www.msn.com/bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js
24 kB URL www.msn.com/bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash d0adad06e7f81b097894b3f9636548b9
7073b6c67897b0974c704da802f7b824eefc63ed
ba977bc5ca3698ce98222e90c8b12d0a79a671c38a10b75529a3ab4cc1fe913c
GET /bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, no-transform, max-age=31535892
content-length: 23791
content-type: application/javascript
content-encoding: br
content-md5: HZ+Eai0+2flE0ZZh3o8RGA==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C653BFDDF
vary: Origin
x-cache: TCP_HIT
x-ms-request-id: 71e1b0ac-001e-003d-70f5-23a2cc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.3.89,b=2356659887,c=g,n=SE_AB_STOCKHOLM,o=20940]
server-timing: clientrtt; dur=11, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.3.89
akamai-request-id: 8c77c6af
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.59034917.1701634260.8c77c6af
x-cid: 7
x-ccc: NO
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 747DC6B873EA437BA302005074E87C5B Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:25Z
date: Sun, 03 Dec 2023 20:34:24 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/common.8de80c11a664189ede48.js
200 OK 194 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/common.8de80c11a664189ede48.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (43246)
Size 194 kB (194493 bytes)
Hash 0043b9ffc96e8d3aaa3bf045ad223273
ae7291c15b59789c22a294253d0fdc0305a5ab15
441461dbaa3fade0daa392333b1a8032f6bb63f96247ec0ca0995cbd3f9903a3
GET /bundles/v1/views/latest/common.8de80c11a664189ede48.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 194493
content-md5: tOvZ1+587P8TqE51coD4kA==
last-modified: Fri, 01 Dec 2023 01:25:23 GMT
etag: 0x8DBF20C64261178
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bc8eb0c2-a01e-0081-51f5-235773000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:25 GMT
akamai-request-bc: [a=95.101.10.166,b=1569764397,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=5, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b42d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635665.5d90b42d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/vendors.a5d51e782e937e6dcd01.js
200 OK 77 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/vendors.a5d51e782e937e6dcd01.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65450)
Hash 7f67b6d24c2db86fa01b36c33e2bad6b
70809f107e8e82ea1d49eb6504c685b7cdb1ec5e
1124d86b609aff1120012b8ad5a23e3d25c3d969fa73a75d99fdf8992f93c477
GET /bundles/v1/views/latest/vendors.a5d51e782e937e6dcd01.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 77309
content-md5: DjlH3E3oitJo/cJ9XbXmfg==
last-modified: Sat, 18 Nov 2023 00:15:24 GMT
etag: 0x8DBE7CB7600BF73
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1889bbb1-101e-0016-6b55-2208d2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:25 GMT
akamai-request-bc: [a=95.101.10.166,b=1569764398,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b42e
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635665.5d90b42e
vary: Origin
X-Firefox-Spdy: h2
www.msn.com/resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]}
200 OK 89 kB URL GET HTTP/2 www.msn.com/resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]}
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 27979fd5fd95468b4a7dffe057f4455a
b1b86224019fca3799bc17ca4f8cec134ec7dfcb
9fd62a1ceb67472f661dafb154489e53c65d4047a59506a57a1871bda677fc2e
GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]} HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js
Connection: keep-alive
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=1728000,immutable
content-length: 88999
content-type: application/json; charset=utf-8
content-encoding: br
etag: "CueU2e5_WJXZJnW7CC96gQclJvY"
vary: Accept-Encoding
x-cache: TCP_MISS
x-crs-buildversion: 20231031.1_master
x-crs-env: Production
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
nel-report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
x-ceto-ref: C601118E4BF543E18DC362E28E9B2B69|2023-12-03T20:34:25.726Z
x-cid: 7
x-ccc: NO
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C601118E4BF543E18DC362E28E9B2B69 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:25Z
date: Sun, 03 Dec 2023 20:34:25 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/microsoft.b25f78faf650a419619e.js
200 OK 80 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/microsoft.b25f78faf650a419619e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65448)
Hash 37c9f203fdfb24c1635ec0fbad0b5fe0
e77b16ac382cb1a8acf184fc65e625813cad9302
5ae0fbe9df3d2dc797ef42ac999dd71bdb227daef1dcae15258487bd58325799
GET /bundles/v1/views/latest/microsoft.b25f78faf650a419619e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 79563
content-md5: I2xzYWZq8dO8Uhnr1C95lQ==
last-modified: Fri, 01 Dec 2023 01:25:26 GMT
etag: 0x8DBF20C66083D57
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cc2cac75-f01e-0046-4150-244b58000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:25 GMT
akamai-request-bc: [a=95.101.10.166,b=1569764399,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b42f
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635665.5d90b42f
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/experience.6bf12b7fb73fcde72463.js
200 OK 21 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/experience.6bf12b7fb73fcde72463.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3a34c8997fb33822a314a1e66268d9e3
406ccde65b05dddcb8c614644e3e3e647622ec87
475fad91be191c8cdda9fb8ccd94e9c150b880602b1b3e135f435f84c8bd8db1
GET /bundles/v1/views/latest/experience.6bf12b7fb73fcde72463.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 21432
content-md5: BBflnFj2xGf/bmqocZM4RQ==
last-modified: Sun, 03 Dec 2023 07:58:28 GMT
etag: 0x8DBF3D5A27BC273
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4a2e6813-d01e-0036-17be-257683000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:25 GMT
akamai-request-bc: [a=95.101.10.166,b=1569764400,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b430
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635665.5d90b430
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/eb-garamond-v14-latin-regular.woff2
200 OK 29 kB URL GET HTTP/2 assets.msn.com/statics/fonts/eb-garamond-v14-latin-regular.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 29060, version 1.0\012- data
Hash 6fbb1cf13dfeff58538dddd9e2ad485c
75349ef26441e9d0e3bd8885a7c0d85b90fec8d4
a9a77421c8118b715727105cef3b8507b343138b773bd105d5a4f9de0fea3779
GET /statics/fonts/eb-garamond-v14-latin-regular.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
etag: "6fbb1cf13dfeff58538dddd9e2ad485c:1601512997.736101"
last-modified: Thu, 01 Oct 2020 00:43:17 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 29088
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765146,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b71a
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b71a
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/SegoeUI-Roman-VF-subset_web.woff2
200 OK 41 kB URL GET HTTP/2 assets.msn.com/statics/fonts/SegoeUI-Roman-VF-subset_web.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 41012, version 1.0\012- data
Hash 72d13803e728b0ef3dfb6da311001643
70d88e7b15a97043c7e626d3eef544a0426b7209
782e446926028500371d007f39dd3459761921204f87975598558703f9a9af6d
GET /statics/fonts/SegoeUI-Roman-VF-subset_web.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
etag: "72d13803e728b0ef3dfb6da311001643:1562269510.048951"
last-modified: Thu, 04 Jul 2019 01:04:35 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 41006
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765148,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b71c
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b71c
vary: Origin
X-Firefox-Spdy: h2
www.msn.com/resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]}
200 OK 89 kB URL GET HTTP/2 www.msn.com/resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]}
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 27979fd5fd95468b4a7dffe057f4455a
b1b86224019fca3799bc17ca4f8cec134ec7dfcb
9fd62a1ceb67472f661dafb154489e53c65d4047a59506a57a1871bda677fc2e
