Report - george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/

Report Overview

URL

george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/
IP

188.114.97.1

ASN

#13335 CLOUDFLARENET
Submitted

2023-02-07T22:09:12Z

Access
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

1
Threat Detection Systems

2

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com (2)	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782	2374	35.241.9.150
r3.o.lencr.org (9)	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3042	7979	23.36.77.32
assets.msn.com (1)	188	2018-09-21T01:46:35Z	2023-03-13T07:40:47Z	425	5673	95.101.10.192
www2.bing.com (1)	1811	2018-06-25T01:16:21Z	2023-03-13T07:40:47Z	1415	1137	204.79.197.200
img-getpocket.cdn.mozilla.net (6)	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3245	62903	34.120.237.76
r.bing.com (2)	1184	2020-05-07T21:02:14Z	2023-03-13T05:20:38Z	2733	3579	95.101.10.122
content-signature-2.cdn.mozilla.net (1)	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413	5844	34.160.144.191
www.bing.com (37)	91	2012-05-21T17:02:58Z	2018-11-01T22:19:15Z	60418	221814	204.79.197.200
push.services.mozilla.com (1)	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606	127	54.149.71.248
george-login.buzz (2)	unknown	2023-02-02T13:07:00Z	2023-02-09T03:40:12Z	904	127670	188.114.97.1
contile.services.mozilla.com (1)	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333	391	34.117.237.239
login.microsoftonline.com (1)	25	2017-02-19T08:06:40Z	2019-07-18T10:58:27Z	1211	2069	20.190.159.22
login.live.com (1)	79	2012-05-21T09:00:20Z	2023-03-13T05:09:29Z	640	817	40.126.32.135
ocsp.digicert.com (2)	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682	1173	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-07T22:09:52Z	medium	Client IP	188.114.97.1	ET INFO HTTP Request to a *.buzz domain

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-07	medium	george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/	Malware
2023-02-07	medium	george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (67)

URL IP Response Size

george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/

188.114.97.1

301 Moved Permanently

URL HTTP/1.1

george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

                                        GET /sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/ HTTP/1.1
Host: george-login.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Feb 2023 22:09:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 07 Feb 2023 23:09:00 GMT
Location: https://george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwP1JwatyIcm0iMEyaiLr3xXvmdVrLzl0cxyPuG3%2Bn1yJx%2B4Lp7sETASjoIedhgy6BXO4Ma%2F6gh3MQN2k7tpqM5io622AKEeaJbOnZqHW%2BqhvTf2SCLjWBTKZjl07AvASpDCiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795f728b9d6b0b69-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

dca68db7aea32f6683ce8d542c078f04

19c495238df74fca680e21f18627ff94de5dd2e5

35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6990
Expires: Wed, 08 Feb 2023 00:05:30 GMT
Date: Tue, 07 Feb 2023 22:09:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

565c1bbc5c1c40be1988b3bf6fd9dc1a

cfdba5bc597130461dd67bf6cda53183be592493

60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8984
Expires: Wed, 08 Feb 2023 00:38:44 GMT
Date: Tue, 07 Feb 2023 22:09:00 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

bf0c602d32b3c14606f22a86183b5e3c

6eabd8d83475eba731968abe1a05a8bfd272f160

6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 07 Feb 2023 21:36:32 GMT
content-type: application/json
age: 1949
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.36.77.32:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

cc14b0d2f7c451f6431dc87ba54d1d60

bab8bfda6fa3e2f17125353f5147211787dc25d0

b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3563
Expires: Tue, 07 Feb 2023 23:08:24 GMT
Date: Tue, 07 Feb 2023 22:09:01 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

e76071a28ee566dababb3834f46d68ed

aebb4e68c1ba2de0f90025283e8ed8470944fde0

78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: /H/x2S8CXOvuinP1ZyHBR4lRO/axrh8Q2vGKywm24vvNXGtGa/PGBBC5/EHflB7wdrrFhyFlsRw=
x-amz-request-id: VJK5FZMXVBXWX3X5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 07 Feb 2023 21:45:43 GMT
age: 1398
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

