9fbe4e9ab1e5c0e402fdba0221e9c7c3ec70b02d096307914d5668eb1c8d2e5c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2025, 21:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d325684c94c785308f81b68ce0247804.html
Size

19KB
MD5

d325684c94c785308f81b68ce0247804
SHA1

49b0b6843e52895b82a9e5e8e7f837ea23c3c005
SHA256

9fbe4e9ab1e5c0e402fdba0221e9c7c3ec70b02d096307914d5668eb1c8d2e5c
SHA512

e7bbd2413b4c68adb33668284b4c28b1d22304f31ab1dba8f57952fde6ec1b2330bf8d3e86a8ed87693fc165fae7054d077865b59aedccb24340d49f864722af
SSDEEP

384:zBqtZRsVuEc+6bkuOENbICul0LgIssbQbDwiTkBFV1aG/a1B7rl99Ye/ZGr1h:ItZRsV2+6bkPENbVJZYDN4n+Gy1Jl3Y/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
2524	msedge.exe
2524	msedge.exe
4144	identity_helper.exe
4144	identity_helper.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 684	2524	msedge.exe	82
PID 2524 wrote to memory of 684	2524	msedge.exe	82
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 4644	2524	msedge.exe	83
PID 2524 wrote to memory of 1232	2524	msedge.exe	84
PID 2524 wrote to memory of 1232	2524	msedge.exe	84
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85
PID 2524 wrote to memory of 3056	2524	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d325684c94c785308f81b68ce0247804.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fffa65946f8,0x7fffa6594708,0x7fffa6594718
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12236805235404341408,3397366543695756380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

Network

DNS

scripts.lycos.com

msedge.exe

Remote address:

8.8.8.8:53

Request

scripts.lycos.com

IN A

Response

scripts.lycos.com

IN A

209.202.254.12
DNS

px.owneriq.net

Remote address:

8.8.8.8:53

Request

px.owneriq.net

IN A

Response

px.owneriq.net

IN CNAME

wildcard.owneriq.net.edgekey.net

wildcard.owneriq.net.edgekey.net

IN CNAME

e11294.g.akamaiedge.net

e11294.g.akamaiedge.net

IN A

23.214.142.16
GET

http://www.google-analytics.com/ga.js

msedge.exe

Remote address:

142.250.200.46:80

Request

GET /ga.js HTTP/1.1
Host: www.google-analytics.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:215:0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting
Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:215:0"}],}
Server: Golfe2
Content-Length: 17168
Date: Thu, 09 Jan 2025 20:26:04 GMT
Expires: Thu, 09 Jan 2025 22:26:04 GMT
Cache-Control: public, max-age=7200
Age: 4956
Last-Modified: Tue, 12 Dec 2023 18:09:08 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
GET

https://scripts.lycos.com/catman/init.js

msedge.exe

Remote address:

209.202.254.12:443

Request

GET /catman/init.js HTTP/1.1
Host: scripts.lycos.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 09 Jan 2025 21:48:40 GMT
Server: Apache
Last-Modified: Wed, 01 Sep 2021 17:20:36 GMT
ETag: "9c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Fri, 10 Jan 2025 03:48:40 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 927
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
GET

http://scripts.lycos.com/catman3/code/tripod.lycos.com/memberembedded.js

msedge.exe

Remote address:

209.202.254.12:80

Request

GET /catman3/code/tripod.lycos.com/memberembedded.js HTTP/1.1
Host: scripts.lycos.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Intervention: <https://permanently-removed.invalid/feature/5718547946799104>; level="warning"
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 09 Jan 2025 21:48:40 GMT
Server: Apache
Last-Modified: Fri, 12 Jan 2024 20:53:50 GMT
ETag: "a08-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Fri, 10 Jan 2025 03:48:40 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 893
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

67.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.31.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

46.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

12.254.202.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.254.202.209.in-addr.arpa

IN PTR

Response

12.254.202.209.in-addr.arpa

IN PTR

originscriptslycoscom

12.254.202.209.in-addr.arpa

IN PTR

�@
DNS

www.googletagservices.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.187.194
GET

http://www.googletagservices.com/tag/js/gpt.js

msedge.exe

Remote address:

