Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 01:14 UTC

General

  • Target

    https://files.offshore.cat/NPZ3gRgR.mp4

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.offshore.cat/NPZ3gRgR.mp4
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3044
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
      2⤵
        PID:3056
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        2⤵
          PID:2864
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
          2⤵
            PID:4904
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:2612
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:5112
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                2⤵
                  PID:4728
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
                  2⤵
                    PID:5104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
                    2⤵
                      PID:3464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
                      2⤵
                        PID:5112
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                        2⤵
                          PID:3228
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                          2⤵
                            PID:1048
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                            2⤵
                              PID:5084
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,2435424596826859296,6976129804460390845,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3760
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4592
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3532
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x46c 0x300
                                1⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2872

                              Network

                              • flag-us
                                DNS
                                209.205.72.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.205.72.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                files.offshore.cat
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                files.offshore.cat
                                IN A
                                Response
                                files.offshore.cat
                                IN A
                                104.26.4.55
                                files.offshore.cat
                                IN A
                                104.26.5.55
                                files.offshore.cat
                                IN A
                                172.67.75.147
                              • flag-us
                                GET
                                https://files.offshore.cat/NPZ3gRgR.mp4
                                msedge.exe
                                Remote address:
                                104.26.4.55:443
                                Request
                                GET /NPZ3gRgR.mp4 HTTP/2.0
                                host: files.offshore.cat
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                sec-ch-ua-mobile: ?0
                                dnt: 1
                                upgrade-insecure-requests: 1
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                sec-fetch-site: none
                                sec-fetch-mode: navigate
                                sec-fetch-user: ?1
                                sec-fetch-dest: document
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                                Response
                                HTTP/2.0 200
                                date: Sun, 01 Sep 2024 01:14:22 GMT
                                content-type: video/mp4
                                content-length: 2976936
                                access-control-allow-origin: *
                                cache-control: public, max-age=14400
                                cross-origin-opener-policy: same-origin
                                etag: W/"2d6ca8-191ab041b85"
                                last-modified: Sun, 01 Sep 2024 00:37:38 GMT
                                origin-agent-cluster: ?1
                                referrer-policy: no-referrer
                                strict-transport-security: max-age=15552000; includeSubDomains
                                x-content-type-options: nosniff
                                x-dns-prefetch-control: off
                                x-download-options: noopen
                                x-frame-options: SAMEORIGIN
                                x-permitted-cross-domain-policies: none
                                x-xss-protection: 0
                                cf-cache-status: REVALIDATED
                                accept-ranges: bytes
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 8bc16734885d94cf-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://files.offshore.cat/NPZ3gRgR.mp4
                                msedge.exe
                                Remote address:
                                104.26.4.55:443
                                Request
                                GET /NPZ3gRgR.mp4 HTTP/2.0
                                host: files.offshore.cat
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                accept-language: en-US,en;q=0.9
                                range: bytes=0-
                                Response
                                HTTP/2.0 206
                                date: Sun, 01 Sep 2024 01:14:23 GMT
                                content-type: video/mp4
                                content-length: 2976936
                                access-control-allow-origin: *
                                cache-control: public, max-age=14400
                                cross-origin-opener-policy: same-origin
                                etag: W/"2d6ca8-191ab041b85"
                                last-modified: Sun, 01 Sep 2024 00:37:38 GMT
                                origin-agent-cluster: ?1
                                referrer-policy: no-referrer
                                strict-transport-security: max-age=15552000; includeSubDomains
                                x-content-type-options: nosniff
                                x-dns-prefetch-control: off
                                x-download-options: noopen
                                x-frame-options: SAMEORIGIN
                                x-permitted-cross-domain-policies: none
                                x-xss-protection: 0
                                cf-cache-status: REVALIDATED
                                content-range: bytes 0-2976935/2976936
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EmrxCaK2UKXdmRvLlTDLLgW1q5KrTUSqUc79GgAtrhnigI4NfJyNodtLkq9PWg30xhh9pDLCBdT049RyjEBu9McPhKe8MRqDSt73iU3%2BXzpNgYCnjk4a8WQQgFCsIPZwpRCVYA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 8bc16736092894cf-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://files.offshore.cat/NPZ3gRgR.mp4