1c52dabc9b7c1a8f3f8ce08ac1d02ad6

7662bc87359916db9e78f22d2a9edc2955273261

c33bf2063fdc7d675337478243448d7c4ec7d7377b04ba0e48b3d36ba3f8573a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=161511
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:09:01 GMT
Etag: "63e29fe4-117"
Expires: Thu, 09 Feb 2023 19:00:52 GMT
Last-Modified: Tue, 07 Feb 2023 19:00:52 GMT
Server: nginx
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Tue, 07 Feb 2023 22:09:01 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

279
Hash

1c52dabc9b7c1a8f3f8ce08ac1d02ad6

7662bc87359916db9e78f22d2a9edc2955273261

c33bf2063fdc7d675337478243448d7c4ec7d7377b04ba0e48b3d36ba3f8573a

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 0
Cache-Control: max-age=161511
Content-Type: application/ocsp-response
Date: Tue, 07 Feb 2023 22:09:01 GMT
Etag: "63e29fe4-117"
Expires: Thu, 09 Feb 2023 19:00:52 GMT
Last-Modified: Tue, 07 Feb 2023 19:00:52 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 279

www.bing.com/th?id=OHR.CodexMountains_EN-US2295216929_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&qlt=50

United States MICROSOFT-CORP-MSN-AS-BLOCK

204.79.197.200

200 OK

73647

URL HTTP/2

www.bing.com/th?id=OHR.CodexMountains_EN-US2295216929_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&qlt=50
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

JPEG image data, JFIF standard 1.01, resolution (DPI), density 0x0, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data

Size

73647
Hash

4ae4572731632c549e32933fff134703

198ccd3f02f4d1fe0eb8a81911e1d5f2b4ccd46b

9af9fc03089bd0128065c3eebf398d446877ff4e19dcbeb2b9815f901d5d569a

HTTP Headers

                                        GET /th?id=OHR.CodexMountains_EN-US2295216929_1920x1080.jpg&rf=LaDigue_1920x1080.jpg&qlt=50 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=691200
content-length: 73647
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0E34893CB7934F1B91C2C450C78C3C8B Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

r.bing.com/rp/lmu8EBCaPRMKtay8LSArGyY3mv4.br.js

95.101.10.122

200 OK

URL HTTP/2

r.bing.com/rp/lmu8EBCaPRMKtay8LSArGyY3mv4.br.js
IP

95.101.10.122:0
ASN

#20940 Akamai International B.V.

Magic

very short file (no magic)

Size

5
Hash

e5aa921deb86f8138026bb9c240820fb

966bbc10109a3d130ab5acbc2d202b1b26379afe

18b848a269a2d23ead68930fee1552542e8bd30c65f5d374d3ebea036c903381

HTTP Headers

                                        GET /rp/lmu8EBCaPRMKtay8LSArGyY3mv4.br.js HTTP/1.1
Host: r.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                        HTTP/2 200 OK
content-length: 5
content-type: application/x-javascript; charset=utf-8
content-encoding: br
content-md5: 5aqSHeuG+BOAJrucJAgg+w==
last-modified: Wed, 17 Aug 2022 06:39:21 GMT
etag: 0x8DA801B37C8EF2D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 22883801-601e-00b8-3ee2-f72cf3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=82547
expires: Wed, 08 Feb 2023 21:04:48 GMT
date: Tue, 07 Feb 2023 22:09:01 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.760a655f.1675807741.298433a4
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
X-Firefox-Spdy: h2

r.bing.com/rp/N7tKdYmlODF3joFiKWv51yR3FE4.svg

95.101.10.122

200 OK

1766

URL HTTP/2

r.bing.com/rp/N7tKdYmlODF3joFiKWv51yR3FE4.svg
IP

95.101.10.122:0
ASN

#20940 Akamai International B.V.

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1766), with no line terminators

Size

1766
Hash

946b8d209533755165d5d0fe8d795f22

37bb4a7589a53831778e8162296bf9d72477144e

d9233990059b3f88531f67b1c4725ef4f28f46564ae7e511472f48e2a84f9f1d

HTTP Headers

                                        GET /rp/N7tKdYmlODF3joFiKWv51yR3FE4.svg HTTP/1.1
Host: r.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

