crimsonrat | 26ecb3cd51fbaab64cfc024eabe3c0c8230001594be9b34b9e943d01fe02ea79

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2024, 09:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SteamRIP - 🧠-palace-of-humility [1256286199694495844].html
Size

238KB
MD5

17ff4593972658c0964b6813e1aab14d
SHA1

4d2257ff540dd6e1ab14fce6a4aa1be96721ce3b
SHA256

26ecb3cd51fbaab64cfc024eabe3c0c8230001594be9b34b9e943d01fe02ea79
SHA512

64367f97c622f38a74ead0b7596dfef0c282c28e35e70bb5affec99d28f9358b96eaf7af9f4fd7b85af28b9ce7887e58f8bcc83abc76946a88dba94d77d6ae63
SSDEEP

1536:4MNDL8DMDahDEqlDO/RnXbvYEVoSWaoo1TREiDQcD0sFbyMzQrHPDfaS3epmxZCr:NeCuTsX8XDzsl+SRP

Score

10^/10

crimsonrat discovery rat upx

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000b000000023403-39.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat

Executes dropped EXE 1 IoCs

pid	Process
4540	dlrarhsiva.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2780-0-0x0000000000400000-0x0000000000409000-memory.dmp	upx
behavioral1/memory/2780-1-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
141	raw.githubusercontent.com
142	raw.githubusercontent.com
143	raw.githubusercontent.com

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4452	5536	WerFault.exe	144

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FlashKiller.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4540	452	CrimsonRAT.exe	153
PID 452 wrote to memory of 4540	452	CrimsonRAT.exe	153

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\SteamRIP - 🧠-palace-of-humility [1256286199694495844].html
1⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4372,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:1
1⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:1
1⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5444,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5440,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
1⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5904,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:1
1⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5312,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1
1⤵
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6300,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:1
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6360,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1
1⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6312,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:8
1⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5920,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:1
1⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5352,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:1
1⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5200,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:1
1⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6676,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1
1⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6888,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:8
1⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6892,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:1
1⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7252,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:8
1⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=7264,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:8
1⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7260,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:8
1⤵
PID:3620

C:\Users\Admin\Downloads\BlueScreen.exe
"C:\Users\Admin\Downloads\BlueScreen.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6156,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:1
1⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=6524,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7760 /prefetch:8
1⤵
PID:5456

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
1⤵
PID:5520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
1⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7728,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:1
1⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7284,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:8
1⤵
PID:4444

C:\Users\Admin\Downloads\FlashKiller.exe
"C:\Users\Admin\Downloads\FlashKiller.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 240
  2⤵
  - Program crash
  PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5536 -ip 5536
1⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=5616,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:1
1⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5712,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
1⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=4392,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=5600 /prefetch:8
1⤵
PID:372

C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\ProgramData\Hdlharas\dlrarhsiva.exe
  "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
  2⤵
  - Executes dropped EXE
  PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=6660,i,16316361669272684588,6171287487746154806,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:1
1⤵
PID:6120

Network

DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

88.221.134.17

a416.dscd.akamai.net

IN A

88.221.135.81
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=23E4173033886FBC28F703D032AF6ED3; domain=.bing.com; expires=Sat, 13-Sep-2025 09:17:32 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8D7273F6C9A74D62A8F9BAC429771882 Ref B: LON04EDGE0616 Ref C: 2024-08-19T09:17:32Z
date: Mon, 19 Aug 2024 09:17:32 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=23E4173033886FBC28F703D032AF6ED3

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=tc4oZt50fYkMo8ydPT4fFj7NWHehZ5TvqqptNgcyWdk; domain=.bing.com; expires=Sat, 13-Sep-2025 09:17:32 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9F1840554BA4449A926364A75CA31422 Ref B: LON04EDGE0616 Ref C: 2024-08-19T09:17:33Z
date: Mon, 19 Aug 2024 09:17:32 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=23E4173033886FBC28F703D032AF6ED3; MSPTC=tc4oZt50fYkMo8ydPT4fFj7NWHehZ5TvqqptNgcyWdk

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1AFCE0CBF3CF40798E6A1C9A1B5C05DC Ref B: LON04EDGE0616 Ref C: 2024-08-19T09:17:33Z
date: Mon, 19 Aug 2024 09:17:32 GMT
DNS