142.250.187.194:80

Request

GET /tag/js/gpt.js HTTP/1.1
Host: www.googletagservices.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Thu, 09 Jan 2025 21:48:40 GMT
Expires: Thu, 09 Jan 2025 21:48:40 GMT
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Location: https://www.googletagservices.com/tag/js/gpt.js
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
GET

https://www.googletagservices.com/tag/js/gpt.js

msedge.exe

Remote address:

142.250.187.194:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: www.googletagservices.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
dnt: 1
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

securepubads.g.doubleclick.net

msedge.exe

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

172.217.16.226
GET

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202501070101/pubads_impl.js?cb=31089614

msedge.exe

Remote address:

172.217.16.226:443

Request

GET /pagead/managed/js/gpt/m202501070101/pubads_impl.js?cb=31089614 HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

194.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.187.250.142.in-addr.arpa

IN PTR

Response

194.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f21e100net
DNS

226.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.16.217.172.in-addr.arpa

IN PTR

Response

226.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f21e100net

226.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f2�H
DNS

px.owneriq.net

Remote address:

8.8.8.8:53

Request

px.owneriq.net

IN A

Response

px.owneriq.net

IN CNAME

wildcard.owneriq.net.edgekey.net

wildcard.owneriq.net.edgekey.net

IN CNAME

e11294.g.akamaiedge.net

e11294.g.akamaiedge.net

IN A

23.214.142.16
DNS

73.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.159.190.20.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

udmserve.net

Remote address:

8.8.8.8:53

Request

udmserve.net

IN A

Response

udmserve.net

IN A

68.71.249.118
DNS

udmserve.net

Remote address:

8.8.8.8:53

Request

udmserve.net

IN A

Response

udmserve.net

IN A

68.71.249.118
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

platform.bidgear.com

Remote address:

8.8.8.8:53

Request

platform.bidgear.com

IN A

Response

platform.bidgear.com

IN A

172.67.74.36

platform.bidgear.com

IN A

104.26.3.107

platform.bidgear.com

IN A

104.26.2.107
DNS

platform.bidgear.com

Remote address:

8.8.8.8:53

Request

platform.bidgear.com

IN A

Response

platform.bidgear.com

IN A

104.26.3.107

platform.bidgear.com

IN A

172.67.74.36

platform.bidgear.com

IN A

104.26.2.107
DNS

8.153.16.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.153.16.2.in-addr.arpa

IN PTR

Response

8.153.16.2.in-addr.arpa

IN PTR

a2-16-153-8deploystaticakamaitechnologiescom
DNS

sp-log.lycos.com

msedge.exe

Remote address:

8.8.8.8:53

Request

sp-log.lycos.com

IN A

Response

sp-log.lycos.com

IN A

209.202.254.90
GET

https://sp-log.lycos.com/tp_cm.gif

msedge.exe

Remote address:

209.202.254.90:443

Request

GET /tp_cm.gif HTTP/1.1
Host: sp-log.lycos.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 09 Jan 2025 21:49:45 GMT
Server: Apache
Last-Modified: Mon, 06 Aug 2018 18:05:44 GMT
ETag: "2d-572c8204a63ec"
Accept-Ranges: bytes
Content-Length: 45
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif
DNS

www.paypalobjects.com

msedge.exe

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

paypal-dynamic-cdn.map.fastly.net

paypal-dynamic-cdn.map.fastly.net

IN A

151.101.131.1

paypal-dynamic-cdn.map.fastly.net

IN A

151.101.67.1

paypal-dynamic-cdn.map.fastly.net

IN A

151.101.3.1

paypal-dynamic-cdn.map.fastly.net

IN A

151.101.195.1
GET

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

msedge.exe

Remote address:

151.101.131.1:443

Request

GET /en_US/i/icon/pp_favicon_x.ico HTTP/2.0
host: www.paypalobjects.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/x-icon
etag: "5d5637bd-1536"
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
paypal-debug-id: 67869acbf9e2b
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000067869acbf9e2b-339207312860db5b-01
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
log-timing: fetch=146893,misspass=178,do_stream=0
log-origin: shield=SJC,src_ip=157.52.96.74,alternate_path=0,ip=157.52.96.33,port=443,name=shield_ssl_cache_sjc10033_SJC,status=200,reason=OK,method=GET,url="/en_US/i/icon/pp_favicon_x.ico",host=www.paypalobjects.com
accept-ranges: bytes
date: Thu, 09 Jan 2025 21:49:45 GMT
x-served-by: cache-sjc10033-SJC, cache-lcy-eglc8600064-LCY
x-cache: HIT, HIT
x-cache-hits: 19, 27496
x-timer: S1736459385.495076,VS0,VE0
vary: Accept-Encoding
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 5430
DNS