                                        HTTP/2 200 OK
content-length: 1766
content-type: image/svg+xml
content-md5: lGuNIJUzdVFl1dD+jXlfIg==
last-modified: Wed, 17 Aug 2022 05:49:33 GMT
etag: 0x8DA801442F5D6E9
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d4b31ee8-401e-0029-2cdf-fd4941000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cache-control: public, no-transform, max-age=221855
expires: Fri, 10 Feb 2023 11:46:36 GMT
date: Tue, 07 Feb 2023 22:09:01 GMT
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.760a655f.1675807741.298433aa
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
X-Firefox-Spdy: h2

www.bing.com/sa/simg/favicon-trans-bg-blue-mg.ico

204.79.197.200

200 OK

4286

URL HTTP/2

www.bing.com/sa/simg/favicon-trans-bg-blue-mg.ico
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data

Size

4286
Hash

30967b1b52cb6df18a8af8fcc04f83c9

aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

HTTP Headers

                                        GET /sa/simg/favicon-trans-bg-blue-mg.ico HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=15552000
content-length: 4286
content-type: image/x-icon
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-cache: TCP_HIT
server: Kestrel
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-/7geeYa9AjTqJ6NSFUBbPHMm4kUYG2CkAMAPBU/HAOo='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: 142C92A7304844AC9CC51BF3DF313569 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

www.bing.com/rp/6Hy0l7O248Q6ir-oX_Eoni2EIwg.br.js

204.79.197.200

200 OK

6683

URL HTTP/2

www.bing.com/rp/6Hy0l7O248Q6ir-oX_Eoni2EIwg.br.js
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

ASCII text, with very long lines (17343), with no line terminators

Size

6683
Hash

204bb375b5117b07884a137329e07bab

e87cb497b3b6e3c43a8abfa85ff1289e2d842308

030c5d06364c1a40ce1d47165d462d3ab67a135fe427978201cf376cf57f7ea1

HTTP Headers

                                        GET /rp/6Hy0l7O248Q6ir-oX_Eoni2EIwg.br.js HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: public, max-age=432000, no-transform, immutable
content-length: 6683
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: IEuzdbUReweIShNzKeB7qw==
last-modified: Wed, 14 Dec 2022 23:50:35 GMT
etag: 0x8DADE2DFE72E2EF
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: b9ef9644-001e-00e3-6204-3a15c8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-azure-ref-originshield: Ref A: E2883413BC694A8F902BD57EB89E6815 Ref B: AM3EDGE0615 Ref C: 2023-02-07T07:40:00Z
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaot"}]}
x-msedge-ref: Ref A: B24C6F027D6946DCB383839277AA4C65 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:54,%22CT%22:58,%22IL%22:2}}&P=SERP&DA=DUBE01

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:54,%22CT%22:58,%22IL%22:2}}&P=SERP&DA=DUBE01
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:-1,%22BC%22:-1,%22SE%22:-1,%22TC%22:-1,%22H%22:-1,%22BP%22:54,%22CT%22:58,%22IL%22:2}}&P=SERP&DA=DUBE01 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3F096C47C5C64C07912B59748B85AC3B Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/lsp.aspx?

204.79.197.200

204 No Content

URL HTTP/2

www.bing.com/fd/ls/lsp.aspx?
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /fd/ls/lsp.aspx? HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 344
Origin: https://www.bing.com
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 204 No Content
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9C6F9511A6714EE78AB6C0E0D23BC66D Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/

188.114.97.1

302 Found

126240

URL HTTP/2

george-login.buzz/sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/
IP

188.114.97.1:0
ASN

#13335 CLOUDFLARENET

Magic

OpenPGP Public Key\012- data

Size

126240
Hash

c869129706723fed30a21d508a64e9b4

29b74da0aa13a7aa5c23071ef18770dec8de2077

1016c57fe6168130abaf9cf864dccaab0b7befe05d26647a6d200a177503c99e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

NIDS	Severity	Alert
suricata	medium	ET INFO HTTP Request to a *.buzz domain

HTTP Headers

                                        GET /sparkat/a1b2c3/5982cc3a813cc018766e30b83f866fd9/login/ HTTP/1.1
Host: george-login.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                        HTTP/2 302 Found
date: Tue, 07 Feb 2023 22:09:01 GMT
content-type: text/html; charset=UTF-8
location: https://www.bing.com
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jnc4oEwktalSkvpZ4yVM%2Bul5bPrlYnBSFCin42B4YLMSvMHoHgd2kwrO437baKWcL9k9YOuJwTiN395TcsAdyXCjJuxBh%2BRq373Sm3aGJSKdvNcrAfJF8SSfKQ3QnDVzJ7219w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795f728dfa681c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.bing.com/hp/api/v1/codex?format=json&