GET /resolver/api/resolve/v3/config/?expType=AppConfig&expInstance=default&apptype=views&v=20231203.6&targetScope={%22audienceMode%22:%22adult%22,%22browser%22:{%22browserType%22:%22firefox%22,%22version%22:%22105%22,%22ismobile%22:%22false%22},%22deviceFormFactor%22:%22desktop%22,%22domain%22:%22www.msn.com%22,%22locale%22:{%22content%22:{%22language%22:%22en%22,%22market%22:%22us%22},%22display%22:{%22language%22:%22en%22,%22market%22:%22us%22}},%22os%22:%22windows%22,%22platform%22:%22web%22,%22pageType%22:%22article%22,%22pageExperiments%22:[%22prg-1s-wpocfp1%22,%22prg-1sw-cgxap%22,%22prg-1sw-cgxap-t1%22,%22prg-1sw-darkhover%22,%22prg-1sw-enableact%22,%22prg-1sw-esprtxp%22,%22prg-1sw-etbp1t3%22,%22prg-1sw-fidnoti%22,%22prg-1sw-financedp%22,%22prg-1sw-findef1%22,%22prg-1sw-findet1%22,%22prg-1sw-fnccombo%22,%22prg-1sw-header-event%22,%22prg-1sw-idxpd1%22,%22prg-1sw-imgqualityc%22,%22prg-1sw-kdp1t3%22,%22prg-1sw-p1wtrclm%22,%22prg-1sw-pde0%22,%22prg-1sw-premonsd%22,%22prg-1sw-ref1-p1-ctr%22,%22prg-1sw-rfcp1%22,%22prg-1sw-rr2fn%22,%22prg-1sw-rr2fp%22,%22prg-1sw-rv2hpc%22,%22prg-1sw-sacgadjc%22,%22prg-1sw-shipfin%22,%22prg-1sw-skipqueue%22,%22prg-1sw-spaipv2%22,%22prg-1sw-srdus%22,%22prg-1sw-tbrbrp2%22,%22prg-1sw-tbrcounter%22,%22prg-1sw-wxdmtctr7%22,%22prg-1sw-wxmptreplace%22,%22prg-1sw-wxnearbyrec%22,%22prg-1sw-wxovsig%22,%22prg-1sw-wxstm%22,%22prg-1sw-xref1-p2-ctrl%22,%22prg-ad-cbuxhld%22,%22prg-adspeek%22,%22prg-bd-unqiue-c%22,%22prg-c-peslt%22,%22prg-ctrlmidroll%22,%22prg-ias%22,%22prg-ntp-wxcm%22,%22prg-ntp-wxcmcb%22,%22prg-pcs-hdatainfo%22,%22prg-pr2-bndaunoen%22,%22prg-pr2-cntfbnrfc%22,%22prg-pr2-dualbgc%22,%22prg-pr2-nwpi8%22,%22prg-pr2-pagefilter%22,%22prg-pr2-stickypvts%22,%22prg-pr2-wpo3%22,%22prg-sh-bd-cm%22,%22prg-sh-bd-disbadge%22,%22prg-sh-bd-disgb%22,%22prg-sh-bd-disinsight%22,%22prg-sh-bd-newbanner%22,%22prg-sh-bd-newchckot%22,%22prg-sh-bd-nwchk%22,%22prg-sh-bd-sson%22,%22prg-sh-bd-xtracash%22,%22prg-sh-recopdp%22,%22prg-sh-rmitmlnk-c%22,%22prg-sh-sson%22,%22prg-sh-usecshk%22,%22prg-sh-usecshkpdp%22,%22prg-sp-liveapi%22,%22prg-spr-t-gp1025rbv9%22,%22prg-uaskafka-t%22,%22prg-ugc-likechange%22,%22prg-upsaip-r-t%22,%22prg-upsaip-w1-t%22,%22prg-upscache-t%22,%22prg-useplmtmgr%22,%22prg-vidad-ctrlwrap%22,%22prg-wpo-nocardsqsp%22,%22prg-wx-fredlg%22,%22prg-wx-fredlgm%22,%22prg-wx-wtp%22,%22prg-wxmnns%22]} HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
DNT: 1
Connection: keep-alive
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=1728000,immutable
content-length: 88999
content-type: application/json; charset=utf-8
content-encoding: br
etag: "CueU2e5_WJXZJnW7CC96gQclJvY"
vary: Accept-Encoding
x-cache: TCP_HIT
x-crs-buildversion: 20231031.1_master
x-crs-env: Production
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
nel-report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
x-ceto-ref: C601118E4BF543E18DC362E28E9B2B69|2023-12-03T20:34:25.726Z
x-cid: 7
x-ccc: NO
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C8FA4E7ED8EC4301A46D074256551545 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:26Z
date: Sun, 03 Dec 2023 20:34:25 GMT
X-Firefox-Spdy: h2
assets.msn.com/statics/icons/Microsoft_16_SVG.ico
200 OK 439 B URL GET HTTP/2 assets.msn.com/statics/icons/Microsoft_16_SVG.ico
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Hash 97c01a03c4853e2d603ef1930b43b64c
e022f5bc55271968e3070404ad68bf50a5a6a83a
a05e7e81e793eb280fff929bfd3d800ae2f85b637387a2e1368fac03e01b007f
GET /statics/icons/Microsoft_16_SVG.ico HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
etag: "97c01a03c4853e2d603ef1930b43b64c:1603829710.079931"
last-modified: Tue, 27 Oct 2020 20:15:10 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 439
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765304,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b7b8
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b7b8
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/components_views-header_dist_ViewsHeaderTelemetry_js-components_views-header_dist_index_js-li-068222.bc02265caabb064720cb.js
200 OK 22 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/components_views-header_dist_ViewsHeaderTelemetry_js-components_views-header_dist_index_js-li-068222.bc02265caabb064720cb.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (65371), with no line terminators
Hash 00ead1b73bab7c1f35183f2140aaed29
7a15965aa7c17f42cf07b38940f919cfd45bca3a
66ab90b4a373159cd6c8b0489fe22eb4476384d16805e113780e9c524084421a
GET /bundles/v1/views/latest/components_views-header_dist_ViewsHeaderTelemetry_js-components_views-header_dist_index_js-li-068222.bc02265caabb064720cb.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 22190
content-md5: VASc0OFo1CFGCBSfNa6yQg==
last-modified: Wed, 29 Nov 2023 22:36:19 GMT
etag: 0x8DBF12B9B300007
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 9fb31af6-001e-003d-0a14-23a2cc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765373,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b7fd
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b7fd
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_card-action-service_dist_CardActionContracts_js-libs_channel-utilities_dist_ono-skype_On-7ceaed.2959c7b3e3d75b53991d.js
200 OK 12 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_card-action-service_dist_CardActionContracts_js-libs_channel-utilities_dist_ono-skype_On-7ceaed.2959c7b3e3d75b53991d.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (39187)
Hash 10fd7615fe7ef39c7abab17ad403b19a
6fbd7ff19336ac5e04f828d5d088037c97e0178a
2350988de27bad3ca088b1b9e6316172cd54671409d8163b2fd9d17424842a2d
GET /bundles/v1/views/latest/libs_card-action-service_dist_CardActionContracts_js-libs_channel-utilities_dist_ono-skype_On-7ceaed.2959c7b3e3d75b53991d.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 12159
content-md5: lx9h9CC9LtyI/BBJRj9YnQ==
last-modified: Fri, 01 Dec 2023 01:25:23 GMT
etag: 0x8DBF20C63EE1639
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dfdb761b-401e-005d-0df5-23203f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765374,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b7fe
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b7fe
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/article-page.264f6d66e84785d53002.js
200 OK 63 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/article-page.264f6d66e84785d53002.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (31911)
Hash 1588c04a0a3cfbc921e167cb41f8c4c0
fa914471e276c915670e18ebc22516cbb29de9b5
7c6a810a3d2bd9c43dc8c444220d8870b86939c1fc4d5ef17f9a168e2890b060
GET /bundles/v1/views/latest/article-page.264f6d66e84785d53002.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 63042
content-md5: WiqaZS8ccGXn8LAkYWwobQ==
last-modified: Sun, 03 Dec 2023 07:58:27 GMT
etag: 0x8DBF3D5A1FD4E2E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 09468e84-d01e-009d-72be-2524d8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765376,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b800
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b800
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/consumption-feed.2d85f8e7206256a84730.js
200 OK 20 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/consumption-feed.2d85f8e7206256a84730.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash d75350180a5eba1b44ec92a251c48188
b5da1440ad00c78086707356bcabce046b2900ae
67ddfe355ee21a13db5728b711cbbc6006a01a89816e8a39e94795f261bce0f6
GET /bundles/v1/views/latest/consumption-feed.2d85f8e7206256a84730.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 20383
content-md5: E35oevywKneCOPgsAFiHRw==
last-modified: Wed, 29 Nov 2023 22:36:24 GMT
etag: 0x8DBF12B9E59B8FE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4233a005-b01e-008b-4114-237d31000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569765421,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b82d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b82d
vary: Origin
X-Firefox-Spdy: h2
btloader.com/tag?o=6208086025961472&upapi=true
200 OK 18 kB URL GET HTTP/2 btloader.com/tag?o=6208086025961472&upapi=true
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGoogle Trust Services LLC
Subjectbtloader.com
FingerprintCA:53:B2:07:58:99:D9:F5:8D:2A:FB:76:F6:B4:9F:6B:09:17:7F:40
ValidityThu, 19 Oct 2023 20:28:18 GMT - Wed, 17 Jan 2024 20:28:17 GMT
File type C source, ASCII text, with very long lines (53258)
Hash 6fd835483e70d93c6f97368e9e47d3de
17c8d9b81d2e030ef3f148599bc12fd9785119b8
3b1673f5328889d1e51be3ced0322ceca093224e139cd789a253744b798bf620
GET /tag?o=6208086025961472&upapi=true HTTP/1.1
Host: btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 20:34:26 GMT
content-type: application/javascript
content-length: 17966
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
content-encoding: gzip
etag: "1286f8c1594071e69c78b2ee4e2a6086"
last-modified: Sun, 03 Dec 2023 20:09:52 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: HIT
age: 1444
accept-ranges: bytes
server: cloudflare
cf-ray: 82fe97241f6d7130-OSL
X-Firefox-Spdy: h2
assets.msn.com/content/view/v2/Detail/en-us/AA1kQbHZ
200 OK 5.8 kB URL GET HTTP/2 assets.msn.com/content/view/v2/Detail/en-us/AA1kQbHZ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (12333), with no line terminators
Hash 674e7f6200f457a02333ce0a81df8ffe
ecd2d4810a9532729a0304cf7154aa018e682c8d
4e7f6a6b96f1444f9558e5fbe0e01b7dd12cc9b18174b95f5c759dfbdc33c9d8
GET /content/view/v2/Detail/en-us/AA1kQbHZ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
