL3PD7EZGL4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370639329_16GDTY03HO5SY2UBG&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 8.1kB 16 14
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
62 B 78 B 1 1
DNS Request
workwear-shop.ch
DNS Response
185.117.169.232
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
144 B 158 B 2 1
DNS Request
23.177.190.20.in-addr.arpa
DNS Request
23.177.190.20.in-addr.arpa
-
148 B 128 B 2 1
DNS Request
172.210.232.199.in-addr.arpa
DNS Request
172.210.232.199.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
232.169.117.185.in-addr.arpa
-
56 B 151 B 1 1
DNS Request
g.bing.com
DNS Response
204.79.197.23713.107.21.237
-
522 B 8
-
144 B 137 B 2 1
DNS Request
233.83.221.88.in-addr.arpa
DNS Request
233.83.221.88.in-addr.arpa
-
292 B 143 B 4 1
DNS Request
237.197.79.204.in-addr.arpa
DNS Request
237.197.79.204.in-addr.arpa
DNS Request
237.197.79.204.in-addr.arpa
DNS Request
237.197.79.204.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
140 B 144 B 2 1
DNS Request
58.55.71.13.in-addr.arpa
DNS Request
58.55.71.13.in-addr.arpa
-
365 B 147 B 5 1
DNS Request
103.169.127.40.in-addr.arpa
DNS Request
103.169.127.40.in-addr.arpa
DNS Request
103.169.127.40.in-addr.arpa
DNS Request
103.169.127.40.in-addr.arpa
DNS Request
103.169.127.40.in-addr.arpa
-
71 B 145 B 1 1
DNS Request
206.23.85.13.in-addr.arpa
-
71 B 135 B 1 1
DNS Request
144.107.17.2.in-addr.arpa
-
62 B 173 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
204.79.197.20013.107.21.200
-
73 B 106 B 1 1
DNS Request
200.197.79.204.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
3.173.189.20.in-addr.arpa
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
184B
MD57d2c9ae18b0172d6634e0e1cbe142c1f
SHA1233d2d0b041e89322451831b888d70daefb0b0c6
SHA2569f5d5dfeb6f4b3987cd7329248f26da6f63cbd6450705667c30a7ac263738437
SHA512d2814b24afb23d515ddc3e9a5a72535980b6289bd38fa390387988e85490e8b7812f0b834a0834ea4805cfe4d561f03146d83d1f00ae110e88aca6de0b36d10f
-
Filesize
5KB
MD575fbe7ff25d611d1eae2ca0c3bfc78f6
SHA1e3380c1a0685bd44990ad29227b6dad98cdb7e9b
SHA2566874fbf9a122b847057ca56ad6014dff415479aee1c47745ad4a51e0807b562a
SHA512e7edd3141091793e80c804673d69f50e2ff9711143ac6e560f1c8ea9be273b1ef03c691d821e56413610d56d26d391fc19255c6cc9fdddfe38b92f6f0c2c2c4b
-
Filesize
6KB
MD5a94390da6847fd0503246b64208e9a02
SHA13c5814a34e305851cd0702b8724fb771d54754c7
SHA25657a3c8c2853116cc8f5688931243dcd0c6a17e47b3d4317d6cc15dc7e2f12f56
SHA512219e87ab602b0f2fc2584f5e61b001bf6b2b48213e91bf7e5b27405130e64f325b671098d2955beb74f1bd918b727b95b6ad60091d67ab86e0cea470e7c3eb0b
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD51f75f2af1c2846c87bb8548f3363b2fb
SHA14cb861bf6a87d3b4daf743d5b1e57f57814b976c
SHA2567f541e615f2f0f4b2783ba6f5d108c3cd5d05320e8a305732285cb810c79d5b2
SHA51279a11a11b9bf94df2e3d074b67d756b1b1b31da62fc2654baf5a5aaf427176762856d77ac84b5757d58ae6c908bd6e2f3729a56d7472b77e7046732888f55475