90.254.202.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.254.202.209.in-addr.arpa

IN PTR

Response
DNS

1.131.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.131.101.151.in-addr.arpa

IN PTR

Response
DNS

90.254.202.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.254.202.209.in-addr.arpa

IN PTR

Response

90.254.202.209.in-addr.arpa

IN PTR

gamesvilleboslycoscom

90.254.202.209.in-addr.arpa

IN PTR

weatherlycoscomve

90.254.202.209.in-addr.arpa

IN PTR

lycoscommx

90.254.202.209.in-addr.arpa

IN PTR

lycosit

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycoscl

90.254.202.209.in-addr.arpa

IN PTR

gas-prices�H

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycosse

90.254.202.209.in-addr.arpa

IN PTR

horoscope�H

90.254.202.209.in-addr.arpa

IN PTR

lycosfr

90.254.202.209.in-addr.arpa

IN PTR

searchlycoses

90.254.202.209.in-addr.arpa

IN PTR

search�g

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycosjp

90.254.202.209.in-addr.arpa

IN PTR

lycosbe

90.254.202.209.in-addr.arpa

IN PTR

infolycoscomco

90.254.202.209.in-addr.arpa

IN PTR

jobs��

90.254.202.209.in-addr.arpa

IN PTR

recipes�H

90.254.202.209.in-addr.arpa

IN PTR

hb�D

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycosno

90.254.202.209.in-addr.arpa

IN PTR

advertising�H

90.254.202.209.in-addr.arpa

IN PTR

lycosca

90.254.202.209.in-addr.arpa

IN PTR

jobs�&

90.254.202.209.in-addr.arpa

IN PTR

�g

90.254.202.209.in-addr.arpa

IN PTR

lycoskr

90.254.202.209.in-addr.arpa

IN PTR

www�&

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

info�

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

advertising�&

90.254.202.209.in-addr.arpa

IN PTR

www�C

90.254.202.209.in-addr.arpa

IN PTR

news�H

90.254.202.209.in-addr.arpa

IN PTR

infolycoscompe

90.254.202.209.in-addr.arpa

IN PTR

�C

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

�$

90.254.202.209.in-addr.arpa

IN PTR

weatherlycosde

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

advertising�$

90.254.202.209.in-addr.arpa

IN PTR

wwwlycoscouk

90.254.202.209.in-addr.arpa

IN PTR

www�p

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

wwwlycosconz

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

searchlycosfi

90.254.202.209.in-addr.arpa

IN PTR

jobsù

90.254.202.209.in-addr.arpa

IN PTR

infoù

90.254.202.209.in-addr.arpa

IN PTR

info�7

90.254.202.209.in-addr.arpa

IN PTR

info�r

90.254.202.209.in-addr.arpa

IN PTR

weatherlycosdk

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycoscomau

90.254.202.209.in-addr.arpa

IN PTR

searchlycos�.

90.254.202.209.in-addr.arpa

IN PTR

search�&

90.254.202.209.in-addr.arpa

IN PTR

www�$

90.254.202.209.in-addr.arpa

IN PTR

weatherlycosch

90.254.202.209.in-addr.arpa

IN PTR

search�p

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

�7

90.254.202.209.in-addr.arpa

IN PTR

history�H

90.254.202.209.in-addr.arpa

IN PTR

yellowpages�H

90.254.202.209.in-addr.arpa

IN PTR

weather�$

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

advertising�r

90.254.202.209.in-addr.arpa

IN PTR

advertising�C

90.254.202.209.in-addr.arpa

IN PTR

advertisinglycosin

90.254.202.209.in-addr.arpa

IN PTR

www�;

90.254.202.209.in-addr.arpa

IN PTR

wwwlycosnl

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

jobs�p

90.254.202.209.in-addr.arpa

IN PTR

search�z

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

companiesonlineorg

90.254.202.209.in-addr.arpa

IN PTR

weatherù

90.254.202.209.in-addr.arpa

IN PTR

www�7

90.254.202.209.in-addr.arpa

IN PTR

weather�z

90.254.202.209.in-addr.arpa

IN PTR

jobs�2

90.254.202.209.in-addr.arpa

IN PTR

info�C

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

lycosco�x

90.254.202.209.in-addr.arpa

IN PTR

www�r

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

weatherlycosie

90.254.202.209.in-addr.arpa

IN PTR

www�

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

wwwġ

90.254.202.209.in-addr.arpa

IN PTR

advertising�p

90.254.202.209.in-addr.arpa

IN PTR

advertising�?