Connection: keep-alive
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-debugid: 656ce652-e15e-4a6b-a9a1-43098f120b9f|2023-12-03T20:34:26.2509995Z|fabric_msn|EUS1|News_126
onewebservicelatency: 11
x-msedge-responseinfo: 11
x-ceto-ref: 656ce652f4f84c6693a06dd348ccc7b8|2023-12-03T20:34:26.238Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5803
date: Sun, 03 Dec 2023 20:34:26 GMT
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:26 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27 Dec 2024 20:34:26 GMT; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569765181,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=250, origin; dur=227 , cdntime; dur=23
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b73d
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b73d
vary: Origin
X-Firefox-Spdy: h2
confiant.msn.com/8wUBVe8wmBTtU5IL4Akcv7tZSp0/msn/config.js
200 OK 47 kB URL GET HTTP/1.1 confiant.msn.com/8wUBVe8wmBTtU5IL4Akcv7tZSp0/msn/config.js
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint4C:6D:B3:44:31:DC:7D:C4:7A:6B:B6:6D:E8:53:62:04:FF:64:CE:B9
ValidityMon, 18 Sep 2023 23:15:04 GMT - Thu, 12 Sep 2024 23:15:04 GMT
File type Unicode text, UTF-8 text, with very long lines (47083)
Hash 005bd6743e8256ecae7399752c4bb58a
5bff7ffa4131ee0d300e08642ab518deaa21da2a
4adc61f2cdeb75871ca101d48a0c6482fb9425e309bd7cc6962048a5960d4061
GET /8wUBVe8wmBTtU5IL4Akcv7tZSp0/msn/config.js HTTP/1.1
Host: confiant.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 46951
x-amz-id-2: JPO4apfRX5gx7BPnx9z9CBjQm+h5KHYtjIIfdZCWGSMDLCQ58NrjRDo5fzAty5PUALtL7oi4C9Q=
x-amz-request-id: 573FXT7R69DHDJFE
Last-Modified: Mon, 23 Oct 2023 18:16:56 GMT
ETag: "fec471564a80a4fce7baabe66ad0c8e4"
x-amz-server-side-encryption: AES256
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 81ac07ab3c480a2d-ARN
Date: Sun, 03 Dec 2023 20:34:26 GMT
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: private, max-age=900
ad-delivery.net/px.gif?ch=2
200 OK 43 B URL GET HTTP/2 ad-delivery.net/px.gif?ch=2
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintD9:7E:C3:56:0A:04:84:BD:24:32:3D:C3:8E:66:52:26:37:E8:90:D3
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /px.gif?ch=2 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 20:34:26 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPp0wgCF-V8nWRRFweDLkLlZ59B9_HaB5uMb_BoI2XEvFDluZgJZMS-L6RsjtVqwyDwhSyI
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Thu, 23 Nov 2023 04:40:57 GMT
cache-control: public, max-age=86400
age: 924352
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXtwtZvZwJtjPqV3yo6vjAqaQEi6ew0W5VMoxtoSgh62p0zxyUAL5OmLhmaMN4aPaaBnSFWuEZ0kEsRAHI%2FAIS1oXQcf70ePxY5c0N%2FNQ%2FdVBt6W10qgHegv%2FXoZmDqybQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fe97250e2656ca-OSL
X-Firefox-Spdy: h2
ad-delivery.net/px.gif?ch=1&e=0.11951838238013313
200 OK 43 B URL GET HTTP/2 ad-delivery.net/px.gif?ch=1&e=0.11951838238013313
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintD9:7E:C3:56:0A:04:84:BD:24:32:3D:C3:8E:66:52:26:37:E8:90:D3
ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /px.gif?ch=1&e=0.11951838238013313 HTTP/1.1
Host: ad-delivery.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 20:34:26 GMT
content-type: image/gif
content-length: 43
x-guploader-uploadid: ABPtcPp0wgCF-V8nWRRFweDLkLlZ59B9_HaB5uMb_BoI2XEvFDluZgJZMS-L6RsjtVqwyDwhSyI
x-goog-generation: 1620242732037093
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 43
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Thu, 23 Nov 2023 04:40:57 GMT
cache-control: public, max-age=86400
age: 924352
last-modified: Wed, 05 May 2021 19:25:32 GMT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFfPVOUDV7veQCdsLzFov4hWADYkbDFSHf0ThBGZAvQSu5utl1od3ji8YdaGH35Yq0RBUI9QklCV8PkOAG4kcyDDXlSyqKOJZmpwwI8VMGTgJPJIQH7nD3%2BJ0DCFlcKxrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fe97250e3056ca-OSL
X-Firefox-Spdy: h2
api.btloader.com/mw/state?bt_env=prod
204 No Content 0 B URL GET HTTP/2 api.btloader.com/mw/state?bt_env=prod
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
FingerprintE3:DF:8E:52:D3:DB:3D:FB:A3:E9:88:5C:1C:A4:25:E5:21:14:71:2A
ValidityTue, 10 Oct 2023 05:09:40 GMT - Mon, 08 Jan 2024 06:03:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mw/state?bt_env=prod HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
access-control-allow-origin: *
vary: Origin
date: Sun, 03 Dec 2023 20:34:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
assets.msn.com/serviceak/news/feed/pages/viewspage?contentId=AA1kQbHZ&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
200 OK 3.6 kB URL GET HTTP/2 assets.msn.com/serviceak/news/feed/pages/viewspage?contentId=AA1kQbHZ&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (12069), with no line terminators
Hash 42011e790379e92e05f14387dfdd5bc2
1728c18ee3bc2192401fbb47eb5407226ad65884
5fffbf3617d543a546ed540443adaea241606e66485b31b4666c61ba6dbde8f8
GET /serviceak/news/feed/pages/viewspage?contentId=AA1kQbHZ&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: PageViewCount0;IsRecoNewUser:1;BingRecoCode:Success;RR:0
ddd-featureset: 0,Msn.OneDataService.Search.FeatureTracker.Models.NewsFeedFeature:wgAA;
ddd-activityid: 656ce652-0b38-4ed4-afba-f99cd037a6f0
ddd-strategyexecutionlatency: 00:00:00.3966155
ddd-debugid: 656ce652-0b38-4ed4-afba-f99cd037a6f0|2023-12-03T20:34:26.7290528Z|fabric_msn|NEU1|News_111
onewebservicelatency: 398
x-msedge-responseinfo: 398
x-ceto-ref: 656ce652323e42c5bc8e2a428fc13cd6|2023-12-03T20:34:26.328Z
expires: Sun, 03 Dec 2023 20:34:26 GMT
date: Sun, 03 Dec 2023 20:34:26 GMT
content-length: 3618
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:26 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27 Dec 2024 20:34:26 GMT; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569765422,c=g,n=NO__OSLO,o=20940],[a=20.166.136.152,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=438, origin; dur=437 , cdntime; dur=1
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90b82e
x-as-suppresssetcookie: 1, 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90b82e
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/view/v2/Detail/en-us/AA1kQbHZ
200 OK 5.8 kB URL GET HTTP/2 assets.msn.com/content/view/v2/Detail/en-us/AA1kQbHZ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (12333), with no line terminators
Hash 674e7f6200f457a02333ce0a81df8ffe
ecd2d4810a9532729a0304cf7154aa018e682c8d
4e7f6a6b96f1444f9558e5fbe0e01b7dd12cc9b18174b95f5c759dfbdc33c9d8
GET /content/view/v2/Detail/en-us/AA1kQbHZ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-debugid: 656ce652-e15e-4a6b-a9a1-43098f120b9f|2023-12-03T20:34:26.2509995Z|fabric_msn|EUS1|News_126
onewebservicelatency: 11
x-msedge-responseinfo: 11
x-ceto-ref: 656ce652f4f84c6693a06dd348ccc7b8|2023-12-03T20:34:26.238Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 5803
date: Sun, 03 Dec 2023 20:34:26 GMT
akamai-request-bc: [a=95.101.10.166,b=1569766475,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=4, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bc4b
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90bc4b
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/icons-wc/icons/MicrosoftStartLogo_light.svg
200 OK 2.4 kB URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/icons-wc/icons/MicrosoftStartLogo_light.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3266), with CRLF line terminators
Hash fe4a47c5f54824693678ad919a216187
3d8bd5644af41386655c88a9c4951ebd9be76d88
a8f4c574d5beed7e0eae7c3f70e9a5097a7605c6d184828c696fdef2ca490cbd
GET /staticsb/statics/latest/icons-wc/icons/MicrosoftStartLogo_light.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: /kpHxfVIJGk2eK2RmiFhhw==
last-modified: Fri, 01 Dec 2023 07:17:04 GMT
etag: 0x8DBF23D85690EB8
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a277a33d-001e-001a-4b8d-24c451000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:26 GMT
content-length: 2431
akamai-request-bc: [a=95.101.10.166,b=1569766476,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=4, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bc4c
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635666.5d90bc4c
vary: Origin
X-Firefox-Spdy: h2
api.btloader.com/country
200 OK 16 B IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
FingerprintE3:DF:8E:52:D3:DB:3D:FB:A3:E9:88:5C:1C:A4:25:E5:21:14:71:2A
ValidityTue, 10 Oct 2023 05:09:40 GMT - Mon, 08 Jan 2024 06:03:14 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 452880c1a375b8fba8c9499f0930d05f
ffe5484a23512c2a574d837fe2d3267b134e48c8
8b3383aa4c71f1d816bfaf33e3ef2e8ded067698a7798b9f306204d5777b140d
GET /country HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
content-type: application/json
vary: Origin
date: Sun, 03 Dec 2023 20:34:26 GMT
content-length: 16
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