17.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.134.221.88.in-addr.arpa

IN PTR

Response

17.134.221.88.in-addr.arpa

IN PTR

a88-221-134-17deploystaticakamaitechnologiescom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com
DNS

data-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

data-edge.smartscreen.microsoft.com

IN A

Response

data-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com

prod-agic-uw-3.ukwest.cloudapp.azure.com

IN A

51.11.108.188
DNS

data-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

data-edge.smartscreen.microsoft.com

IN Unknown

Response

data-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

228.69.165.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.69.165.172.in-addr.arpa

IN PTR

Response
DNS

58.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.135.221.88.in-addr.arpa

IN PTR

Response

58.135.221.88.in-addr.arpa

IN PTR

a88-221-135-58deploystaticakamaitechnologiescom
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN A

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.135.50

e86303.dscx.akamaiedge.net

IN A

88.221.135.27

e86303.dscx.akamaiedge.net

IN A

88.221.135.16

e86303.dscx.akamaiedge.net

IN A

88.221.135.19

e86303.dscx.akamaiedge.net

IN A

88.221.135.32

e86303.dscx.akamaiedge.net

IN A

88.221.135.26

e86303.dscx.akamaiedge.net

IN A

88.221.135.24

e86303.dscx.akamaiedge.net

IN A

88.221.135.34

e86303.dscx.akamaiedge.net

IN A

88.221.135.35
DNS

r.bing.com

Remote address:

8.8.8.8:53

Request

r.bing.com

IN Unknown

Response

r.bing.com

IN CNAME

p-static.bing.trafficmanager.net

p-static.bing.trafficmanager.net

IN CNAME

r.bing.com.edgekey.net

r.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN A

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

88.221.134.3

e86303.dscx.akamaiedge.net

IN A

95.101.143.201

e86303.dscx.akamaiedge.net

IN A

95.101.143.193

e86303.dscx.akamaiedge.net

IN A

95.101.143.202

e86303.dscx.akamaiedge.net

IN A

88.221.134.249

e86303.dscx.akamaiedge.net

IN A

95.101.143.211

e86303.dscx.akamaiedge.net

IN A

88.221.134.2

e86303.dscx.akamaiedge.net

IN A

95.101.143.182

e86303.dscx.akamaiedge.net

IN A

95.101.143.183
DNS

th.bing.com

Remote address:

8.8.8.8:53

Request

th.bing.com

IN Unknown

Response

th.bing.com

IN CNAME

p-th.bing.com.trafficmanager.net

p-th.bing.com.trafficmanager.net

IN CNAME

th.bing.com.edgekey.net

th.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net
DNS

50.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.135.221.88.in-addr.arpa

IN PTR

Response

50.135.221.88.in-addr.arpa

IN PTR

a88-221-135-50deploystaticakamaitechnologiescom
DNS

3.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.134.221.88.in-addr.arpa

IN PTR

Response

3.134.221.88.in-addr.arpa

IN PTR

a88-221-134-3deploystaticakamaitechnologiescom
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.trafficmanager.net

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.75

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.67

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.2

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.71

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.71
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN Unknown

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.akadns.net
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.akadns.net

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.82

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.149

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.21

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.22

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.148

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.23

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.19

www.tm.ak.prd.aadg.akadns.net

IN A

20.190.177.20
DNS

login.microsoftonline.com

Remote address:

8.8.8.8:53

Request

login.microsoftonline.com

IN A

Response

login.microsoftonline.com

IN CNAME

login.mso.msidentity.com

login.mso.msidentity.com

IN CNAME

ak.privatelink.msidentity.com

ak.privatelink.msidentity.com

IN CNAME

www.tm.ak.prd.aadg.trafficmanager.net

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.71

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.71

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.68

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.73

www.tm.ak.prd.aadg.trafficmanager.net

IN A

40.126.31.67

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.23

www.tm.ak.prd.aadg.trafficmanager.net

IN A

20.190.159.75
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

64.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.159.190.20.in-addr.arpa

IN PTR

Response
DNS

167.154.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

167.154.64.172.in-addr.arpa

IN PTR

Response
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN Unknown

Response
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN A

Response

github.githubassets.com

IN A

185.199.109.154

github.githubassets.com

IN A

185.199.110.154

github.githubassets.com

IN A

185.199.111.154

github.githubassets.com

IN A

185.199.108.154
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN Unknown

Response
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.108.133

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.111.133

avatars.githubusercontent.com

IN A

185.199.109.133
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN Unknown

Response
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN A

Response

user-images.githubusercontent.com

IN A

185.199.111.133

user-images.githubusercontent.com

IN A

185.199.110.133

user-images.githubusercontent.com

IN A

185.199.108.133

user-images.githubusercontent.com

IN A

185.199.109.133
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN Unknown

Response
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

52.216.218.81

s3-w.us-east-1.amazonaws.com

IN A

3.5.28.236

s3-w.us-east-1.amazonaws.com

IN A

52.216.184.107

s3-w.us-east-1.amazonaws.com

IN A

54.231.128.233

s3-w.us-east-1.amazonaws.com

IN A

52.217.46.244

s3-w.us-east-1.amazonaws.com

IN A

16.182.67.89

s3-w.us-east-1.amazonaws.com

IN A

54.231.194.193

s3-w.us-east-1.amazonaws.com

IN A

3.5.10.196
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN Unknown

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

154.109.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.109.199.185.in-addr.arpa

IN PTR

Response

154.109.199.185.in-addr.arpa

IN PTR

cdn-185-199-109-154githubcom
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.113.22
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN Unknown

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN Unknown

Response
DNS

133.108.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.108.199.185.in-addr.arpa

IN PTR

Response

133.108.199.185.in-addr.arpa

IN PTR

cdn-185-199-108-133githubcom
DNS

210.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.156.26.20.in-addr.arpa

IN PTR

Response
DNS

22.113.82.140.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.113.82.140.in-addr.arpa

IN PTR

Response

22.113.82.140.in-addr.arpa

IN PTR

lb-140-82-113-22-iadgithubcom
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

raw.githubusercontent.com

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN A

Response

raw.githubusercontent.com

IN A

185.199.108.133

raw.githubusercontent.com

IN A

185.199.110.133

raw.githubusercontent.com

IN A

185.199.111.133

raw.githubusercontent.com

IN A

185.199.109.133
DNS

raw.githubusercontent.com

Remote address:

8.8.8.8:53

Request

raw.githubusercontent.com

IN Unknown

Response
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN A

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com

prod-agic-uw-2.ukwest.cloudapp.azure.com

IN A

51.140.244.186
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN Unknown

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN A

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN Unknown

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

186.244.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.244.140.51.in-addr.arpa

IN PTR

Response
DNS

169.96.87.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.96.87.13.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

138.201.86.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.201.86.20.in-addr.arpa

IN PTR

Response
DNS

184.143.101.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

184.143.101.95.in-addr.arpa

IN PTR

Response

184.143.101.95.in-addr.arpa

IN PTR

a95-101-143-184deploystaticakamaitechnologiescom
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN Unknown

Response
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.112.21
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN Unknown

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN Unknown

Response
DNS

telem-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

telem-edge.smartscreen.microsoft.com

IN A

Response

telem-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com

prod-agic-uw-1.ukwest.cloudapp.azure.com

IN A

51.140.242.104
DNS

telem-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

telem-edge.smartscreen.microsoft.com

IN Unknown

Response

telem-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com
DNS

104.242.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.242.140.51.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 646893
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F2E1B729726C47D883F4AD549421E72C Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 538654
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BFA30929B12845EE91415EE022985D9B Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 539839
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6F425DB0ADEC41AFA5827A362275296C Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 563726
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D00159F50FA94A16B76A39FDBD1EEC41 Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 617294
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 86610634189B449081F42AA563E9F56A Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:11 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 491307
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D97E89A1CA74CBAB6C72796D98DCD1F Ref B: LON04EDGE1106 Ref C: 2024-08-19T09:19:12Z
date: Mon, 19 Aug 2024 09:19:12 GMT
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN A

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-1.ukwest.cloudapp.azure.com

prod-agic-uw-1.ukwest.cloudapp.azure.com

IN A

51.140.242.104
DNS

dl-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

dl-edge.smartscreen.microsoft.com

IN Unknown

Response

dl-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-edge.trafficmanager.net

prod-atm-wds-edge.trafficmanager.net

IN CNAME

prod-agic-uw-3.ukwest.cloudapp.azure.com
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN A