                                msedge.exe
                                Remote address:
                                104.26.4.55:443
                                Request
                                GET /NPZ3gRgR.mp4 HTTP/2.0
                                host: files.offshore.cat
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                accept-language: en-US,en;q=0.9
                                range: bytes=2949120-2976935
                                if-range: W/"2d6ca8-191ab041b85"
                                Response
                                HTTP/2.0 206
                                date: Sun, 01 Sep 2024 01:14:23 GMT
                                content-type: video/mp4
                                content-length: 27816
                                access-control-allow-origin: *
                                cache-control: public, max-age=14400
                                cross-origin-opener-policy: same-origin
                                etag: W/"2d6ca8-191ab041b85"
                                last-modified: Sun, 01 Sep 2024 00:37:38 GMT
                                origin-agent-cluster: ?1
                                referrer-policy: no-referrer
                                strict-transport-security: max-age=15552000; includeSubDomains
                                x-content-type-options: nosniff
                                x-dns-prefetch-control: off
                                x-download-options: noopen
                                x-frame-options: SAMEORIGIN
                                x-permitted-cross-domain-policies: none
                                x-xss-protection: 0
                                cf-cache-status: REVALIDATED
                                content-range: bytes 2949120-2976935/2976936
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aLy7tAgBMLHOVnO8JSlW8zH2EMjvk0f5aqlwU1MzQy9Yk3Kc9gf3vZjSAqPx6DCMrEyEpGCSb4FXjKnC1W6GnJBym5Y3nn08mZOS9uMf576cCgzGwMygG2YOLrT3wKOfymHUKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 8bc1673759d694cf-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                GET
                                https://files.offshore.cat/NPZ3gRgR.mp4
                                msedge.exe
                                Remote address:
                                104.26.4.55:443
                                Request
                                GET /NPZ3gRgR.mp4 HTTP/2.0
                                host: files.offshore.cat
                                sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
                                dnt: 1
                                accept-encoding: identity;q=1, *;q=0
                                sec-ch-ua-mobile: ?0
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept: */*
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: video
                                accept-language: en-US,en;q=0.9
                                range: bytes=64314-2949119
                                if-range: W/"2d6ca8-191ab041b85"
                                Response
                                HTTP/2.0 206
                                date: Sun, 01 Sep 2024 01:14:23 GMT
                                content-type: video/mp4
                                content-length: 2884806
                                access-control-allow-origin: *
                                cache-control: public, max-age=14400
                                cross-origin-opener-policy: same-origin
                                etag: W/"2d6ca8-191ab041b85"
                                last-modified: Sun, 01 Sep 2024 00:37:38 GMT
                                origin-agent-cluster: ?1
                                referrer-policy: no-referrer
                                strict-transport-security: max-age=15552000; includeSubDomains
                                x-content-type-options: nosniff
                                x-dns-prefetch-control: off
                                x-download-options: noopen
                                x-frame-options: SAMEORIGIN
                                x-permitted-cross-domain-policies: none
                                x-xss-protection: 0
                                cf-cache-status: REVALIDATED
                                content-range: bytes 64314-2949119/2976936
                                report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                vary: Accept-Encoding
                                server: cloudflare
                                cf-ray: 8bc16737ea2694cf-LHR
                                alt-svc: h3=":443"; ma=86400
                              • flag-us
                                DNS
                                a.nel.cloudflare.com
                                msedge.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                a.nel.cloudflare.com
                                IN A
                                Response
                                a.nel.cloudflare.com
                                IN A
                                35.190.80.1
                              • flag-us
                                OPTIONS
                                https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D
                                msedge.exe
                                Remote address:
                                35.190.80.1:443
                                Request
                                OPTIONS /report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D HTTP/2.0
                                host: a.nel.cloudflare.com
                                origin: https://files.offshore.cat
                                access-control-request-method: POST
                                access-control-request-headers: content-type
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                POST
                                https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D
                                msedge.exe
                                Remote address:
                                35.190.80.1:443
                                Request
                                POST /report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D HTTP/2.0
                                host: a.nel.cloudflare.com
                                content-length: 411
                                content-type: application/reports+json
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                OPTIONS
                                https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D
                                msedge.exe
                                Remote address:
                                35.190.80.1:443
                                Request