api.btloader.com/pv?tid=xGD0xKyN&w=5671737388695552&o=6208086025961472&cv=2.1.24-1-g0c437e2&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&sid=N7PiNdoMW&pm=true&upapi=true
204 No Content 0 B URL GET HTTP/2 api.btloader.com/pv?tid=xGD0xKyN&w=5671737388695552&o=6208086025961472&cv=2.1.24-1-g0c437e2&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&sid=N7PiNdoMW&pm=true&upapi=true
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGoogle Trust Services LLC
Subjectapi.btloader.com
FingerprintE3:DF:8E:52:D3:DB:3D:FB:A3:E9:88:5C:1C:A4:25:E5:21:14:71:2A
ValidityTue, 10 Oct 2023 05:09:40 GMT - Mon, 08 Jan 2024 06:03:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pv?tid=xGD0xKyN&w=5671737388695552&o=6208086025961472&cv=2.1.24-1-g0c437e2&widget=false&r=false&vr=1280x1024&pageURL=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&sid=N7PiNdoMW&pm=true&upapi=true HTTP/1.1
Host: api.btloader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
vary: Origin
date: Sun, 03 Dec 2023 20:34:26 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1dxfIk.img?w=48&h=48&q=60&m=6&f=png&u=t
200 OK 3.1 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1dxfIk.img?w=48&h=48&q=60&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash 775adbaf587d1da8a5d9546504ec875d
f2f80ecc4f5d6103d033f41d6cd76bf61d336632
944daddcd14e8937d93a95887ef59d8734f39944f6fe1d7fb61ac8c823a43927
GET /tenant/amp/entityid/AA1dxfIk.img?w=48&h=48&q=60&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1dxfIk?w=48&h=48&q=60&m=6&f=png&u=t
last-modified: Sat, 02 Dec 2023 19:23:01 GMT
x-source-length: 9263
x-datacenter: eastus
x-activityid: 0c34f308-3345-45db-8252-e7c11e652977
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 3116
cache-control: public, max-age=341366
expires: Thu, 07 Dec 2023 19:23:53 GMT
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672572&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672572&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672572&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5110
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=15da6758809f4e64a7ae7f2ffef87a3b&HASH=15da&LV=202312&V=4&LU=1701635667332; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=0044103b31734a629370a355c7e3e65b; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5240
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672576&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672576&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672576&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5130
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=8f2a4dd04c6a4b2aac0dbce1c450b5a3&HASH=8f2a&LV=202312&V=4&LU=1701635667363; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=17b6fcafb971404488a65e31c4e32413; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5213
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/scrollPerfMetricTrackers.e55826a37609ea9d5069.js
200 OK 1.9 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/scrollPerfMetricTrackers.e55826a37609ea9d5069.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (8322), with no line terminators
Hash 396044de1b487700b598ffe90a0b1996
8b138bfb13db189037772a03160923d38e827aae
21dec1b0f43a6bec948535284dbffbf36e9c292c0c46429730dec9c7f1af7d49
GET /bundles/v1/views/latest/scrollPerfMetricTrackers.e55826a37609ea9d5069.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 1945
content-md5: 8el3+QV6IjsCL8U6PA5irQ==
last-modified: Fri, 01 Dec 2023 01:25:28 GMT
etag: 0x8DBF20C66C3192C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f29b0729-201e-006a-48f5-23f98a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767208,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf28
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf28
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/diagnostic-web-vitals.1384c5012075bb22aeb9.js
200 OK 2.7 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/diagnostic-web-vitals.1384c5012075bb22aeb9.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (7944), with no line terminators
Hash 39f2ca9c711f1b30cf8a6ec35dfc7d23
5619f3a8e3bc3582d1c0803f306edd8a2e44ee7e
5197971ed386a965ff761e0fe53bf8c7fb23afbf61493c7f9a0c0be3d563b04a
GET /bundles/v1/views/latest/diagnostic-web-vitals.1384c5012075bb22aeb9.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 2668
content-md5: gHkFYNv5wQsLjhyvd4KIJA==
last-modified: Sat, 18 Nov 2023 00:15:25 GMT
etag: 0x8DBE7CB7690704E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e7f4e4f8-f01e-0022-6f15-1c2207000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767210,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf2a
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf2a
vary: Origin
X-Firefox-Spdy: h2
api.msn.com/segments/recoitems/LiveRampObjectStoreCaller?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
404 Not Found 10 kB URL GET HTTP/2 api.msn.com/segments/recoitems/LiveRampObjectStoreCaller?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 910d9ba9c5ee610f4487314c91729d63
17495771fa83b5d04d2030cf8e4f56b7c732a145
37d3bbf8dd241c04515a4d2fdafae36eca0f33d6bf1fbd95ba94e9ab1df22677
GET /segments/recoitems/LiveRampObjectStoreCaller?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: api.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: application/json; charset=utf-8
content-encoding: br
vary: Accept-Encoding
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27 Dec 2024 20:34:26 GMT; path=/; httponly
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-debugid: 656ce652-ff67-4ceb-bd9f-4b370b0931c2|2023-12-03T20:34:26.5834981Z|fabric_segments|NEU1|Segment_25
onewebservicelatency: 8
x-msedge-responseinfo: 8
x-ceto-ref: 656ce6528119479da7d73f6926f8a821|2023-12-03T20:34:26.575Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 72A39ACBCB5D499694FAF7445ACA34CF Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:26Z
date: Sun, 03 Dec 2023 20:34:25 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_ad-service_dist_NativeAdService_js.ea229096de79d9bd3d3b.js
200 OK 36 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_ad-service_dist_NativeAdService_js.ea229096de79d9bd3d3b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2a4a8b0ab605dc054b511bddb6c30ca3
624ba80ef82eed11866f3d0c12580922a4c00187
01b8cdb9f979d710f7c805a59d3d62f4f262b626a37629255af40e511f261a24
GET /bundles/v1/views/latest/libs_ad-service_dist_NativeAdService_js.ea229096de79d9bd3d3b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 36372
content-md5: EQdK/a4LwbVxJTp2qmyj5g==
last-modified: Wed, 29 Nov 2023 22:36:26 GMT
etag: 0x8DBF12B9F8126D1
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 41de1bc8-501e-0098-6814-233179000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767213,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf2d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf2d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_helpers_ImageHelper_js-web-components_slideshow-base_dist_-cb22d4.d20cadbfbfc1d3699840.js
200 OK 30 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_helpers_ImageHelper_js-web-components_slideshow-base_dist_-cb22d4.d20cadbfbfc1d3699840.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (62884)
Hash 943c53214cc6a33710d98dd5613dd485
672947a8702631d0bc2e5df05f4dc0968b9b7ab2
48575b894a3d3f987c865192b8f9183e7536e66726563f042b0d2c76129f3197
GET /bundles/v1/views/latest/web-components_slideshow-base_dist_helpers_ImageHelper_js-web-components_slideshow-base_dist_-cb22d4.d20cadbfbfc1d3699840.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 30148
content-md5: 7YBKFxWWOyYUYSLONMcGPw==
last-modified: Fri, 01 Dec 2023 01:25:24 GMT
etag: 0x8DBF20C64D073E6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 71e1be5a-001e-003d-7ef5-23a2cc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767214,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf2e
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf2e
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_index_js.e63a2fdad254a808b73e.js
200 OK 7.1 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_index_js.e63a2fdad254a808b73e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (14447)
Hash 41ad5f5a8233a3faf7134d832697da89
81b8226b7e61e723b7fe1dc74710f872ca2aeca6
70c7dc6f0095da9119df2850861d3150e244093cbe59e3a9708dba9b2bd8b09c
GET /bundles/v1/views/latest/web-components_slideshow-base_dist_index_js.e63a2fdad254a808b73e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 7085
content-md5: zCYexbzu+JxolnKEwFU3Hg==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67CCAA9C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bc8eb604-a01e-0081-6af5-235773000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767215,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf2f
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf2f
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/icon-assets-LinkedInBlack.206fab4d09eb01b530dd.js