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-2.uksouth.cloudapp.azure.com

prod-agic-us-2.uksouth.cloudapp.azure.com

IN A

172.165.69.228
DNS

app-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

app-edge.smartscreen.microsoft.com

IN Unknown

Response

app-edge.smartscreen.microsoft.com

IN CNAME

prod-atm-wds-apprep.trafficmanager.net

prod-atm-wds-apprep.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN A

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com

glb-db52c2cf8be544.github.com

IN A

140.82.112.21
DNS

collector.github.com

Remote address:

8.8.8.8:53

Request

collector.github.com

IN Unknown

Response

collector.github.com

IN CNAME

glb-db52c2cf8be544.github.com
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN A

Response

api.github.com

IN A

20.26.156.210
DNS

api.github.com

Remote address:

8.8.8.8:53

Request

api.github.com

IN Unknown

Response

13.107.6.158:443

business.bing.com

tls

3.8kB
10.2kB
20
26
88.221.134.17:443

bzib.nelreports.net

tls

2.9kB
7.8kB
14
17
13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=9d2b9d75faa5473f81ede2023e2bf311&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204
172.165.69.228:443

nav-edge.smartscreen.microsoft.com

tls

7.1kB
10.9kB
27
27
51.11.108.188:443

data-edge.smartscreen.microsoft.com

tls

20.7kB
618.6kB
328
455
51.11.108.188:443

data-edge.smartscreen.microsoft.com

tls

2.4kB
6.7kB
12
9
88.221.135.50:443

r.bing.com

tls

4.6kB
11.2kB
21
27
88.221.135.50:443

r.bing.com

tls

23.8kB
486.3kB
287
376
88.221.134.3:443

th.bing.com

tls

11.0kB
116.6kB
82
114
88.221.134.3:443

th.bing.com

tls

2.3kB
5.1kB
10
12
20.190.159.64:443

login.microsoftonline.com

tls

4.2kB
7.5kB
13
14
172.64.154.167:443

www2.bing.com

tls

2.0kB
259 B
6
6
172.64.154.167:443

www2.bing.com

tls

2.1kB
259 B
6
6
20.26.156.215:443

github.com

tls

2.2kB
4.0kB
10
8
20.26.156.215:443

github.com

tls

18.6kB
302.3kB
208
304
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
11
185.199.109.154:443

github.githubassets.com

tls

41.7kB
1.2MB
588
950
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
11
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
12
10
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
12
10
185.199.109.154:443

github.githubassets.com

tls

2.3kB
4.7kB
10
11
185.199.108.133:443

avatars.githubusercontent.com

tls

3.5kB
10.9kB
21
25
185.199.109.154:443

github.githubassets.com

tls

3.9kB
22.9kB
28
30
140.82.113.22:443

collector.github.com

tls

2.2kB
4.3kB
9
6
140.82.113.22:443

collector.github.com

tls

62.0kB
31.4kB
153
148
20.26.156.210:443

api.github.com

tls

17.1kB
12.0kB
47
49
185.199.108.133:443

raw.githubusercontent.com

tls

12.9kB
357.1kB
195
284
51.140.244.186:443

dl-edge.smartscreen.microsoft.com

tls

13.4kB
14.1kB
40
41
13.87.96.169:443

app-edge.smartscreen.microsoft.com

tls

11.7kB
12.3kB
34
37
95.101.143.184:443

www.bing.com

tls

2.4kB
5.1kB
13
13
51.140.242.104:443

telem-edge.smartscreen.microsoft.com

tls

5.1kB
7.9kB
16
16
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

135.5kB
3.5MB
2557
2550

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301205_1OM9XZCKYFXI34HLQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360494465_1WL11PE3QHWZ3Q9V1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301614_1PEIP2AXZTPQ08R0S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360494466_1NE7RS5P7DA5W3Y3W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.8kB
15
12
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
20.26.156.210:443

api.github.com

tls

2.5kB
4.1kB
12
11
20.26.156.210:443

api.github.com

tls

5.3kB
7.8kB
22
24

8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

88.221.134.17

88.221.135.81
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

17.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

17.134.221.88.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
198 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
241 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

data-edge.smartscreen.microsoft.com

dns

81 B
198 B
1
1

DNS Request

data-edge.smartscreen.microsoft.com

DNS Response

51.11.108.188
8.8.8.8:53

data-edge.smartscreen.microsoft.com

dns

81 B
243 B
1
1

DNS Request

data-edge.smartscreen.microsoft.com
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