                                OPTIONS /report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D HTTP/2.0
                                host: a.nel.cloudflare.com
                                origin: https://files.offshore.cat
                                access-control-request-method: POST
                                access-control-request-headers: content-type
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
                                accept-encoding: gzip, deflate, br
                                accept-language: en-US,en;q=0.9
                              • flag-us
                                DNS
                                55.4.26.104.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                55.4.26.104.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                134.32.126.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                134.32.126.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                172.210.232.199.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                172.210.232.199.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                1.80.190.35.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                1.80.190.35.in-addr.arpa
                                IN PTR
                                Response
                                1.80.190.35.in-addr.arpa
                                IN PTR
                                18019035bcgoogleusercontentcom
                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.ax-0001.ax-msedge.net
                                g-bing-com.ax-0001.ax-msedge.net
                                IN CNAME
                                ax-0001.ax-msedge.net
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.27.10
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.28.10
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=146B27787CFA66361C3533957D1A674F; domain=.bing.com; expires=Fri, 26-Sep-2025 01:14:25 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: D57F866DBAFF41A6B5E85F7D3E31CD81 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
                                date: Sun, 01 Sep 2024 01:14:25 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=146B27787CFA66361C3533957D1A674F
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=HKo4QS4vZyGPgRBIHxhUv0RinW-8BWYWV-tQytgru3c; domain=.bing.com; expires=Fri, 26-Sep-2025 01:14:25 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: E71D66C751D44C699A2DA0276BDB9127 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
                                date: Sun, 01 Sep 2024 01:14:25 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid= HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=146B27787CFA66361C3533957D1A674F; MSPTC=HKo4QS4vZyGPgRBIHxhUv0RinW-8BWYWV-tQytgru3c
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: C2EAE074FC994A3F9E75E6B72648AB76 Ref B: LON04EDGE1006 Ref C: 2024-09-01T01:14:25Z
                                date: Sun, 01 Sep 2024 01:14:25 GMT
                              • flag-us
                                DNS
                                26.35.223.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                26.35.223.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                58.55.71.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                58.55.71.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                58.55.71.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                58.55.71.13.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                15.164.165.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                15.164.165.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                15.164.165.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                15.164.165.52.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                19.229.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                19.229.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                88.156.103.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                88.156.103.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                ax-0001.ax-msedge.net
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.27.10
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.28.10
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 906468
                                content-type: image/jpeg
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: B1D0F1DE0E1D4EC6BD281310CD2DD190 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
                                date: Sun, 01 Sep 2024 01:16:13 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 550329
                                content-type: image/jpeg
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 0EB0429C66D34BCCAF6B902EDA941FEA Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
                                date: Sun, 01 Sep 2024 01:16:13 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 586035
                                content-type: image/jpeg
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 8E08210EC73E4575B2CB4C68B72660E3 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
                                date: Sun, 01 Sep 2024 01:16:13 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 1145289
                                content-type: image/jpeg
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 7AFB3DF6E36A4EB2A4326D69D1C31225 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
                                date: Sun, 01 Sep 2024 01:16:13 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 352234
                                content-type: image/jpeg
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: DCD4324F809B43D4A6C4B429CFC5FFA0 Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:13Z
                                date: Sun, 01 Sep 2024 01:16:13 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.27.10:443
                                Request
                                GET /th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 411186
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: B432B913051F43F1BD8DA398C9E1B6AD Ref B: LON04EDGE0914 Ref C: 2024-09-01T01:16:14Z
                                date: Sun, 01 Sep 2024 01:16:14 GMT
                              • 104.26.4.55:443
                                files.offshore.cat
                                tls
                                msedge.exe
                                897 B
                                2.5kB
                                7
                                5
                              • 104.26.4.55:443
                                https://files.offshore.cat/NPZ3gRgR.mp4
                                tls, http2
                                msedge.exe
                                101.7kB
                                4.5MB
                                1999
                                3260

