hxxp://youareanidiot[.]cc

Resubmissions

24/08/2024, 22:59 UTC

240824-2yqeyswdnn 3

24/08/2024, 22:51 UTC

240824-2s5bxswbkn 3

24/08/2024, 22:48 UTC

240824-2q6rzawalk 3

24/08/2024, 22:44 UTC

240824-2n2egavhlj 3

24/08/2024, 22:43 UTC

240824-2na8aavgrn 3

24/08/2024, 22:41 UTC

240824-2mdl1stdmd 3

24/08/2024, 22:38 UTC

240824-2kq5bsvfqj 3

Analysis

max time kernel
44s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 22:51 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youareanidiot.cc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690135177555358"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: 33	760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	760	AUDIODG.EXE
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 3112	3572	chrome.exe	84
PID 3572 wrote to memory of 3112	3572	chrome.exe	84
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 2612	3572	chrome.exe	85
PID 3572 wrote to memory of 3240	3572	chrome.exe	86
PID 3572 wrote to memory of 3240	3572	chrome.exe	86
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87
PID 3572 wrote to memory of 1824	3572	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://youareanidiot.cc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa62aacc40,0x7ffa62aacc4c,0x7ffa62aacc58
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:3
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4348,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4896,i,10843510700461927802,9771542067828886735,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4228

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x340
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:760

Network

DNS

youareanidiot.cc

chrome.exe

Remote address:

8.8.8.8:53

Request

youareanidiot.cc

IN A

Response

youareanidiot.cc

IN A

104.21.95.69

youareanidiot.cc

IN A

172.67.143.125
GET

http://youareanidiot.cc/

chrome.exe

Remote address:

104.21.95.69:80

Request

GET / HTTP/1.1
Host: youareanidiot.cc
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Sat, 24 Aug 2024 22:51:55 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 24 Aug 2024 23:51:55 GMT
Location: https://youareanidiot.cc/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tx08929cMDhVSkcXFkg6n6vIesxorudHfgSeUNDO1KDQ1nQkQPg0ueF5zoxbwjuB5K6NiH3pso%2BJohU6E%2FSVxR6X%2BYc3Cp7W3bcWBzz2%2Blqs0aruOihR4o98Q3d350sTngen"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8b86e8e858e99550-LHR
alt-svc: h3=":443"; ma=86400
DNS

234.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.75.250.142.in-addr.arpa

IN PTR

Response

234.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f101e100net
DNS

234.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.75.250.142.in-addr.arpa

IN PTR
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

69.95.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.95.21.104.in-addr.arpa

IN PTR

Response
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=19D7FC27E1CB6E2818C7E8C2E0EC6FA0; domain=.bing.com; expires=Thu, 18-Sep-2025 22:51:55 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B7EAE11282C14B3CA49F65DECAC4B37F Ref B: LON04EDGE0711 Ref C: 2024-08-24T22:51:55Z
date: Sat, 24 Aug 2024 22:51:54 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=19D7FC27E1CB6E2818C7E8C2E0EC6FA0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=aldIySzS-yCezOT2h2gw3W77zJhTd-K-8hAIg8ILB-s; domain=.bing.com; expires=Thu, 18-Sep-2025 22:51:56 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 08898453F8244CFB9F976FCBCF92A8EB Ref B: LON04EDGE0711 Ref C: 2024-08-24T22:51:56Z
date: Sat, 24 Aug 2024 22:51:55 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=19D7FC27E1CB6E2818C7E8C2E0EC6FA0; MSPTC=aldIySzS-yCezOT2h2gw3W77zJhTd-K-8hAIg8ILB-s

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96042EA75A8F4147A25589377FDCB190 Ref B: LON04EDGE0711 Ref C: 2024-08-24T22:51:56Z
date: Sat, 24 Aug 2024 22:51:55 GMT
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
GET

https://youareanidiot.cc/

chrome.exe

Remote address:

104.21.95.69:443

Request

GET / HTTP/2.0
host: youareanidiot.cc
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 22:51:55 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 13 Sep 2023 08:14:54 GMT
cache-control: public, max-age=90, immutable
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6h%2BeBQOQNFLBq6TMoKREtwl5ka%2F0Ybnp1%2B6VcsElcXZyNE%2BUwXMDGe4P%2FGDIeUKOmrALUGXK7ALUSSQoP3Vnn364YXea2MRuZFplqFiXpE5QDBQeJABSD1Le%2F3jPQnSbcLhV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b86e8e98f18cd22-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://youareanidiot.cc/styles/styles.css

chrome.exe

Remote address:

104.21.95.69:443

Request

GET /styles/styles.css HTTP/2.0
host: youareanidiot.cc
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://youareanidiot.cc/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 22:51:56 GMT
content-type: text/css; charset=utf-8
content-length: 2100
last-modified: Wed, 13 Sep 2023 10:48:59 GMT
etag: "6501939b-834"
cache-control: public, max-age=31536000, no-transform, immutable
x-content-type-options: nosniff
cf-cache-status: HIT
age: 196453
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdx3N3%2F4T2fxIQcwpNbIpO%2FZ82JTdxYxooiEMafTPxMRglUizKETCYFiM1b3XWZ0RHwWlRcPMpkBMt3WmltjBRkHTowVk9ASOW5TyJZf5oqmB8IzTErweKY7riE9CopKd0Tu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b86e8ece95ecd22-LHR
alt-svc: h3=":443"; ma=86400
GET

https://youareanidiot.cc/images/speakerm.png

chrome.exe

Remote address:

104.21.95.69:443

Request

GET /images/speakerm.png HTTP/2.0
host: youareanidiot.cc
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://youareanidiot.cc/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 22:51:56 GMT
content-type: image/png
content-length: 2146
last-modified: Sun, 10 Apr 2022 12:07:26 GMT
etag: "6252c87e-862"
cache-control: public, max-age=31536000, no-transform, immutable
x-content-type-options: nosniff
cf-cache-status: HIT
age: 262996
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vcOxiRJ1V0lkPcQJYF3F0VXEANKypjR5XQLI7kXzT2YZFz3uD1xdX%2BqcIMuSj0FFvYpliGud4PYt9BoF%2BSzSk7KsKJBPwNBjLNMJwomqTvwYbYPae8QDKZmB%2Ft5SdLZ3X3AB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b86e8ece95fcd22-LHR
alt-svc: h3=":443"; ma=86400
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

138.201.86.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.201.86.20.in-addr.arpa

IN PTR

Response
DNS

a.nel.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1

chrome.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1 HTTP/2.0
host: a.nel.cloudflare.com
origin: https://youareanidiot.cc
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://a.nel.cloudflare.com/report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1

chrome.exe

Remote address:

35.190.80.1:443

Request

POST /report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1 HTTP/2.0
host: a.nel.cloudflare.com
content-length: 419
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 730683
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC03B6BF0A1B4547B13952DBA0933248 Ref B: LON04EDGE0919 Ref C: 2024-08-24T22:52:28Z
date: Sat, 24 Aug 2024 22:52:28 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

35.56.20.217.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.56.20.217.in-addr.arpa

IN PTR

Response

104.21.95.69:80

http://youareanidiot.cc/

http

chrome.exe

759 B
1.0kB
7
4

HTTP Request

GET http://youareanidiot.cc/

HTTP Response

301
104.21.95.69:80

youareanidiot.cc

chrome.exe

334 B
132 B
7
3
104.21.95.69:443

youareanidiot.cc

tls

chrome.exe

2.1kB
92 B
6
2
104.21.95.69:443

youareanidiot.cc

tls, http2

chrome.exe

1.8kB
3.2kB
11
7
150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

tls, http2

2.4kB
9.6kB
26
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=adb55ae42e3e414f893b2aee327a628e&localId=w:E1FD06B2-9179-2377-8934-278C10EE140A&deviceId=6896205358121058&anid=

HTTP Response

204
104.21.95.69:443

https://youareanidiot.cc/images/speakerm.png

tls, http2

chrome.exe

3.3kB
19.0kB
34
31

HTTP Request

GET https://youareanidiot.cc/

HTTP Response

200

HTTP Request

GET https://youareanidiot.cc/styles/styles.css

HTTP Request

GET https://youareanidiot.cc/images/speakerm.png

HTTP Response

200

HTTP Response

200
35.190.80.1:443

https://a.nel.cloudflare.com/report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1

tls, http2

chrome.exe

2.7kB
4.8kB
18
17

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1

HTTP Request

POST https://a.nel.cloudflare.com/report/v4?s=PDQKtvnkskZN5FQ%2BFcyZVmJwEysdxGs41x52Bx3J0DnBajydJkxJWhkf1cs9FUeHZmuS85squrwSMCmQzzgZg1cxpEjo9y84EZTKFs%2FMT7tsIZ07uGvPWNATvfhJP%2FJkxYE1
104.21.95.69:443

youareanidiot.cc

tls, http2

chrome.exe

1.2kB
1.0kB
8
5
150.171.28.10:443

tse1.mm.bing.net

tls

977 B
4.3kB
8
5
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.7kB
7.8kB
17
14
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.7kB
7.8kB
18
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