228.69.165.172.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.69.165.172.in-addr.arpa
88.221.135.58:443

www.bing.com

https

76.2kB
1.4MB
328
1338
8.8.8.8:53

58.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

58.135.221.88.in-addr.arpa
224.0.0.251:5353

204 B
3
8.8.8.8:53

r.bing.com

dns

56 B
316 B
1
1

DNS Request

r.bing.com

DNS Response

88.221.135.50

88.221.135.27

88.221.135.16

88.221.135.19

88.221.135.32

88.221.135.26

88.221.135.24

88.221.135.34

88.221.135.35
8.8.8.8:53

r.bing.com

dns

56 B
233 B
1
1

DNS Request

r.bing.com
8.8.8.8:53

th.bing.com

dns

57 B
318 B
1
1

DNS Request

th.bing.com

DNS Response

88.221.134.3

95.101.143.201

95.101.143.193

95.101.143.202

88.221.134.249

95.101.143.211

88.221.134.2

95.101.143.182

95.101.143.183
8.8.8.8:53

th.bing.com

dns

57 B
235 B
1
1

DNS Request

th.bing.com
88.221.135.50:443

r.bing.com

https

5.7kB
52.3kB
36
62
8.8.8.8:53

50.135.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

50.135.221.88.in-addr.arpa
8.8.8.8:53

3.134.221.88.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

3.134.221.88.in-addr.arpa
88.221.135.50:443

r.bing.com

https

17.4kB
1.4MB
173
1109
8.8.8.8:53

login.microsoftonline.com

dns

71 B
314 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

20.190.159.64

40.126.31.73

20.190.159.75

40.126.31.67

20.190.159.73

20.190.159.2

40.126.31.71

20.190.159.71
8.8.8.8:53

login.microsoftonline.com

dns

71 B
241 B
1
1

DNS Request

login.microsoftonline.com
8.8.8.8:53

login.microsoftonline.com

dns

71 B
306 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

20.190.177.82

20.190.177.149

20.190.177.21

20.190.177.22

20.190.177.148

20.190.177.23

20.190.177.19

20.190.177.20
88.221.134.3:443

www.bing.com

https

3.1kB
6.7kB
9
14
8.8.8.8:53

login.microsoftonline.com

dns

71 B
314 B
1
1

DNS Request

login.microsoftonline.com

DNS Response

20.190.159.71

40.126.31.71

20.190.159.73

20.190.159.68

40.126.31.73

40.126.31.67

20.190.159.23

20.190.159.75
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

64.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.159.190.20.in-addr.arpa
8.8.8.8:53

167.154.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

167.154.64.172.in-addr.arpa
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

56 B
121 B
1
1

DNS Request

github.com
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.githubassets.com

dns

69 B
133 B
1
1

DNS Request

github.githubassets.com

DNS Response

185.199.109.154

185.199.110.154

185.199.111.154

185.199.108.154
8.8.8.8:53

github.githubassets.com

dns

69 B
151 B
1
1

DNS Request

github.githubassets.com
8.8.8.8:53

avatars.githubusercontent.com

dns

75 B
139 B
1
1

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.108.133

185.199.110.133

185.199.111.133

185.199.109.133
8.8.8.8:53

avatars.githubusercontent.com

dns

75 B
140 B
1
1

DNS Request

avatars.githubusercontent.com
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
143 B
1
1

DNS Request

user-images.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.108.133

185.199.109.133
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
144 B
1
1

DNS Request

user-images.githubusercontent.com
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

75 B
253 B
1
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

52.216.218.81

3.5.28.236

52.216.184.107

54.231.128.233

52.217.46.244

16.182.67.89

54.231.194.193

3.5.10.196
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

75 B
203 B
1
1

DNS Request

github-cloud.s3.amazonaws.com
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