204.79.197.200

200 OK

601

URL HTTP/2

www.bing.com/hp/api/v1/codex?format=json&
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

JSON data\012- , ASCII text, with very long lines (2148), with no line terminators

Size

601
Hash

c658b4f79c7ac1605c5cb4019f3cd1c3

0db3159a4ea7e2b90a486d1b6f4f01ad70bc1272

6cf73a2ce08b13aba14a2b5576aee3f0a84d4c560a4e2145d5b3f43a4d548756

HTTP Headers

                                        GET /hp/api/v1/codex?format=json& HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bing.com/
Content-type: application/json
Connection: keep-alive
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: private
content-length: 601
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; HttpOnly
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C0D3EF30BBB547BC910442C7DA0F7776 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

www.bing.com/images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=69EEAB20E54140E59BB58DFCBA54894F&

204.79.197.200

200 OK

16047

URL HTTP/2

www.bing.com/images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=69EEAB20E54140E59BB58DFCBA54894F&
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

HTML document, ASCII text, with very long lines (28929), with CRLF, LF line terminators

Size

16047
Hash

218891b79c98101f46317a8aae73fe04

fb6f90f58c95b5cbc2ef9deb97b0f185d908d63b

f2f459871dda8d39a51475e1e5854aa3abbdac7ca07805f8f51d0a09630c4ec4

HTTP Headers

                                        GET /images/sbi?mmasync=1&ptn=Homepage&IID=SBI&IG=69EEAB20E54140E59BB58DFCBA54894F& HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bing.com/
Content-type: application/json
Connection: keep-alive
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: private
content-length: 16047
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; HttpOnly
SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; domain=.bing.com; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; secure; SameSite=None
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E9BC4763563E4C55960E8B4B2E9F7254 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

www.bing.com/hp/api/model

204.79.197.200

200 OK

4676

URL HTTP/2

www.bing.com/hp/api/model
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

JSON data\012- , Unicode text, UTF-8 text, with very long lines (18752), with no line terminators

Size

4676
Hash

2c7239ea99769d1954de0fd5a0e6260c

1edb867e0d708d5701511bb15ff1fb521d2319f1

434b029106c2c5b15d1c10b8fc56606b330f83b57785fe404287c5538b4049a0

HTTP Headers

                                        GET /hp/api/model HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bing.com/
Content-type: application/json
Connection: keep-alive
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: private
content-length: 4676
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; HttpOnly
ULC=; domain=.bing.com; expires=Mon, 06-Feb-2023 22:09:01 GMT; path=/; secure; SameSite=None
_HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; domain=.bing.com; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; secure; SameSite=None
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2895DC273BDE4D029079C3571B165B14 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793282%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793282%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793282%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D1E48C3DDF2D40B4A69732778A6CC194 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793283%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793283%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1124%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793283%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DC74BA0C97E64FDAAC9140232770E271 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1127%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793286%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1127%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793286%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fmsnpopularnow%3F%26format%3Djson%26ecount%3D20%26efirst%3D0%26%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1127%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793286%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2B9DF199FE8C4B4F812C73CE30488240 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22https%3A%2F%2Fassets.msn.com%2Fbundles%2Fv1%2FbingHomepage%2Flatest%2Fwidget-initializer.js%22%2C%22error%22%3A%22%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22https%3A%2F%2Fassets.msn.com%2Fbundles%2Fv1%2FbingHomepage%2Flatest%2Fwidget-initializer.js%22%2C%22error%22%3A%22%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useDynamicModules%22%2C%22module%22%3A%22https%3A%2F%2Fassets.msn.com%2Fbundles%2Fv1%2FbingHomepage%2Flatest%2Fwidget-initializer.js%22%2C%22error%22%3A%22%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22Importing%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 532EA460EF3D4C2298D4A746421539D6 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1128%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793287%2C%22Name%22%3A%22requested%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED3784F1CED74B20AEA2D4B849DD0C78 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:00 GMT
content-length: 0
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 07 Feb 2023 21:14:52 GMT
age: 3249
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.bing.com/vs/ec/start.mp3

204.79.197.200

206 Partial Content

31561

URL HTTP/2

www.bing.com/vs/ec/start.mp3
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data