                                HTTP Request

                                GET https://files.offshore.cat/NPZ3gRgR.mp4

                                HTTP Response

                                200

                                HTTP Request

                                GET https://files.offshore.cat/NPZ3gRgR.mp4

                                HTTP Response

                                206

                                HTTP Request

                                GET https://files.offshore.cat/NPZ3gRgR.mp4

                                HTTP Response

                                206

                                HTTP Request

                                GET https://files.offshore.cat/NPZ3gRgR.mp4

                                HTTP Response

                                206
                              • 35.190.80.1:443
                                https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D
                                tls, http2
                                msedge.exe
                                3.7kB
                                5.2kB
                                24
                                23

                                HTTP Request

                                OPTIONS https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

                                HTTP Request

                                POST https://a.nel.cloudflare.com/report/v4?s=o50e9GYxS75J7oJRb5nUqyfKdLTKG%2FVawQ5nE%2Fu6MoCQGJQbKHyw5AK5Z4PzsjLxb8mvISPYDPQu3UpR43mfczxGJwhHpCZ3WvMAfQvKZqgPrVWzD2VHsvlVh%2FJ%2FwVtkbzXS7w%3D%3D

                                HTTP Request

                                OPTIONS https://a.nel.cloudflare.com/report/v4?s=X%2Fwv2NpcE%2FMDHcWOn5kOszHHUTgnneIq0Ou8oNKEtkt96nGeZStM8ucogbIPl1oPusE%2BTS9OmErKKt0%2F2W6aerLU%2FRD1OkztXATUmgf1AYiUfSepXc0sKhIQeGIthowvK2f4Qg%3D%3D
                              • 150.171.27.10:443
                                https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=
                                tls, http2
                                1.8kB
                                9.4kB
                                17
                                19

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=88f1d7909c524b2691efc3ed37bb6b81&localId=w:2D7FBA3B-257B-DA9C-9BEE-3873FD814D61&deviceId=6896205358185221&anid=

                                HTTP Response

                                204
                              • 150.171.27.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                6.9kB
                                15
                                12
                              • 150.171.27.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                6.9kB
                                15
                                13
                              • 150.171.27.10:443
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                tls, http2
                                143.6kB
                                4.1MB
                                3033
                                3028

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360526658_1O3WYEZK6VX7G9BK6&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239360526659_1DEB5NSYP58G2E8T3&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418584_19MU177BXG1FCVM1K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239340418583_14V7XNG13AXXMHR4D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301202_1RQN0RMZHNRAOB7W6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301611_1E01O38L32FSSHIRP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Response

                                200
                              • 150.171.27.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                6.9kB
                                15
                                13
                              • 150.171.27.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                6.9kB
                                15
                                13
                              • 8.8.8.8:53
                                209.205.72.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                209.205.72.20.in-addr.arpa

                              • 8.8.8.8:53
                                files.offshore.cat
                                dns
                                msedge.exe
                                64 B
                                112 B
                                1
                                1

                                DNS Request

                                files.offshore.cat

                                DNS Response

                                104.26.4.55
                                104.26.5.55
                                172.67.75.147

                              • 8.8.8.8:53
                                a.nel.cloudflare.com
                                dns
                                msedge.exe
                                66 B
                                82 B
                                1
                                1

                                DNS Request

                                a.nel.cloudflare.com

                                DNS Response

                                35.190.80.1

                              • 8.8.8.8:53
                                55.4.26.104.in-addr.arpa
                                dns
                                70 B
                                132 B
                                1
                                1

                                DNS Request

                                55.4.26.104.in-addr.arpa

                              • 8.8.8.8:53
                                134.32.126.40.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                134.32.126.40.in-addr.arpa

                              • 8.8.8.8:53
                                172.210.232.199.in-addr.arpa
                                dns
                                74 B
                                128 B
                                1
                                1

                                DNS Request

                                172.210.232.199.in-addr.arpa

                              • 35.190.80.1:443
                                a.nel.cloudflare.com
                                https
                                msedge.exe
                                1.7kB
                                3.8kB
                                4
                                6
                              • 8.8.8.8:53
                                1.80.190.35.in-addr.arpa
                                dns
                                70 B
                                120 B
                                1
                                1

                                DNS Request

                                1.80.190.35.in-addr.arpa

                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                148 B
                                1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                150.171.27.10
                                150.171.28.10

                              • 224.0.0.251:5353
                                512 B
                                8
                              • 8.8.8.8:53
                                26.35.223.20.in-addr.arpa
                                dns
                                71 B
                                157 B
                                1
                                1

                                DNS Request

                                26.35.223.20.in-addr.arpa

                              • 8.8.8.8:53
                                58.55.71.13.in-addr.arpa
                                dns
                                140 B
                                144 B
                                2
                                1