200 OK 2.0 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/icon-assets-LinkedInBlack.206fab4d09eb01b530dd.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (6052), with no line terminators
Hash 8bcc2846a56376f4570678314cc669f2
308cfca7982148a41c5ec13c50852ee5aad27492
3427197af7f242237715dcb4f0369352cfcc96ba13c2523303385788ad352bc8
GET /bundles/v1/views/latest/icon-assets-LinkedInBlack.206fab4d09eb01b530dd.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 1993
content-md5: ObCvPhXU6TdpGyC+hs4c9A==
last-modified: Wed, 29 Nov 2023 22:36:26 GMT
etag: 0x8DBF12B9FA7BD24
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 588c8341-f01e-0003-3914-23a25b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767216,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf30
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf30
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/icon-assets-Project.4ff9131a41d92d720f5f.js
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/icon-assets-Project.4ff9131a41d92d720f5f.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (4023), with no line terminators
Hash e3ee064e853ad7e98cccb881e739d7c1
bb0e4f030a2985a84b5ed81a9e771b2f4ffa8d53
057b46b355ca97c8b6377c090029cacd063e3cb197bd0a721a14134242090e94
GET /bundles/v1/views/latest/icon-assets-Project.4ff9131a41d92d720f5f.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 1502
content-md5: K5PblvGh6mOi08WPPfrr1w==
last-modified: Wed, 29 Nov 2023 22:36:25 GMT
etag: 0x8DBF12B9EBFE906
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0058fcac-101e-0010-4f14-23ee13000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767217,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf31
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf31
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_social-post-data-connector_dist_index_js.da9b567de438c7f0e579.js
200 OK 2.5 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_social-post-data-connector_dist_index_js.da9b567de438c7f0e579.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (9438), with no line terminators
Hash 97e697b0ca458c7f9462d5367bf23dc5
e7963808c3c4c21460949e0506755bd35b7d97c0
c86ef30b38b23b886802a6be5271231e7fd9aae276acbfdab61440822a7b3e5f
GET /bundles/v1/views/latest/libs_social-post-data-connector_dist_index_js.da9b567de438c7f0e579.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 2531
content-md5: lpQFbnkTfjs3s+AMGbL3ZQ==
last-modified: Sat, 18 Nov 2023 00:15:24 GMT
etag: 0x8DBE7CB75A64AE8
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2da1bf32-701e-0064-26c9-223864000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767218,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf32
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf32
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672731&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672731&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635672731&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 8341
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=53a0108d4af44b3ca719555cb56e2a5b&HASH=53a0&LV=202312&V=4&LU=1701635667441; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=0d4848e131c24d928987882d37a91e2e; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5290
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/auth/msal-browser-2.18.0.min.js
200 OK 49 kB URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/auth/msal-browser-2.18.0.min.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (17490), with CRLF line terminators
Hash d572a17d114a0de0533cc8ddcc9ebfc4
eba003c8c36b8fb52be4b0f8eda4de60c2ec54c6
80727dfc65d83379c73caa9a65b9146c17094a4cbae05b09eb97ae2bd74dd30e
GET /staticsb/statics/latest/auth/msal-browser-2.18.0.min.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-md5: 1XKhfRFKDeBTPMjdzJ6/xA==
last-modified: Fri, 01 Dec 2023 07:16:52 GMT
etag: 0x8DBF23D7DC559C4
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c386aade-c01e-005e-163c-24d35f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:27 GMT
content-length: 49441
akamai-request-bc: [a=95.101.10.166,b=1569767219,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf33
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf33
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/common-segments.71170d1ab8bdf117f35d.js
200 OK 24 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/common-segments.71170d1ab8bdf117f35d.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (26744)
Hash 99b83a9df200500c2b669b7cc146ef1a
a869319d0e6c52a6c7f3a5560013be2882cc09d9
a73dd879ae06683e90889d34cea591549c707bf81640c51b2f2c6d266d850c79
GET /bundles/v1/views/latest/common-segments.71170d1ab8bdf117f35d.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 23566
content-md5: 0b17/Y2/nHzgEKwkNHN78g==
last-modified: Fri, 01 Dec 2023 01:25:26 GMT
etag: 0x8DBF20C65A64F7D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 021ca4ba-601e-004f-10f5-23927a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767220,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf34
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf34
vary: Origin
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1a1ril.img?w=300&h=300&m=6
200 OK 16 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1a1ril.img?w=300&h=300&m=6
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash c3a7b6ae66b86d277e560eb1aa173766
7acd2ff67b8949f19591aef3fa4329aa91896016
e763a244311ea7c581e8a76ba6d1c23a44dc7d055a7addd8fb3499350a910b50
GET /tenant/amp/entityid/AA1a1ril.img?w=300&h=300&m=6 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Wed, 29 Nov 2023 20:45:47 GMT
x-datacenter: eastap
x-activityid: 8b8d32a9-23d7-45fa-9480-0f4eea947412
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-type: image/jpeg
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1a1ril?w=300&h=300&m=6
x-source-length: 33877
content-length: 16384
cache-control: public, max-age=87137
expires: Mon, 04 Dec 2023 20:46:44 GMT
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/content/view/v2/provider/en-us/AAd4FLD
200 OK 678 B URL GET HTTP/2 assets.msn.com/content/view/v2/provider/en-us/AAd4FLD
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1596), with no line terminators
Hash b3ce4e4418e6b0d728706e5f5e1a6e40
925ccb9ef41c2f129dadc678a0736a5370f906a4
edee143fed69631e0b74ca825525fec3b3ca5ad0c0aab6ee6e08d37a9b50f249
GET /content/view/v2/provider/en-us/AAd4FLD HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: Unknown
ddd-debugid: 656ce653-589c-45f1-acd1-4dddf121facf|2023-12-03T20:34:27.3491837Z|fabric_msn|NEU1|News_59
onewebservicelatency: 2
x-msedge-responseinfo: 2
x-ceto-ref: 656ce653bfa7472faf105e034ffd3af4|2023-12-03T20:34:27.343Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 678
date: Sun, 03 Dec 2023 20:34:27 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUID=28B450B8DB9B61481E9C4364DAEC6081; expires=Fri, 27 Dec 2024 20:34:27 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=28B450B8DB9B61481E9C4364DAEC6081; expires=Fri, 27 Dec 2024 20:34:27 GMT; path=/; httponly
_EDGE_S=F=1&SID=12DCD1242CE36B461B64C2F82D946A8A; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:27 GMT; domain=.msn.com; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569767207,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=61, origin; dur=0 , cdntime; dur=61
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf27
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf27
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/common-feed-libs.30e8124b520e3647c719.js
200 OK 51 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/common-feed-libs.30e8124b520e3647c719.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (38906)
Hash 186ec6b928480c951e338c2636c25015
0e1d7ab892524d22db5cf1dcab24f159514cf3ca
3d9a2ee9938c9c31b03b47508ef67fc8774b7abf7914e0cb6b05cbc36b175b85
GET /bundles/v1/views/latest/common-feed-libs.30e8124b520e3647c719.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 50994
content-md5: 4hqQCBjEbPe5YqBGq5w9/w==
last-modified: Wed, 29 Nov 2023 22:36:25 GMT
etag: 0x8DBF12B9F21ACBF
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 51ad847d-c01e-007f-6a14-235303000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767397,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfe5
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfe5
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/node_modules_cs-core_design-system_dist_esm_components_button_button_definition_js-node_modul-2bc8f6.a88acd62e776d87fb3b2.js
200 OK 12 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/node_modules_cs-core_design-system_dist_esm_components_button_button_definition_js-node_modul-2bc8f6.a88acd62e776d87fb3b2.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (19955)
Hash 12b2884c3fc30991edded884d820e449
f894a97a47a8e50e7f41edac26f4c93e1db9f696
30d63f9b55024bcfa15b4fa76eab15d9a43e1f28a399d3f9a187997b650ebee1