Size

31561
Hash

f139839a0b2291e7e31f2589454e470f

754ac75088a1b1c586acbe6751e52a1835a4e428

a8b226c9281cae3e162006c9d509f5bfc649724876ca81a95a48e7f1fa9886ef

HTTP Headers

                                        GET /vs/ec/start.mp3 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 206 Partial Content
cache-control: public, max-age=15552000
content-length: 31561
content-type: audio/mpeg
content-range: bytes 0-31560/31561
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-cache: TCP_HIT
server: Kestrel
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-28pEwDovvjLPWtFUmeF2jmd4M/p77uqZHZaDyxU7260='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: BBEEBBB2C9384C99B19BC5AA5BEDBF10 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
X-Firefox-Spdy: h2

www.bing.com/vs/ec/stop.mp3

204.79.197.200

206 Partial Content

35386

URL HTTP/2

www.bing.com/vs/ec/stop.mp3
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data

Size

35386
Hash

475028300cc8c44e7a4db97079bfca2b

09b8d7346324c456fcea95fa4826fc94686ce52c

45c8123c99a15aef1762667d2fbc2de1937449d20610023a21e47b313e3b7ee4

HTTP Headers

                                        GET /vs/ec/stop.mp3 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 206 Partial Content
cache-control: public, max-age=15552000
content-length: 35386
content-type: audio/mpeg
content-range: bytes 0-35385/35386
last-modified: Mon, 01 Jan 1601 00:00:00 GMT
x-cache: TCP_HIT
server: Kestrel
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
content-security-policy-report-only: script-src https: 'strict-dynamic' 'report-sample' 'nonce-CH6pKNDh2lOR196nQDUQsTfHkrR/tcNt+izzlF5T5A4='; base-uri 'self';report-to csp-endpoint
report-to: {"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}
x-msedge-ref: Ref A: B0E6AA47831847DB90ADB2E268B8FC89 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
X-Firefox-Spdy: h2

www.bing.com/hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&&

204.79.197.200

200 OK

2889

URL HTTP/2

www.bing.com/hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&&
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

JSON data\012- , Unicode text, UTF-8 text, with very long lines (13701), with no line terminators

Size

2889
Hash

918f6e311431b19b3b9c24e4ab33cee3

dcbaaea5524808512488e11bd7f7ae2b9c2487c0

6747e13e41be693bb7dc0a9a5bc37abec2c8c1d26546cae402908931e15c9df3

HTTP Headers

                                        GET /hp/api/v1/msnpopularnow?&format=json&ecount=20&efirst=0&& HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.bing.com/
Content-type: application/json
Connection: keep-alive
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6MX0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
cache-control: private
content-length: 2889
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; expires=Sun, 03-Mar-2024 22:09:01 GMT; path=/; HttpOnly
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66A5DBD20D6F43508C5069406774F06C Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A4A49802F7A940A084C1879245665603 Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fimages%2Fsbi%3Fmmasync%3D1%26ptn%3DHomepage%26IID%3DSBI%26IG%3D69EEAB20E54140E59BB58DFCBA54894F%26%22%2C%22format%22%3A%22dom%22%2C%22status%22%3A200%2C%22time%22%3A1198%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793357%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C2A70E99CAFB4B29A57CFBE024E8AFAB Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1199%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793358%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1199%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793358%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22status%22%3A200%2C%22time%22%3A1199%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793358%2C%22Name%22%3A%22fetched%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96F6754A55824E5FAFAC8B0D5974B3CB Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1255%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793414%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

URL HTTP/2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1255%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793414%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D
IP