90.254.202.209.in-addr.arpa

IN PTR

�p

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

jobs�H

90.254.202.209.in-addr.arpa

IN PTR

www�

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

advertising�'

90.254.202.209.in-addr.arpa

IN PTR

www�z

90.254.202.209.in-addr.arpa

IN PTR

sports�H

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

infolycosat

90.254.202.209.in-addr.arpa

IN PTR

�z

90.254.202.209.in-addr.arpa

IN PTR

jobs�'

90.254.202.209.in-addr.arpa

IN PTR

weather�;

90.254.202.209.in-addr.arpa

IN PTR

info�

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

daily-comics�H

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

search�?

90.254.202.209.in-addr.arpa

IN PTR

search�;

90.254.202.209.in-addr.arpa

IN PTR

�'

90.254.202.209.in-addr.arpa

IN PTR

info�;

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

info�g

90.254.202.209.in-addr.arpa

IN PTR

info�H

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

info�p

90.254.202.209.in-addr.arpa

IN PTR

jobs��

90.254.202.209.in-addr.arpa

IN PTR

jobs��

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

jobsǃ

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

infoǃ

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

info�&

90.254.202.209.in-addr.arpa

IN PTR

advertising�g

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

weather�

90.254.202.209.in-addr.arpa

IN PTR

www�H

90.254.202.209.in-addr.arpa

IN PTR

www�g

90.254.202.209.in-addr.arpa

IN PTR

weather�C

90.254.202.209.in-addr.arpa

IN PTR

info�2

90.254.202.209.in-addr.arpa

IN PTR

ġ

90.254.202.209.in-addr.arpa

IN PTR

advertisingǃ

90.254.202.209.in-addr.arpa

IN PTR

search�r

90.254.202.209.in-addr.arpa

IN PTR

�2

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

info�?

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

ǃ

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

search�$

90.254.202.209.in-addr.arpa

IN PTR

�

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

advertising�7

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

advertising�2

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

wwwǃ

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

advertisingù

90.254.202.209.in-addr.arpa

IN PTR

weather�7

90.254.202.209.in-addr.arpa

IN PTR

mail�H

90.254.202.209.in-addr.arpa

IN PTR

��

90.254.202.209.in-addr.arpa

IN PTR

search�2

90.254.202.209.in-addr.arpa

IN PTR

infoġ

90.254.202.209.in-addr.arpa

IN PTR

�

90.254.202.209.in-addr.arpa

IN PTR

weather�2

90.254.202.209.in-addr.arpa

IN PTR

www�'

90.254.202.209.in-addr.arpa

IN PTR

searchǃ

90.254.202.209.in-addr.arpa

IN PTR

www�?

90.254.202.209.in-addr.arpa

IN PTR

search�'

90.254.202.209.in-addr.arpa

IN PTR

searchġ

90.254.202.209.in-addr.arpa

IN PTR

weather�H

90.254.202.209.in-addr.arpa

IN PTR

advertising��

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

advertisingġ

90.254.202.209.in-addr.arpa

IN PTR

weather�?

