hxxps://files[.]offshore[.]cat/NPZ3gRgR[.]mp4

Analysis

max time kernel
148s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 01:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.offshore.cat/NPZ3gRgR.mp4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
1336	identity_helper.exe
1336	identity_helper.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2872	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2872	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3056	3044	msedge.exe	84
PID 3044 wrote to memory of 3056	3044	msedge.exe	84
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 2864	3044	msedge.exe	85
PID 3044 wrote to memory of 872	3044	msedge.exe	86
PID 3044 wrote to memory of 872	3044	msedge.exe	86
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87
PID 3044 wrote to memory of 4904	3044	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.offshore.cat/NPZ3gRgR.mp4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2872

Network

DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

files.offshore.cat

msedge.exe

Remote address:

8.8.8.8:53

Request

files.offshore.cat

IN A

Response

files.offshore.cat

IN A

104.26.4.55

files.offshore.cat

IN A

104.26.5.55

files.offshore.cat

IN A

172.67.75.147
GET

https://files.offshore.cat/NPZ3gRgR.mp4

msedge.exe

Remote address:

104.26.4.55:443

Request

GET /NPZ3gRgR.mp4 HTTP/2.0
host: files.offshore.cat
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 01 Sep 2024 01:14:22 GMT
content-type: video/mp4
content-length: 2976936
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-opener-policy: same-origin
etag: W/"2d6ca8-191ab041b85"
last-modified: Sun, 01 Sep 2024 00:37:38 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bc16734885d94cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://files.offshore.cat/NPZ3gRgR.mp4

msedge.exe

Remote address:

104.26.4.55:443

Request

GET /NPZ3gRgR.mp4 HTTP/2.0
host: files.offshore.cat
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: video
accept-language: en-US,en;q=0.9
range: bytes=0-

Response

HTTP/2.0 206

date: Sun, 01 Sep 2024 01:14:23 GMT
content-type: video/mp4
content-length: 2976936
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-opener-policy: same-origin
etag: W/"2d6ca8-191ab041b85"
last-modified: Sun, 01 Sep 2024 00:37:38 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: REVALIDATED
content-range: bytes 0-2976935/2976936
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EmrxCaK2UKXdmRvLlTDLLgW1q5KrTUSqUc79GgAtrhnigI4NfJyNodtLkq9PWg30xhh9pDLCBdT049RyjEBu9McPhKe8MRqDSt73iU3%2BXzpNgYCnjk4a8WQQgFCsIPZwpRCVYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bc16736092894cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://files.offshore.cat/NPZ3gRgR.mp4

msedge.exe

Remote address:

104.26.4.55:443

Request

GET /NPZ3gRgR.mp4 HTTP/2.0
host: files.offshore.cat
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: video
accept-language: en-US,en;q=0.9
range: bytes=2949120-2976935
if-range: W/"2d6ca8-191ab041b85"

Response

HTTP/2.0 206

date: Sun, 01 Sep 2024 01:14:23 GMT
content-type: video/mp4
content-length: 27816
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-opener-policy: same-origin
etag: W/"2d6ca8-191ab041b85"
last-modified: Sun, 01 Sep 2024 00:37:38 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: REVALIDATED
content-range: bytes 2949120-2976935/2976936
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLy7tAgBMLHOVnO8JSlW8zH2EMjvk0f5aqlwU1MzQy9Yk3Kc9gf3vZjSAqPx6DCMrEyEpGCSb4FXjKnC1W6GnJBym5Y3nn08mZOS9uMf576cCgzGwMygG2YOLrT3wKOfymHUKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bc1673759d694cf-LHR
alt-svc: h3=":443"; ma=86400
GET

https://files.offshore.cat/NPZ3gRgR.mp4

msedge.exe

Remote address:

104.26.4.55:443

Request

GET /NPZ3gRgR.mp4 HTTP/2.0
host: files.offshore.cat
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: video
accept-language: en-US,en;q=0.9
range: bytes=64314-2949119
if-range: W/"2d6ca8-191ab041b85"

Response

HTTP/2.0 206

date: Sun, 01 Sep 2024 01:14:23 GMT
content-type: video/mp4
content-length: 2884806
access-control-allow-origin: *
cache-control: public, max-age=14400
cross-origin-opener-policy: same-origin
etag: W/"2d6ca8-191ab041b85"
last-modified: Sun, 01 Sep 2024 00:37:38 GMT
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cf-cache-status: REVALIDATED
content-range: bytes 64314-2949119/2976936
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bc16737ea2694cf-LHR
alt-svc: h3=":443"; ma=86400
DNS

a.nel.cloudflare.com

msedge.exe

Remote address:

8.8.8.8:53

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

msedge.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://files.offshore.cat
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

msedge.exe

Remote address:

35.190.80.1:443

Request

POST /report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
content-length: 411
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D

msedge.exe

Remote address:

35.190.80.1:443

Request

OPTIONS /report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D HTTP/2.0
host: a.nel.cloudflare.com
origin: https://files.offshore.cat
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

55.4.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.4.26.104.in-addr.arpa

IN PTR

Response
DNS

134.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.32.126.40.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

1.80.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=146B27787CFA66361C3533957D1A674F; domain=.bing.com; expires=Fri, 26-Sep-2025 01:14:25 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D57F866DBAFF41A6B5E85F7D3E31CD81 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
date: Sun, 01 Sep 2024 01:14:25 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=146B27787CFA66361C3533957D1A674F

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=HKo4QS4vZyGPgRBIHxhUv0RinW-8BWYWV-tQytgru3c; domain=.bing.com; expires=Fri, 26-Sep-2025 01:14:25 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E71D66C751D44C699A2DA0276BDB9127 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
date: Sun, 01 Sep 2024 01:14:25 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

Remote address:

150.171.27.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=146B27787CFA66361C3533957D1A674F; MSPTC=HKo4QS4vZyGPgRBIHxhUv0RinW-8BWYWV-tQytgru3c

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C2EAE074FC994A3F9E75E6B72648AB76 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
date: Sun, 01 Sep 2024 01:14:25 GMT
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 906468
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B1D0F1DE0E1D4EC6BD281310CD2DD190 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
date: Sun, 01 Sep 2024 01:16:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 550329
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0EB0429C66D34BCCAF6B902EDA941FEA Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
date: Sun, 01 Sep 2024 01:16:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 586035
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E08210EC73E4575B2CB4C68B72660E3 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
date: Sun, 01 Sep 2024 01:16:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 1145289
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7AFB3DF6E36A4EB2A4326D69D1C31225 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
date: Sun, 01 Sep 2024 01:16:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 352234
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DCD4324F809B43D4A6C4B429CFC5FFA0 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
date: Sun, 01 Sep 2024 01:16:13 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 411186
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B432B913051F43F1BD8DA398C9E1B6AD Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:14Z
date: Sun, 01 Sep 2024 01:16:14 GMT

104.26.4.55:443

files.offshore.cat

tls

msedge.exe

897 B
2.5kB
7
5
104.26.4.55:443

https://files.offshore.cat/NPZ3gRgR.mp4

tls, http2

msedge.exe

101.7kB
4.5MB
1999
3260

HTTP Request

GET https://files.offshore.cat/NPZ3gRgR.mp4

HTTP Response

200

HTTP Request

GET https://files.offshore.cat/NPZ3gRgR.mp4

HTTP Response

206

HTTP Request

GET https://files.offshore.cat/NPZ3gRgR.mp4

HTTP Response

206

HTTP Request

GET https://files.offshore.cat/NPZ3gRgR.mp4

HTTP Response

206
35.190.80.1:443

https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D

tls, http2

msedge.exe

3.7kB
5.2kB
24
23

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

HTTP Request

POST https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

HTTP Request

OPTIONS https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D
150.171.27.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

tls, http2

1.8kB
9.4kB
17
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

HTTP Response

204
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
12
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

143.6kB
4.1MB
3033
3028

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

files.offshore.cat

dns

msedge.exe

64 B
112 B
1
1

DNS Request

files.offshore.cat

DNS Response

104.26.4.55

104.26.5.55

172.67.75.147
8.8.8.8:53

a.nel.cloudflare.com

dns

msedge.exe

66 B
82 B
1
1

DNS Request

a.nel.cloudflare.com

DNS Response

35.190.80.1
8.8.8.8:53

55.4.26.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

55.4.26.104.in-addr.arpa
8.8.8.8:53

134.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

134.32.126.40.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

msedge.exe

1.7kB
3.8kB
4
6
8.8.8.8:53

1.80.190.35.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.80.190.35.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.27.10

150.171.28.10
224.0.0.251:5353

512 B
8
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

140 B
144 B
2
1

DNS Request

58.55.71.13.in-addr.arpa

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

144 B
146 B
2
1

DNS Request

15.164.165.52.in-addr.arpa

DNS Request

15.164.165.52.in-addr.arpa
35.190.80.1:443

a.nel.cloudflare.com

https

msedge.exe

4.0kB
4.1kB
8
8
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
48e53c9a79f99916e434c81c8dca294f

SHA1
4bd62bc4fe041ffa74357c8792a8759552f1b586

SHA256
13ed9df2ac8de0f8464fcfefd7e3b67c6a9ed9d6640ec83d7b0e29f9b8307cb2

SHA512
751ecc3bbb0099c97a769c4e63eabe34d52c4dc55d924a2511ac68f698bf74707abda49cf19de8c9e153759d817a8196dd65f5ecd59581610014ad31a562d7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
475B

MD5
828bb3935eda082e3b7f0a9010dc9e6d

SHA1
1d9db9758207aedbc8d28501a57d4487d5d6cf37

SHA256
3d21da95defd05497b73709997d9603743a0949e66c8f39ea4cfd05b2a398d5a

SHA512
10b04dc46ea7fee155717cc7fcbbf95f08cbf03c74f5b9824ecb4fb217d5e093d09bde078d8e23fadeb97a93b08c51283a586fae5c7a211fdc5d781c94f4137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
429d0aef5efa034550c3992f5289dae2

SHA1
1c6f6d033eb4ccbf92e4e9f58611021b17501d60

SHA256
c12e1b15f430b5247184564d2b88f5417e18e46b1b57d9054600593c251565ae

SHA512
1b1bf29b621eb22d415626e764aebd6972216a98c05c6da46667dd3b3aeda87290bdfefdc098b792ec4798903ea668e60c625a04e6033fdd22f1f60bd0558ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0db02a5c8fdd0007c034a54137de4bd

SHA1
b4f6c97e7d6484402481f0e19869cc49cb2c4d81

SHA256
cbe5a65a41992aabe8489730d9bce560a5de318f25c63368b1e035cb5c4e8d64

SHA512
973ff3a242c7dcb5b73c32dbadc87b41bdd59a4dd38b78cdd9381709e9e56968bf4835c879bf4194772c47086171ff5157d9fbfeab5ff9b5ac18b700b6cb9502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59ef98adf2723ad49370f00dc2fc74b9

SHA1
dd89847ccc907f08c545614762c4ad7e7c63b983

SHA256
8decb21ce974aa80e1d4aebbbaf9128faeac44b4d65b3fad3ea28d328e443042

SHA512
5bcba13ba0f7716844b9224d45ba83e4287932ad64f8dc2fba14fa7a3123bea358cf9145852cfb4a126be2b3ff3e0b5e6a26761b9a8baefdcd9b615e54e7265b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.