GET /bundles/v1/views/latest/node_modules_cs-core_design-system_dist_esm_components_button_button_definition_js-node_modul-2bc8f6.a88acd62e776d87fb3b2.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 12049
content-md5: MuXr7vaBxtwCAyqCbUtHrg==
last-modified: Wed, 29 Nov 2023 22:36:24 GMT
etag: 0x8DBF12B9E07F8F8
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4f69942b-901e-009f-2d84-2329b5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767398,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfe6
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfe6
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-web-components_common-header_dist_define-ele-973233.3026006015e9d081a527.js
200 OK 46 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-web-components_common-header_dist_define-ele-973233.3026006015e9d081a527.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (29560)
Hash 8d665f8de928a8252c65c5b1cd7168ba
47bb4256930fe76fb203edd40582f696d89b699e
43803456944c6086e85e287128fcfbab0515742df41634339808c3420e892f1a
GET /bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-web-components_common-header_dist_define-ele-973233.3026006015e9d081a527.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 45568
content-md5: JaXUifF7Y+7AVmjsgvoeCw==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67D50E4E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bc8eb6ab-a01e-0081-4af5-235773000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767399,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfe7
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfe7
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/common-header.b12ef498730b69285a8b.js
200 OK 8.5 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/common-header.b12ef498730b69285a8b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (20045)
Hash 055d64b5615a63b0cbf5de5f13daed1f
c63b3666f8bc69d2564eaad532ac9cb9b9439e58
bc7a2e3d9f7f2781d8e3cf17da560008417eda6d161f7ebed5ffbc26c81a4990
GET /bundles/v1/views/latest/common-header.b12ef498730b69285a8b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 8499
content-md5: Mf1MYe0ijkM1Gvo7UFv75g==
last-modified: Sat, 18 Nov 2023 00:15:21 GMT
etag: 0x8DBE7CB73DB9C47
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2da2d12f-701e-0064-53c9-223864000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767400,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfe8
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfe8
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/feedback-link.05bb14210db3873aa01e.js
200 OK 3.1 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/feedback-link.05bb14210db3873aa01e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (9810), with no line terminators
Hash 737bf683cd080a352a71e9c774027126
1f27742306f86a577df47d030b820b97312f86d2
457897146823898e08e31bd557b24728f6244c5bbe5a5a807f9fca13a057fef4
GET /bundles/v1/views/latest/feedback-link.05bb14210db3873aa01e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 3132
content-md5: CSXNJ6AN2WFImKfkwelPKQ==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C652B3667
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a6aa9f27-301e-0023-552d-24dc0a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767401,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfe9
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfe9
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/components_icon_dist_icons_GlyphInline_js-components_pop-over_dist_index_js-node_modules_micr-a9215c.31b3cf4fb18b4805a4bc.js
200 OK 12 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/components_icon_dist_icons_GlyphInline_js-components_pop-over_dist_index_js-node_modules_micr-a9215c.31b3cf4fb18b4805a4bc.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65321), with no line terminators
Hash 4bf4d2545f1f653d5850ecaa17f0858c
0c2705de95d9f65f375948d2550a3ed8e79d6bd6
b3bd459fa4fa4cc0929e385e062bb844e05a529c813c23aceb006d0d294831b9
GET /bundles/v1/views/latest/components_icon_dist_icons_GlyphInline_js-components_pop-over_dist_index_js-node_modules_micr-a9215c.31b3cf4fb18b4805a4bc.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 11745
content-md5: QeoVkmWoZKHVMvFX0nxvEA==
last-modified: Fri, 01 Dec 2023 01:25:24 GMT
etag: 0x8DBF20C64A548D9
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b0361e2d-f01e-0024-21f5-23c4c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767402,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfea
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfea
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/one-footer.e459e948d95c5deb1d0e.js
200 OK 24 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/one-footer.e459e948d95c5deb1d0e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash f25d289d41bc29c2c54388cafe7668a3
70c5b18e14d599ecbb71c12e7ada42b45462a087
e0ab3db6b1c9ccc45607ef6da4f78914a39752e3c7dbb8ec025186c4f6096c2a
GET /bundles/v1/views/latest/one-footer.e459e948d95c5deb1d0e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 24091
content-md5: hxjFxx6KCiIEoJBz/D45Ow==
last-modified: Sat, 18 Nov 2023 00:15:26 GMT
etag: 0x8DBE7CB77209656
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c1fe9d91-b01e-0065-1e94-1bc669000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767403,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfeb
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfeb
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/breaking-news.21a2e626e66c9983df9c.js
200 OK 2.9 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/breaking-news.21a2e626e66c9983df9c.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (8923), with no line terminators
Hash 1cbc471d44c4c99c8f6e7f711c726219
be04261d9c4568ba0b1fc00d4ace1029efff6b7d
3d109affd0335ea739bea3fb44fa8f233f5208d9584f9755311b0bed3dbaae01
GET /bundles/v1/views/latest/breaking-news.21a2e626e66c9983df9c.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 2885
content-md5: LLQDx6cohSQbA1lNPJYROQ==
last-modified: Sat, 18 Nov 2023 00:15:20 GMT
etag: 0x8DBE7CB735FE6DE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0667e487-b01e-0044-465c-224635000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767404,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfec
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfec
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-libs_social-data-service_dist_service_Social-ee837b.47f92ea42dc09e89f0c7.js
200 OK 19 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-libs_social-data-service_dist_service_Social-ee837b.47f92ea42dc09e89f0c7.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65526), with no line terminators
Hash 06d202060e52235e34566a95d88d4758
b6f98dbc289aa3add5b97ec75f7722ece8846b9f
e929edff41c1bbda54c24d8f712cfa63dd6a63767860872944ad93fee9c6e249
GET /bundles/v1/views/latest/libs_fundamentals_dist_utilities_getFetchImpl_js-libs_social-data-service_dist_service_Social-ee837b.47f92ea42dc09e89f0c7.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 19208
content-md5: 7NnqrWmjA09K7nfIuHRBWA==
last-modified: Wed, 29 Nov 2023 22:36:22 GMT
etag: 0x8DBF12B9D0DD77F
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 65ddd99a-f01e-0005-5614-23449a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767405,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfed
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfed
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social.2ccbdf174c4534cd7c2f.js
200 OK 65 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social.2ccbdf174c4534cd7c2f.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash a502b087708753b961714e95e5294a86
ad63e87d0c7d0a9b672ca99981f1153875888b61
fd1db70e7a3306217e72e298a1c8fb8d1bbbf7ac896939556cc3adfe5988d531
GET /bundles/v1/views/latest/social.2ccbdf174c4534cd7c2f.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 65354
content-md5: EwoGmmHpHCiZHTZa0a/LsA==
last-modified: Sat, 18 Nov 2023 00:15:18 GMT
etag: 0x8DBE7CB723B556E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 70be2619-a01e-004e-077e-206c77000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767406,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfee
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfee
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/toast.2329d57c0fd08a58c8d5.js
200 OK 36 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/toast.2329d57c0fd08a58c8d5.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 392445fe9099e889b5967e02374bef35
41ab3ceb4401661d8e8faaff8bb35901dc9422c3
9bac4ec4117fd7d14a85660a1850ed537be29c330b97df4ac2e3c3f759337f36
GET /bundles/v1/views/latest/toast.2329d57c0fd08a58c8d5.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 35738
content-md5: EnFoh0Eqi6Yl1ZHJZ5ufRg==
last-modified: Fri, 01 Dec 2023 01:25:28 GMT
etag: 0x8DBF20C672443C9