                                DNS Request

                                58.55.71.13.in-addr.arpa

                                DNS Request

                                58.55.71.13.in-addr.arpa

                              • 8.8.8.8:53
                                103.169.127.40.in-addr.arpa
                                dns
                                73 B
                                147 B
                                1
                                1

                                DNS Request

                                103.169.127.40.in-addr.arpa

                              • 8.8.8.8:53
                                15.164.165.52.in-addr.arpa
                                dns
                                144 B
                                146 B
                                2
                                1

                                DNS Request

                                15.164.165.52.in-addr.arpa

                                DNS Request

                                15.164.165.52.in-addr.arpa

                              • 35.190.80.1:443
                                a.nel.cloudflare.com
                                https
                                msedge.exe
                                4.0kB
                                4.1kB
                                8
                                8
                              • 8.8.8.8:53
                                19.229.111.52.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                19.229.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                88.156.103.20.in-addr.arpa
                                dns
                                72 B
                                158 B
                                1
                                1

                                DNS Request

                                88.156.103.20.in-addr.arpa

                              • 8.8.8.8:53
                                tse1.mm.bing.net
                                dns
                                62 B
                                170 B
                                1
                                1

                                DNS Request

                                tse1.mm.bing.net

                                DNS Response

                                150.171.27.10
                                150.171.28.10

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                53bc70ecb115bdbabe67620c416fe9b3

                                SHA1

                                af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                SHA256

                                b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                SHA512

                                cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                e765f3d75e6b0e4a7119c8b14d47d8da

                                SHA1

                                cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                SHA256

                                986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                SHA512

                                a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                Filesize

                                62KB

                                MD5

                                48e53c9a79f99916e434c81c8dca294f

                                SHA1

                                4bd62bc4fe041ffa74357c8792a8759552f1b586

                                SHA256

                                13ed9df2ac8de0f8464fcfefd7e3b67c6a9ed9d6640ec83d7b0e29f9b8307cb2

                                SHA512

                                751ecc3bbb0099c97a769c4e63eabe34d52c4dc55d924a2511ac68f698bf74707abda49cf19de8c9e153759d817a8196dd65f5ecd59581610014ad31a562d7fc

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                475B

                                MD5

                                828bb3935eda082e3b7f0a9010dc9e6d

                                SHA1

                                1d9db9758207aedbc8d28501a57d4487d5d6cf37

                                SHA256

                                3d21da95defd05497b73709997d9603743a0949e66c8f39ea4cfd05b2a398d5a

                                SHA512

                                10b04dc46ea7fee155717cc7fcbbf95f08cbf03c74f5b9824ecb4fb217d5e093d09bde078d8e23fadeb97a93b08c51283a586fae5c7a211fdc5d781c94f4137a

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                5KB

                                MD5

                                429d0aef5efa034550c3992f5289dae2

                                SHA1

                                1c6f6d033eb4ccbf92e4e9f58611021b17501d60

                                SHA256

                                c12e1b15f430b5247184564d2b88f5417e18e46b1b57d9054600593c251565ae

                                SHA512

                                1b1bf29b621eb22d415626e764aebd6972216a98c05c6da46667dd3b3aeda87290bdfefdc098b792ec4798903ea668e60c625a04e6033fdd22f1f60bd0558ba8

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                c0db02a5c8fdd0007c034a54137de4bd

                                SHA1

                                b4f6c97e7d6484402481f0e19869cc49cb2c4d81

                                SHA256

                                cbe5a65a41992aabe8489730d9bce560a5de318f25c63368b1e035cb5c4e8d64

                                SHA512

                                973ff3a242c7dcb5b73c32dbadc87b41bdd59a4dd38b78cdd9381709e9e56968bf4835c879bf4194772c47086171ff5157d9fbfeab5ff9b5ac18b700b6cb9502

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                59ef98adf2723ad49370f00dc2fc74b9

                                SHA1

                                dd89847ccc907f08c545614762c4ad7e7c63b983

                                SHA256

                                8decb21ce974aa80e1d4aebbbaf9128faeac44b4d65b3fad3ea28d328e443042

                                SHA512

                                5bcba13ba0f7716844b9224d45ba83e4287932ad64f8dc2fba14fa7a3123bea358cf9145852cfb4a126be2b3ff3e0b5e6a26761b9a8baefdcd9b615e54e7265b

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.