154.109.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

154.109.199.185.in-addr.arpa
8.8.8.8:53

collector.github.com

dns

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.113.22
8.8.8.8:53

collector.github.com

dns

66 B
164 B
1
1

DNS Request

collector.github.com
8.8.8.8:53

api.github.com

dns

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

api.github.com

dns

60 B
125 B
1
1

DNS Request

api.github.com
8.8.8.8:53

133.108.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.108.199.185.in-addr.arpa
8.8.8.8:53

210.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

210.156.26.20.in-addr.arpa
8.8.8.8:53

22.113.82.140.in-addr.arpa

dns

72 B
117 B
1
1

DNS Request

22.113.82.140.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

raw.githubusercontent.com

dns

71 B
135 B
1
1

DNS Request

raw.githubusercontent.com

DNS Response

185.199.108.133

185.199.110.133

185.199.111.133

185.199.109.133
8.8.8.8:53

raw.githubusercontent.com

dns

71 B
153 B
1
1

DNS Request

raw.githubusercontent.com
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
196 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com

DNS Response

51.140.244.186
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
241 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com
8.8.8.8:53

186.244.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

186.244.140.51.in-addr.arpa
8.8.8.8:53

169.96.87.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

169.96.87.13.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

138.201.86.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.201.86.20.in-addr.arpa
8.8.8.8:53

184.143.101.95.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

184.143.101.95.in-addr.arpa
8.8.8.8:53

api.github.com

dns

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

api.github.com

dns

60 B
125 B
1
1

DNS Request

api.github.com
8.8.8.8:53

collector.github.com

dns

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.112.21
8.8.8.8:53

collector.github.com

dns

66 B
164 B
1
1

DNS Request

collector.github.com
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

github.com

dns

56 B
121 B
1
1

DNS Request

github.com
8.8.8.8:53

telem-edge.smartscreen.microsoft.com

dns

82 B
199 B
1
1

DNS Request

telem-edge.smartscreen.microsoft.com

DNS Response

51.140.242.104
8.8.8.8:53

telem-edge.smartscreen.microsoft.com

dns

82 B
244 B
1
1

DNS Request

telem-edge.smartscreen.microsoft.com
8.8.8.8:53

104.242.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.242.140.51.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
196 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com

DNS Response

51.140.242.104
8.8.8.8:53

dl-edge.smartscreen.microsoft.com

dns

79 B
240 B
1
1

DNS Request

dl-edge.smartscreen.microsoft.com
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com

DNS Response

172.165.69.228
8.8.8.8:53

app-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

app-edge.smartscreen.microsoft.com
8.8.8.8:53

collector.github.com

dns

66 B
115 B
1
1

DNS Request

collector.github.com

DNS Response

140.82.112.21
8.8.8.8:53

collector.github.com

dns

66 B
164 B
1
1

DNS Request

collector.github.com
8.8.8.8:53

api.github.com

dns

60 B
76 B
1
1

DNS Request

api.github.com

DNS Response

20.26.156.210
8.8.8.8:53

api.github.com

dns

60 B
125 B
1
1

DNS Request

api.github.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
126B

MD5
027123c3a82c7d185bb574998582229f

SHA1
05596834cbaf4d6abb203497f2385d4e567b25d4

SHA256
7d5fda92b3738c74bcbfe85b299993447834ea6616405491a4d75050f6170809

SHA512
338f017573f1e98b80f2d02a008274aaa73e68382fdcd389f2e44d3b01965ea56139c8add01283d26e04f56065d3fed58e0ed4a91ecf6f51ba4f18386529eeaa

Download Submit
memory/452-14-0x00007FFA230F3000-0x00007FFA230F5000-memory.dmp

Filesize
8KB

Download
memory/452-15-0x000001B3B5590000-0x000001B3B55AE000-memory.dmp

Filesize
120KB

Download
memory/452-16-0x00007FFA230F0000-0x00007FFA23BB1000-memory.dmp

Filesize
10.8MB

Download
memory/452-50-0x00007FFA230F0000-0x00007FFA23BB1000-memory.dmp

Filesize
10.8MB

Download
memory/2780-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2780-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4540-49-0x0000027BD54B0000-0x0000027BD5DC4000-memory.dmp

Filesize
9.1MB

Download
memory/5536-13-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response