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dfdb7d5a-401e-005d-0af5-23203f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767407,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bfef
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bfef
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_actions-menu_dist_index_js.68196ff46f6a717b6e9e.js
200 OK 16 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_actions-menu_dist_index_js.68196ff46f6a717b6e9e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (20459)
Hash 9bada8094f5dfefc1b8813bee881f141
9c3251568d4d71bea9bb618be3d9a688246ade85
58d9ec2e88fe699f51ebf0912dea0e9427bd2b93877c8728f7d4f5d90e0b30ab
GET /bundles/v1/views/latest/web-components_actions-menu_dist_index_js.68196ff46f6a717b6e9e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 15679
content-md5: yPquDyhE9cygwXG8bYsjQA==
last-modified: Sat, 18 Nov 2023 00:15:26 GMT
etag: 0x8DBE7CB77117C7D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c8aa9bd9-f01e-0024-4210-1ec4c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767408,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bff0
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bff0
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/card-actions-wc.a934d12c468754db3ba2.js
200 OK 46 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/card-actions-wc.a934d12c468754db3ba2.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (57295)
Hash db5e74da1cda1b453436659eb681b34a
465fcba01c2b6f4089e1680de65531d6ae1bdd24
48c9e553f92667fb63278ad6de9b0134a38cd57c4e02762d64ce18ce54995ff4
GET /bundles/v1/views/latest/card-actions-wc.a934d12c468754db3ba2.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 46498
content-md5: 0eHNQLSwA/6+40GOz71WRQ==
last-modified: Fri, 01 Dec 2023 01:25:28 GMT
etag: 0x8DBF20C66C11D85
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bf6e358d-401e-0018-20f5-23c93c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767409,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bff1
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bff1
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/common-cscore.bac40a983a09e6b1fd76.js
200 OK 4.1 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/common-cscore.bac40a983a09e6b1fd76.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (14026), with no line terminators
Hash 177e8751559a21fac8840554d926f5b8
18b82dfe8cacb55b091ecdb5fcfab550d4a2d980
2d7d190221623cd841bb2a57e530d431fb0e3b730673bfc4320747298cd6b514
GET /bundles/v1/views/latest/common-cscore.bac40a983a09e6b1fd76.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 4075
content-md5: 4+aLISoT4T338pv3gIRRnA==
last-modified: Sat, 18 Nov 2023 00:15:18 GMT
etag: 0x8DBE7CB728CF110
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 68ac08c1-101e-0010-3dc6-1bee13000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767410,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bff2
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bff2
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/node_modules_markdown-it-sup_index_js-node_modules_markdown-it_index_js.52342e5e8a119d43db82.js
200 OK 30 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/node_modules_markdown-it-sup_index_js-node_modules_markdown-it_index_js.52342e5e8a119d43db82.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65442), with no line terminators
Hash e0bb85e4645baad39a8541d4e2d41699
b84de721b2b16d6c3e179f15abdfc063d2399f66
bc93734e7e87f01a3fc5b3e77ab67336ea84c4cfbd18ee01603fc49126b9cf9e
GET /bundles/v1/views/latest/node_modules_markdown-it-sup_index_js-node_modules_markdown-it_index_js.52342e5e8a119d43db82.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 29619
content-md5: FxH7r05WDaICbxXTgU36mw==
last-modified: Sat, 18 Nov 2023 00:15:20 GMT
etag: 0x8DBE7CB73BAF792
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e984c4d8-301e-0023-6b0d-1ddc0a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767411,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bff3
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bff3
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-comment-wc.0fc414a002ec7b47490b.js
200 OK 51 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-comment-wc.0fc414a002ec7b47490b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (48741)
Hash 3d6e6076f5c97585d38b49baed3ec10c
42155794a773a344011da1bce4c5fed7aba9084f
c0bc593bd887a425f51b34a1c1356704f59edbb6343b04830ccbfb4ba0da79fc
GET /bundles/v1/views/latest/social-comment-wc.0fc414a002ec7b47490b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 50832
content-md5: xBUDDkvzefPkbKEWsxJfig==
last-modified: Wed, 29 Nov 2023 22:36:20 GMT
etag: 0x8DBF12B9BF1B2F8
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 80b5edff-701e-0045-6394-23b838000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767412,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bff4
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bff4
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-entrypoint.3678778176a86051df9b.js
200 OK 19 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-entrypoint.3678778176a86051df9b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (17976)
Hash 6e6ec466bb10dc98fd2e3b5a19492213
122cb64d18a5b60e2cf6d97796e2f7fd5a088fa3
fb725c0dc8e4a02873d54372e8ad9053aae9c5c84d5e84c30b29ae29391e2547
GET /bundles/v1/views/latest/social-entrypoint.3678778176a86051df9b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 18858
content-md5: q9I29aNAsDMpMA2DIHW71A==
last-modified: Fri, 10 Nov 2023 01:42:43 GMT
etag: 0x8DBE18E55276D66
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 0ca59559-601e-0080-365e-20a97e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767683,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c103
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c103
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/above-river-block.ac1d35b54adca7854ebe.js
200 OK 1.1 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/above-river-block.ac1d35b54adca7854ebe.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (1402)
Hash 1a7060306778fc4df2efce909f4c4fb2
859dfe95a3ac9f6856b0f3a80af51d2c6abc1f1a
2c8459bb99904f3d3e2063518721dfc67833d0487e79b13aa25d8056958da49f
GET /bundles/v1/views/latest/above-river-block.ac1d35b54adca7854ebe.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 1083
content-md5: ugxeBr1nEmVF88fg7mLV5Q==
last-modified: Sat, 18 Nov 2023 00:15:20 GMT
etag: 0x8DBE7CB7382FC54
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a556ee86-c01e-001b-102e-213a5c000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767684,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c104
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c104
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/right-rail-provider-carousel.601e31ee0d761ed77809.js
200 OK 23 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/right-rail-provider-carousel.601e31ee0d761ed77809.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (24861)
Hash 25b8af7fe0de51c28b04b1d702ba5d8b
2171b0a9f0260353363fae0cbc61acc64f190c1a
d042dca80e4df67b1e6ea26cce294c01ca88b0200a6067954bd43ecfe89daf04
GET /bundles/v1/views/latest/right-rail-provider-carousel.601e31ee0d761ed77809.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 22594
content-md5: aCmalJ2RIwXSy9cjLx1RZg==
last-modified: Fri, 01 Dec 2023 01:25:26 GMT
etag: 0x8DBF20C66166CF3
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: bc8eb781-a01e-0081-48f5-235773000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767685,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c105
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c105
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_content-actions_dist_components_views_share-view_index_js.5b74d47e658e0a4ba709.js
200 OK 18 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_content-actions_dist_components_views_share-view_index_js.5b74d47e658e0a4ba709.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (56289)
Hash 8cb3f6fe2504b3fb30e7f9fa65cebe0b
ae3575a5dcb029ffab24613fad5338d32c979532
ac5ea3f532611f1ce78f99ae2b4c1c74b9dff879a2d6a62103c57097d7733051
GET /bundles/v1/views/latest/web-components_content-actions_dist_components_views_share-view_index_js.5b74d47e658e0a4ba709.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 17664
content-md5: I0tXwMDYdldplDwZtgyq5A==
last-modified: Sat, 18 Nov 2023 00:15:25 GMT
etag: 0x8DBE7CB7663499C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ad8a741e-101e-0031-6d12-1e6e4f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767686,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c106
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c106
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/action-tray.9695187cc9e103723c5d.js
200 OK 25 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/action-tray.9695187cc9e103723c5d.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (18481)