90.254.202.209.in-addr.arpa

IN PTR

info�z

90.254.202.209.in-addr.arpa

IN PTR

ù

90.254.202.209.in-addr.arpa

IN PTR

weather�

90.254.202.209.in-addr.arpa

IN PTR

weather�&

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

lottery�H

90.254.202.209.in-addr.arpa

IN PTR

info�'

90.254.202.209.in-addr.arpa

IN PTR

advertising�;

90.254.202.209.in-addr.arpa

IN PTR

redirect�H

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

search�

90.254.202.209.in-addr.arpa

IN PTR

jobs��

90.254.202.209.in-addr.arpa

IN PTR

jobs�C

90.254.202.209.in-addr.arpa

IN PTR

www��

90.254.202.209.in-addr.arpa

IN PTR

ssl�H

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

search��

90.254.202.209.in-addr.arpa

IN PTR

weather��

90.254.202.209.in-addr.arpa

IN PTR

search�

90.254.202.209.in-addr.arpa

IN PTR

info��

90.254.202.209.in-addr.arpa

IN PTR

jobs�;

90.254.202.209.in-addr.arpa

IN PTR

searchù

90.254.202.209.in-addr.arpa

IN PTR

weather�r
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

142.250.200.46:80

http://www.google-analytics.com/ga.js

http

msedge.exe

908 B
18.8kB
13
19

HTTP Request

GET http://www.google-analytics.com/ga.js

HTTP Response

200
209.202.254.12:443

https://scripts.lycos.com/catman/init.js

tls, http

msedge.exe

1.6kB
5.8kB
10
11

HTTP Request

GET https://scripts.lycos.com/catman/init.js

HTTP Response

200
209.202.254.12:80

http://scripts.lycos.com/catman3/code/tripod.lycos.com/memberembedded.js

http

msedge.exe

762 B
1.7kB
7
7

HTTP Request

GET http://scripts.lycos.com/catman3/code/tripod.lycos.com/memberembedded.js

HTTP Response

200
142.250.187.194:80

http://www.googletagservices.com/tag/js/gpt.js

http

msedge.exe

641 B
845 B
7
6

HTTP Request

GET http://www.googletagservices.com/tag/js/gpt.js

HTTP Response

302
23.214.142.16:445

px.owneriq.net

260 B
5
142.250.187.194:443

https://www.googletagservices.com/tag/js/gpt.js

tls, http2

msedge.exe

2.7kB
42.1kB
38
40

HTTP Request

GET https://www.googletagservices.com/tag/js/gpt.js
172.217.16.226:443

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202501070101/pubads_impl.js?cb=31089614

tls, http2

msedge.exe

4.9kB
172.4kB
83
132

HTTP Request

GET https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202501070101/pubads_impl.js?cb=31089614
68.71.249.118:445