204.79.197.200:0
ASN

#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET /fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fv1%2Fcodex%3Fformat%3Djson%26%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1255%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793414%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bing.com/
Cookie: SUID=M; MUID=3DA94B3D26F36B6E187A598C27A46A1A; MUIDB=3DA94B3D26F36B6E187A598C27A46A1A; _EDGE_V=1; SRCHD=AF=NOFORM; SRCHUID=V=2&GUID=4C44887A8F344FBBBDDE8383E9891ADA&dmnchg=1; SRCHUSR=DOB=20230207&T=1675807485000; _HPVN=CS=eyJQbiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiUCJ9LCJTYyI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiSCJ9LCJReiI6eyJDbiI6MSwiU3QiOjAsIlFzIjowLCJQcm9kIjoiVCJ9LCJBcCI6dHJ1ZSwiTXV0ZSI6dHJ1ZSwiTGFkIjoiMjAyMy0wMi0wN1QwMDowMDowMFoiLCJJb3RkIjowLCJHd2IiOjAsIkRmdCI6bnVsbCwiTXZzIjowLCJGbHQiOjAsIkltcCI6Mn0=; _UR=QS=0&TQS=0; _RwBf=ilt=6&ihpd=6&ispd=0&rc=0&rb=0&gb=0&rg=200&pc=0&mtu=0&rbb=0&g=0&cid=&clo=0&v=6&l=2023-02-07T08:00:00.0000000Z&lft=0001-01-01T00:00:00.0000000&aof=0&o=2&p=&c=&t=0&s=0001-01-01T00:00:00.0000000+00:00&ts=2023-02-07T22:08:49.2871532+00:00&rwred=0&wls=&lka=0&lkt=0&TH=; SRCHHPGUSR=SRCHLANG=en&BRW=M&BRH=M&CW=1280&CH=939&SCW=1280&SCH=939&DPR=1.0&UTC=0&DM=0&WTS=63811404528&HV=1675807788; _EDGE_S=SID=36BD02ECB79160EE0FF6105DB664615B; _SS=SID=36BD02ECB79160EE0FF6105DB664615B
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                        HTTP/2 200 OK
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 03BDA1E9F1684A9F8ED517E6723B5FEF Ref B: OSL30EDGE0209 Ref C: 2023-02-07T22:09:01Z
date: Tue, 07 Feb 2023 22:09:01 GMT
content-length: 0
X-Firefox-Spdy: h2

www.bing.com/fd/ls/l?IG=69EEAB20E54140E59BB58DFCBA54894F&TYPE=Event.ClientInst&DATA=%5B%7B%22func%22%3A%22useFetch%22%2C%22url%22%3A%22%2Fhp%2Fapi%2Fmodel%22%2C%22format%22%3A%22json%22%2C%22time%22%3A1255%2C%22T%22%3A%22CI.Data%22%2C%22TS%22%3A1675807793415%2C%22Name%22%3A%22parsed%22%2C%22FID%22%3A%22HP%22%7D%5D

204.79.197.200

200 OK

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (55)

#1 JS:Script (size: 1931)

#2 JS:Script (size: 43484)

#3 JS:Script (size: 938)

#4 JS:Script (size: 924)

#5 JS:Script (size: 12933)

#6 JS:Script (size: 13640)

#7 JS:Script (size: 520)

#8 JS:Script (size: 13338)

#9 JS:Script (size: 391)

#10 JS:Script (size: 19932)

#11 JS:Script (size: 64)

#12 JS:Script (size: 3278)

#13 JS:Script (size: 306)

#14 JS:Script (size: 17026)

#15 JS:Script (size: 110)

#16 JS:Script (size: 1284)

#17 JS:Script (size: 89)

#18 JS:Script (size: 1274)

#19 JS:Script (size: 920)

#20 JS:Script (size: 345)

#21 JS:Script (size: 2688)

#22 JS:Script (size: 425)

#23 JS:Script (size: 315)

#24 JS:Script (size: 252)

#25 JS:Script (size: 2524)

#26 JS:Script (size: 2965)

#27 JS:Script (size: 0)

#28 JS:Script (size: 28947)

#29 JS:Script (size: 5666)

#30 JS:Script (size: 327869)

#31 JS:Script (size: 258)

#32 JS:Script (size: 426)

#33 JS:Script (size: 20)

#34 JS:Script (size: 423)

#35 JS:Script (size: 1051)

#36 JS:Script (size: 17343)

#37 JS:Script (size: 358)

#38 JS:Script (size: 257)

#39 JS:Script (size: 21647)

#40 JS:Script (size: 226)

#41 JS:Script (size: 328)

#42 JS:Script (size: 443)

#43 JS:Script (size: 2015)

#44 JS:Script (size: 1228)

#45 JS:Script (size: 1234)

#46 JS:Script (size: 5793)

#47 JS:Script (size: 90)

#48 JS:Script (size: 1589)

#49 JS:Script (size: 576)

#50 JS:Script (size: 108360)

#51 JS:Script (size: 212)

#52 JS:Script (size: 3252)

#53 JS:Script (size: 27)

#54 JS:Script (size: 457)

#1 JS:Eval (size: 12)

HTTP Transactions (67)