Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
05/02/2025, 10:49 UTC
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe
-
Size
141KB
-
MD5
9ed7cf6b6d3eedfa7a6521fe79966ad3
-
SHA1
7006fedeb6f79c82cd3bb66a24ab4af83c095af8
-
SHA256
105c8da7c072eb57f09212d67cbf6fe3d63cf12b8a1e4817f385e442750258ba
-
SHA512
a4faa0bec298ce5993849e5f5071cb297d97ba2720e8affe5a3e761264ece901878792d08020ccab0186636a18aa745524f82598311e44c24725737778e8f918
-
SSDEEP
3072:DmVZ3bRZW2+dzaw0sMJttlUyFlI+e+ANOdfut8Jj:cRDWB5A80I+NfutIj
Malware Config
Signatures
-
Detect XtremeRAT payload 5 IoCs
resource yara_rule behavioral2/memory/4016-9-0x0000000010000000-0x000000001004D000-memory.dmp family_xtremerat behavioral2/memory/4016-7-0x0000000010000000-0x000000001004D000-memory.dmp family_xtremerat behavioral2/memory/3156-10-0x0000000010000000-0x000000001004D000-memory.dmp family_xtremerat behavioral2/memory/4016-11-0x0000000010000000-0x000000001004D000-memory.dmp family_xtremerat behavioral2/memory/3156-12-0x0000000010000000-0x000000001004D000-memory.dmp family_xtremerat -
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4908 set thread context of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 -
resource yara_rule behavioral2/memory/4016-3-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/4016-5-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/4016-9-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/4016-7-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/3156-10-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/4016-11-0x0000000010000000-0x000000001004D000-memory.dmp upx behavioral2/memory/3156-12-0x0000000010000000-0x000000001004D000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
pid pid_target Process procid_target 1492 3156 WerFault.exe 85 2884 3156 WerFault.exe 85 -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4908 wrote to memory of 4016 4908 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 83 PID 4016 wrote to memory of 3156 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 85 PID 4016 wrote to memory of 3156 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 85 PID 4016 wrote to memory of 3156 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 85 PID 4016 wrote to memory of 3156 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 85 PID 4016 wrote to memory of 1412 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 86 PID 4016 wrote to memory of 1412 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 86 PID 4016 wrote to memory of 1412 4016 JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9ed7cf6b6d3eedfa7a6521fe79966ad3.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4016 -
C:\Windows\SysWOW64\svchost.exesvchost.exe3⤵
- System Location Discovery: System Language Discovery
PID:3156 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 4764⤵
- Program crash
PID:1492
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 4884⤵
- Program crash
PID:2884
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"3⤵PID:1412
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3156 -ip 31561⤵PID:2044
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3156 -ip 31561⤵PID:2180
Network
-
Remote address:8.8.8.8:53Requestg.bing.comIN AResponseg.bing.comIN CNAMEg-bing-com.ax-0001.ax-msedge.netg-bing-com.ax-0001.ax-msedge.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.28.10ax-0001.ax-msedge.netIN A150.171.27.10
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=3A5C8CED537861A608EC9967525F602D; domain=.bing.com; expires=Mon, 02-Mar-2026 10:49:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8DC60BDFF6114E42A7CFFEECD3B0D7B3 Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
date: Wed, 05 Feb 2025 10:49:31 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3A5C8CED537861A608EC9967525F602D
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA; domain=.bing.com; expires=Mon, 02-Mar-2026 10:49:31 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C5C5A7E83604E6C86EA1E6412994E25 Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
date: Wed, 05 Feb 2025 10:49:31 GMT
-
GEThttps://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=Remote address:150.171.28.10:443RequestGET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=3A5C8CED537861A608EC9967525F602D; MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA
ResponseHTTP/2.0 204
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E1E6DD9C5334D3AB5569C91432B285B Ref B: LON04EDGE0614 Ref C: 2025-02-05T10:49:31Z
date: Wed, 05 Feb 2025 10:49:31 GMT
-
Remote address:8.8.8.8:53Request2.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request8.8.8.8.in-addr.arpaIN PTRResponse8.8.8.8.in-addr.arpaIN PTRdnsgoogle
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
GEThttps://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90Remote address:95.101.143.183:443RequestGET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=3A5C8CED537861A608EC9967525F602D; MSPTC=X15FzV2tmw_mDi_iaLxAsLnSmSE94Bn7-VZ3eia-ecA
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Wed, 05 Feb 2025 10:49:32 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.48367a5c.1738752572.f1c861c
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request183.143.101.95.in-addr.arpaIN PTRResponse183.143.101.95.in-addr.arpaIN PTRa95-101-143-183deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request200.163.202.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.210.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request26.35.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request23.236.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesttse1.mm.bing.netIN AResponsetse1.mm.bing.netIN CNAMEmm-mm.bing.net.trafficmanager.netmm-mm.bing.net.trafficmanager.netIN CNAMEax-0001.ax-msedge.netax-0001.ax-msedge.netIN A150.171.27.10ax-0001.ax-msedge.netIN A150.171.28.10
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 272888
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C500951F602045118E288033C7213079 Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
date: Wed, 05 Feb 2025 10:51:10 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 304360
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9ED282710EC64060AEC7C9F230F0FA66 Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
date: Wed, 05 Feb 2025 10:51:10 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 533604
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3D8F08F5F7E24524A572467114D3D85C Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
date: Wed, 05 Feb 2025 10:51:10 GMT
-
GEThttps://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90Remote address:150.171.27.10:443RequestGET /th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
ResponseHTTP/2.0 200
content-length: 520601
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F65C2C647D754E3790D869EE09D5568E Ref B: LON04EDGE0813 Ref C: 2025-02-05T10:51:10Z
date: Wed, 05 Feb 2025 10:51:10 GMT
-
Remote address:8.8.8.8:53Request43.58.199.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request167.173.78.104.in-addr.arpaIN PTRResponse167.173.78.104.in-addr.arpaIN PTRa104-78-173-167deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request10.27.171.150.in-addr.arpaIN PTRResponse
-
150.171.28.10:443https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=tls, http22.0kB 9.3kB 21 18
HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=HTTP Response
204HTTP Request
GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=160235569a96496396cb46b53420b4cb&localId=w:BD540486-7284-18D7-F423-ED0B38A0579E&deviceId=6825842710383264&anid=HTTP Response
204 -
95.101.143.183:443https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90tls, http21.5kB 6.4kB 17 13
HTTP Request
GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90HTTP Response
200 -
1.2kB 6.9kB 15 13
-
150.171.27.10:443https://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90tls, http259.5kB 1.7MB 1242 1237
HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370991981_1ADN1Q80S15MZX0QS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90HTTP Request
GET https://tse1.mm.bing.net/th?id=OADD2.10239370991982_1AFUSB1APZJOHRJ13&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
1.2kB 6.9kB 15 13
-
1.2kB 6.9kB 15 13
-
56 B 148 B 1 1
DNS Request
g.bing.com
DNS Response
150.171.28.10150.171.27.10
-
71 B 157 B 1 1
DNS Request
2.159.190.20.in-addr.arpa
-
66 B 90 B 1 1
DNS Request
8.8.8.8.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
183.143.101.95.in-addr.arpa
-
74 B 160 B 1 1
DNS Request
200.163.202.172.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.210.232.199.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
26.35.223.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
23.236.111.52.in-addr.arpa
-
62 B 170 B 1 1
DNS Request
tse1.mm.bing.net
DNS Response
150.171.27.10150.171.28.10
-
71 B 157 B 1 1
DNS Request
43.58.199.20.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
167.173.78.104.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
10.27.171.150.in-addr.arpa