udmserve.net

260 B
5
172.67.74.36:445

platform.bidgear.com

260 B
5
104.26.3.107:445

platform.bidgear.com

260 B
5
104.26.2.107:445

platform.bidgear.com

260 B
5
104.26.3.107:139

platform.bidgear.com

260 B
5
209.202.254.90:443

https://sp-log.lycos.com/tp_cm.gif

tls, http

msedge.exe

1.6kB
4.0kB
9
9

HTTP Request

GET https://sp-log.lycos.com/tp_cm.gif

HTTP Response

200
209.202.254.90:443

sp-log.lycos.com

tls

msedge.exe

1.0kB
3.6kB
8
8
151.101.131.1:443

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

tls, http2

msedge.exe

1.8kB
11.4kB
15
18

HTTP Request

GET https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

HTTP Response

200
8.8.8.8:53

90.254.202.209.in-addr.arpa

dns

369 B
4.5kB
7
7

DNS Request

90.254.202.209.in-addr.arpa

8.8.8.8:53

scripts.lycos.com

dns

msedge.exe

63 B
79 B
1
1

DNS Request

scripts.lycos.com

DNS Response

209.202.254.12
8.8.8.8:53

px.owneriq.net

dns

60 B
153 B
1
1

DNS Request

px.owneriq.net

DNS Response

23.214.142.16
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

67.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

67.31.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

12.254.202.209.in-addr.arpa

dns

73 B
125 B
1
1

DNS Request

12.254.202.209.in-addr.arpa
8.8.8.8:53

www.googletagservices.com

dns

msedge.exe

71 B
87 B
1
1

DNS Request

www.googletagservices.com

DNS Response

142.250.187.194
8.8.8.8:53

securepubads.g.doubleclick.net

dns

msedge.exe

76 B
92 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

194.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

194.187.250.142.in-addr.arpa
8.8.8.8:53

226.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

226.16.217.172.in-addr.arpa
8.8.8.8:53

px.owneriq.net

dns

60 B
153 B
1
1

DNS Request

px.owneriq.net

DNS Response

23.214.142.16
224.0.0.251:5353

msedge.exe

531 B
8
8.8.8.8:53

73.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

73.159.190.20.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

udmserve.net

dns

58 B
74 B
1
1

DNS Request

udmserve.net

DNS Response

68.71.249.118
8.8.8.8:53

udmserve.net

dns

58 B
74 B
1
1

DNS Request

udmserve.net

DNS Response

68.71.249.118
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

platform.bidgear.com

dns

66 B
114 B
1
1

DNS Request

platform.bidgear.com

DNS Response

172.67.74.36

104.26.3.107

104.26.2.107
8.8.8.8:53

platform.bidgear.com

dns

66 B
114 B
1
1

DNS Request

platform.bidgear.com

DNS Response

104.26.3.107

172.67.74.36

104.26.2.107
8.8.8.8:53

8.153.16.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

8.153.16.2.in-addr.arpa
8.8.8.8:53

sp-log.lycos.com

dns

msedge.exe

62 B
78 B
1
1

DNS Request

sp-log.lycos.com

DNS Response

209.202.254.90
8.8.8.8:53

www.paypalobjects.com

dns

msedge.exe

67 B
207 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

151.101.131.1

151.101.67.1

151.101.3.1

151.101.195.1
8.8.8.8:53

90.254.202.209.in-addr.arpa

dns

73 B
73 B
1
1

DNS Request

90.254.202.209.in-addr.arpa
8.8.8.8:53

1.131.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

1.131.101.151.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
42cb6e08e02b8d7805eb646808d245dd

SHA1
78b24aeff7341775add94aa26c1e1e7e6b4c3f1b

SHA256
f6139f3323fc67eea0e207ffd287c66ecd34ccf87db6bb6603af5f53beaae8e8

SHA512
829eae3fa75860a6181754278db9b4ba7a3a783979203857b5abd707828c1356fbc913833a1f4133290ed009246540986690ee319a70825621321d4f93a39cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
523B

MD5
c4b369b0fb9d273f5fc27022542bd168

SHA1
5f76896c9cd55bbbf51f41f5f6f76e49ae7143a7

SHA256
f5593fdda70707a05b3b9ab912d9408771228820d619259a2aef4f52733be6ae

SHA512
041383644b1590a98c3cf10dfe49c90d20ac3a0a7bb1a28369ef30f166bc175a59ee0db623f19e5a353f4fc101672334ca7d56eda5b70b839a6a6bf946d0fe61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e441c6746096921010ef3522e55220d1

SHA1
97441f84480c92311f6151bcbb65b89e2a8a8e6b

SHA256
d3972634b5e69bc3a06b73e132eb375001d58be8b2662fb117d72d50241b06db

SHA512
7e8c699db0d7ae9cd47484060789b7df8f165dc357bdbb46d10fe2b5d87c34f5c3b57f19fd9c788cec48108c082dc75125b465dbce053866d37c5508f21b0a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1216089a74f285ee97da548ed7e7b2cc

SHA1
778fb20160d508e8d6d400d2939c67b36f6653df

SHA256
e6f08cea2c31db2e9a8c627491da280a561521f68daa0f82edf9f49d15b97d60

SHA512
1a5ce4c258a1dc89a223dcd7b1ca2bfd849b1e4389e411acc6c56d79ddd5c8e9da761f8bbc60efad9072ed28de900cd2852ffec7bcee123a13c390a19830c76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f81163783d3bfc4a6f90a7571843ae4

SHA1
c4669d6df99e460aaec7dbf7327a6655b15de3fd

SHA256
378191cb19bfcecd213617310ec4cf25ebdb32cb4404cc59b53f85c514768735

SHA512
a8d1a7d7f60041d2ac37758ab2b375877c4daff521fc46e5ab0290e2ff28c73fbf60c7a4964cf17470c934d92980e688238c7b9ab567aacd5a0bb95472bbe8ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8466419f50d871f1469deb112a0b3c1c

SHA1
51e2c809caf2d0a189935643d4b161dc6037437e

SHA256
71b63c20810c038d034defe3fd61c7f30d9a89c2082a75a4682d43a01fc7b898

SHA512
3e9143e0777f2aaa10574cc509e0d528db2b870158f59947b8625c63324d3b8e4e9690adff3fb9f2fb2b313b7cd693391562d4ea3ba377dc641f8a65f8cac25d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.