2.3kB
9.2kB
21
13
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

9.8kB
220.1kB
171
163

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388127_19J9R6J3AKCRQ3IMT&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608909_1XWUMGMD2M0J0LDVR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301309_1JFFGJ64L9I4K3JMP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360608910_1R4TEUG1LRQY39K7S&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

8.8.8.8:53

youareanidiot.cc

dns

chrome.exe

62 B
94 B
1
1

DNS Request

youareanidiot.cc

DNS Response

104.21.95.69

172.67.143.125
8.8.8.8:53

234.75.250.142.in-addr.arpa

dns

146 B
112 B
2
1

DNS Request

234.75.250.142.in-addr.arpa

DNS Request

234.75.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

112 B
148 B
2
1

DNS Request

g.bing.com

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

69.95.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

69.95.21.104.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
104.21.95.69:443

youareanidiot.cc

https

chrome.exe

18.6kB
498.3kB
127
438
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

138.201.86.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.201.86.20.in-addr.arpa
8.8.8.8:53

a.nel.cloudflare.com

dns

chrome.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
35.190.80.1:443

a.nel.cloudflare.com

https

chrome.exe

1.6kB
3.8kB
4
6
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

213 B
145 B
3
1

DNS Request

97.17.167.52.in-addr.arpa

DNS Request

97.17.167.52.in-addr.arpa

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

35.56.20.217.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

35.56.20.217.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cf137ad729382b29b1e47bab1c151ef7

SHA1
c1bff88b8fead59f47b49b3d04edfc60d3a9f590

SHA256
497da56b03451a32726f37161b190a358fb2b0f8203c93526cbc59daf77f6088

SHA512
cd5591b4e6890b3b50bfba86065017fa0a072aea5cb70f32aebdd48f54f4edea6035fb9b11be012466fae93bdcd052efec88926fa3f6e5147d6ace88204749bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
407b7cec6d52864e25ff666f77813849

SHA1
9c93ab7259c023f112866ef2cb0283842fdd38a4

SHA256
60ff284cab983876cc4896a3ac9dd534bbb9f88ac1586ff9b75fe4d6a125323c

SHA512
fbed8a211800fcdc066ac122388e8c17969c6c01d22fb8b46538a0959d3ad0c63417e41907326310dddb930c0deef251ac793ef54c3a1cc444905836c04c80c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
da280f6986b92876a388cc7365c1b70a

SHA1
9fec7e916f30b9e2dfd8569806ff2b69321c8db1

SHA256
3558fb8bb31b07c28cb85d114341e3abf24fb7c213b420414bec347303a75a18

SHA512
3034a50c9917f63c1de18eeb6b8398a041367a10ce65412afeecb715af617c71db9e9458d0552e3031f4e8e29ce2a919efbd86e1119143f846a7d73b493f0b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6f62c258d5d6c82e788d04a4e934e5bc

SHA1
a916d42787ce486ae1e16cb9f8c321c4c8866849

SHA256
298c44b606e195ff8f2d691a409f75b7d338bfef5b6e38e619e7d986bc0d3cd8

SHA512
f42b501ea4b5c8f61cab77f80f09ebfdf6c39ded9c72aec1118ace91b7ef210b6c9b069e255b9449fee952952329be39eb90d6102ea553230be3f578d785010d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b3007d6104f9265d873fa4e909dd8b52

SHA1
f2f3fa05f96d38562ffac3bcc72f80cc564b801a

SHA256
81f7884f7d4c817765b52b3d3f265e5a4ab32147c1f03bd2ba5f7006984dcbbe

SHA512
99bd774850499efcabe7f1e46d3be5d1b92f861274d6dbfea0a5d1b265e6f0cc8ce38e1dcdde3b672c53a6e541bfed7b54cdb1d392badff248fea7eb9ed52a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8106106710ab68a0915d642ffb47c361

