Overview
overview
7Static
static
54500b5e270...18.exe
windows7-x64
74500b5e270...18.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDIR/nsis.exe
windows7-x64
5$PLUGINSDIR/nsis.exe
windows10-2004-x64
5GinoPlayer.exe
windows7-x64
6GinoPlayer.exe
windows10-2004-x64
6Interop.WMPLib.dll
windows7-x64
1Interop.WMPLib.dll
windows10-2004-x64
1Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3launcher.exe
windows7-x64
3launcher.exe
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2024, 00:48 UTC
Behavioral task
behavioral1
Sample
4500b5e2709a64dd32071bd7ef49a6de_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4500b5e2709a64dd32071bd7ef49a6de_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsis.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsis.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
GinoPlayer.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
GinoPlayer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Interop.WMPLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Interop.WMPLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Uninstall.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
launcher.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
launcher.exe
Resource
win10v2004-20241007-en
General
-
Target
$PLUGINSDIR/NSISdl.dll
-
Size
14KB
-
MD5
a5f8399a743ab7f9c88c645c35b1ebb5
-
SHA1
168f3c158913b0367bf79fa413357fbe97018191
-
SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
-
SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
SSDEEP
192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2740 2044 WerFault.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1040 wrote to memory of 2044 1040 rundll32.exe 84 PID 1040 wrote to memory of 2044 1040 rundll32.exe 84 PID 1040 wrote to memory of 2044 1040 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\NSISdl.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2044 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 6243⤵
- Program crash
PID:2740
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2044 -ip 20441⤵PID:3448
Network
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request71.209.201.84.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=2D3CA13163D86E291A8FB42862476FEF; domain=.bing.com; expires=Sun, 09-Nov-2025 00:48:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F67E4B771E54B48B8CEBCCCEF68F0DB Ref B: LON601060104052 Ref C: 2024-10-15T00:48:38Z
date: Tue, 15 Oct 2024 00:48:37 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2D3CA13163D86E291A8FB42862476FEF
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Jjxek0V_-eSD0tNa6tsKVwJjGB-cji0Wp6hxJ8j2EcI; domain=.bing.com; expires=Sun, 09-Nov-2025 00:48:38 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0C235EF8293402391A19626520B15DF Ref B: LON601060104052 Ref C: 2024-10-15T00:48:38Z
date: Tue, 15 Oct 2024 00:48:38 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=2D3CA13163D86E291A8FB42862476FEF; MSPTC=Jjxek0V_-eSD0tNa6tsKVwJjGB-cji0Wp6hxJ8j2EcI
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E3ABDBC38FD547CF80C93F61D2515259 Ref B: LON601060104052 Ref C: 2024-10-15T00:48:38Z
date: Tue, 15 Oct 2024 00:48:38 GMT
-
Remote address:8.8.8.8:53Request10.28.171.150.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request56.163.245.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request101.209.201.84.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request13.227.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388052_15BEREB8TIR0MI69H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388052_15BEREB8TIR0MI69H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 666327
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A3AF1904D758487EAA95373676881476 Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 679182
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6FC65A82D20041B595CC04209F93D8BA Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 264329
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F60D6FC1440C4F14A874AD87A7F28431 Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 468734
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1922007C1890423DAEBC80D1D4FA9CC3 Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 468841
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03C2D90B02DC45DF9C92CF7588AC1533 Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239339388053_1MJU16LHB17TYH2I8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239339388053_1MJU16LHB17TYH2I8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 289010
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CDAC7FA9C3F841C4BF20265B0DD9567C Ref B: LON601060104040 Ref C: 2024-10-15T00:50:16Z
date: Tue, 15 Oct 2024 00:50:16 GMT
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=tls, http22.0kB 9.4kB 22 19
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3bab34b6942643a3826362cffa22c75e&localId=w:66B95077-CF2F-5A7E-6FF7-2AB84BE1688C&deviceId=6896208602593836&anid=HTTP Response
204 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 12
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239339388053_1MJU16LHB17TYH2I8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90tls, http2104.3kB 2.9MB 2133 2130
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388052_15BEREB8TIR0MI69H&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239340418576_1P0LP58U9FRUO4PCP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239339388053_1MJU16LHB17TYH2I8&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
72 B 132 B 1 1
DNS Request
71.209.201.84.in-addr.arpa
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
72 B 158 B 1 1
DNS Request
10.28.171.150.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
56.163.245.4.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
73 B 133 B 1 1
DNS Request
101.209.201.84.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
13.227.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10