SHA1
868cc5ca7cc7ec924807f2a72fecd18303ea3582

SHA256
1757f4ddcb5b40d4be30b74c5e0d98429a4c9f1ba3baf11c090c9cd1afeeda28

SHA512
7c95623e0604fbadc52421f29d2ac02eec4f57bdc44197da2b156f1a870bfcb041cf40ab09f82b836f5012d6eea753c7eafc981e9d45fbc0432c1ef9991c71e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea86f8c9fff7f6cfe45b24603f647085

SHA1
6282d547a8e69d98b3d2534fbd850b55b57dd17a

SHA256
28e2643ae8a828a25108c36ba215a08f46dda6733ee66a0fe00accd9135ddecb

SHA512
6ba1ac1d0c8bf98139d72c0ec65146eadc03870e5132a45c82a4a266d4bf0faefd5561f10c28f2a47d3cc2c691d59e2f8acfaac442970a732092c64368b07b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c4105d0bd6e4f5c4edf2f5aad10c0c4

SHA1
04052e1dece73b34b1cee348fef9d6adef5454dd

SHA256
d4e837783ac1c042526464247d6e6b6c4bbd184ab8328446ee264838829ebca3

SHA512
a5755eb884f2863b7cb5400ec0fa1b3a81003b58236f4e00e7e6667400c850fcb31fc9a8c6970eda96e450d22e74b710f99d76b8946026a3319782abfb030296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
295a5bdd2a1e31d13b8d46e853ebcd51

SHA1
7d0bd9acbb87b58384c47d07a24c0da01b9185de

SHA256
001c62abe287ee360f92b7cdd84534586397c4880e157910cb50bbcbc115559e

SHA512
916a72dd3dcecc9a61554682cfded0c3681ab5494dee83b3c75b01b757f0e540c422a05ec68a05642950835ce44f8feca6a9b2e8ebffafbcd57db8ab6d3e9ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d64427be4b753330ff82467b0768b229

SHA1
97041e08eaf3bb67f7708302cf9c429795507821

SHA256
ba564658e86eb078e7d4650552ea1bd254810c699076220ff12ca0bd7fbfee93

SHA512
ace6df956185dc2158a154661c40991915cbade4db24076f050dfbcca82b0b71c374428037b91038b68d1b7bf2a8763f641f356481494806d0e0e3371eb67bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0f9f4595f683bda515a01b9a2bf6c780

SHA1
72ea36bf1d87979dfad86c48b00f259507978f83

SHA256
0f29eb84c6e640a4c46c45a2a0c721e9ab26d685e79badfd123cc16999cb8d7e

SHA512
dcf29b24e1ac482cf838de5d76773b8897ed98585804bdf0d5bde857355f9a65dc246008fb99cd125eef43e47fba1be965cdbc87284a89c373349587f74d7fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1cc3b48e23288b985816e55cc59ce67a

SHA1
51a15c3a950945e91217f02397a3dc752d93aa4b

SHA256
7488cb3e1ce650124ea3a19491e8808729cda316dc9d61c7ee13a82e4a4150ac

SHA512
4b3746da50848264a81b929f3e82bdbcb705416689703a2837504dc7afffb4ae432d03cfb6a220630ba3733a24f0d50c983ced465ffeed8cb0f1bd570ce8181e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
413d1a30ce1c2b5dadc3a839dfb78e31

SHA1
75bc4cedbb547ae41eadf2139dd3e10ec28b1e49

SHA256
080225fd80ef8bf8975ce14bd7a5d76c5868ba52844c7c817b854c8564a31402

SHA512
1993fb6dd7f8cd27e9d91f3ea4528326e438f3aeed426f29235cdf4bc9528501993b0c95b1f000e1afc369ea9967853cce6df8a667dafd916b9d1ed776cf5776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
56339ca3fc350f1cffbbb3749c98d985

SHA1
8020c6b1d0ea4bd96c7e080126d5c2300897a4e2

SHA256
95fc7e8e1e6cdf09f0c952263359c08ba444a879755325b1144be151ed365c80

SHA512
16d1c28ffb7094e416db5406edfb69740517db6a01a3b6959caf736b2aca1bedb3bf1dd9a6739eb216daa783905e40c7bfb6bd940107616cf2191cb460ab46b7

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.