Hash dbfc1be8818d76798efd64fcd5eb5d2c
43396e3b52cd9faec09e92a083092265a25a15cd
bb16f9b4ddd7edffd51fa027d11e369f9b5047c4d8af242a1a53fa353469c4c0
GET /bundles/v1/views/latest/action-tray.9695187cc9e103723c5d.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 24812
content-md5: NU4n+9B8qvjC8dwkbavrRg==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67E2A1BF
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 47431317-701e-0062-6bf5-23dea5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767687,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c107
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c107
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673077&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673077&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673077&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5242
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=dedc740b6b054e90adbc62e26b34c8db&HASH=dedc&LV=202312&V=4&LU=1701635667847; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=125cdaf43c564a95ac4dd91281510b04; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5230
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/publisher-subscribe-follow-button.5ea84cc6f72323287901.js
200 OK 23 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/publisher-subscribe-follow-button.5ea84cc6f72323287901.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (38560)
Hash df3b652161da32d8e3754664c89df943
7efb8885a551200abaf41402072880a4827e20ed
67c6317b04f82b0e089b223de87fca267f70721bfac626afb8a5ab636f0ceef2
GET /bundles/v1/views/latest/publisher-subscribe-follow-button.5ea84cc6f72323287901.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 23228
content-md5: QUDQlOBFfBpQ6iYKZQynig==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67531805
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a6ce666c-e01e-004a-3df5-2387db000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767688,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c108
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c108
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673083&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673083&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673083&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5262
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=5e96717882af48a094b7702573166b7a&HASH=5e96&LV=202312&V=4&LU=1701635667847; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=b7a3011446424846b01b1fcd1fd68e35; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5236
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_icons-wc_icons_CardActionFluentButton_svg-libs_experiences-telemetry-data-mapper_dist_co-7db7b7.e4df1dc9c211ee41328e.js
200 OK 33 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_icons-wc_icons_CardActionFluentButton_svg-libs_experiences-telemetry-data-mapper_dist_co-7db7b7.e4df1dc9c211ee41328e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65076), with no line terminators
Hash 0e458875a15008546286ef8f6e8b3ba1
b5f696bef38e351a8bb410e2124698256afb8fba
7eaa86f6893ae896b6a2eee1bc7279fe5895d97b29c0bc6543bfde737bddf10c
GET /bundles/v1/views/latest/libs_icons-wc_icons_CardActionFluentButton_svg-libs_experiences-telemetry-data-mapper_dist_co-7db7b7.e4df1dc9c211ee41328e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 33027
content-md5: mfLKh/ndVnCrn9qbnDbERw==
last-modified: Fri, 01 Dec 2023 01:25:30 GMT
etag: 0x8DBF20C68561A53
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ef2815f5-401e-005d-28f5-23203f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767689,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c109
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c109
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673113&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673113&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673113&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5242
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=4274a2e64ac34734ba1671e7436a1634&HASH=4274&LV=202312&V=4&LU=1701635667894; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=7876ccd161c04992b2c6c8908df54a5a; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5219
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_ads-constants_dist_AdsFlights_js-libs_feed-layout_dist_card-templates_hide-story-card_Hi-6e387e.1bb719f263890adc2822.js
200 OK 71 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_ads-constants_dist_AdsFlights_js-libs_feed-layout_dist_card-templates_hide-story-card_Hi-6e387e.1bb719f263890adc2822.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (58634)
Hash 58dbad221f586ad3bb20d7ee8eb681d0
4ecb41ff0f0adc2d3a3029b34dda2ea432720973
054ff8e97ad51614367770a8f91e47200412ba9d3439bc88fcf5ad60d84fde26
GET /bundles/v1/views/latest/libs_ads-constants_dist_AdsFlights_js-libs_feed-layout_dist_card-templates_hide-story-card_Hi-6e387e.1bb719f263890adc2822.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 71307
content-md5: d0kf4Qghxbi2LkOfJ1GEiA==
last-modified: Wed, 29 Nov 2023 22:36:24 GMT
etag: 0x8DBF12B9E6EC52D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f53e1249-e01e-000f-0f14-236ed8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767690,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10a
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10a
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673183&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673183&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673183&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5260
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=94d25f89fffe46758d8ff53a69bec793&HASH=94d2&LV=202312&V=4&LU=1701635667910; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=02b6b1b0810746f7bfaa426947efe642; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5273
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/views-native-mon.b6b731b6bfe0cb3dbbe7.js
200 OK 23 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/views-native-mon.b6b731b6bfe0cb3dbbe7.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (25361)
Hash b518110e96e2ea711826926c79e9b8d5
5f9b985e2f39e7bffa27180012ac96544ec76031
060409228dee076fc93cd58ec1fd805c047bf4e565ff3ee9300b8f9821fd2eb8
GET /bundles/v1/views/latest/views-native-mon.b6b731b6bfe0cb3dbbe7.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 22690
content-md5: n+k1j07xY97zGht+VII/Iw==
last-modified: Fri, 01 Dec 2023 01:25:30 GMT
etag: 0x8DBF20C6850757E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3d75f35b-701e-0021-3a50-24d167000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767691,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10b
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10b
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673117&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673117&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635673117&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 5262
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=d738f8822c874e029eb7cdb61bb94c4e&HASH=d738&LV=202312&V=4&LU=1701635667910; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:27 GMT; Path=/;Secure; SameSite=None
MS0=bb5208d87cd44d11bca52e87071a700e; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:27 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5207
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:27 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/conditionalBannerHpWC.a19d40a70094920d0630.js
200 OK 5.3 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/conditionalBannerHpWC.a19d40a70094920d0630.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (13430)
Hash a239de4de6afe2a879527b27234ccb52
142d285236aeda5449041ab6a834a16266f1127f
96fc7413835d04c6bc2488c4d273b33c59cef776e7d80f039bb687e63f448c37
GET /bundles/v1/views/latest/conditionalBannerHpWC.a19d40a70094920d0630.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 5291
content-md5: BfVH5dy9cGLxzvisOycGmA==
last-modified: Sat, 18 Nov 2023 00:15:24 GMT
etag: 0x8DBE7CB75DD34DB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f6f7ae84-101e-0053-5011-1ee1d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767692,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10c
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10c
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-notification.1401e5a596f3713da225.js
200 OK 13 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-notification.1401e5a596f3713da225.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (33804)
Hash 9eaa8979653006d2752e7bfe0aa48c47
4533aa7429672d8659f5135f550eafbafb6a48d5
7dd8ad20009fd090d31821507d8cbf4d66ab4a7624524b5a2d104d2f70eab206
GET /bundles/v1/views/latest/social-notification.1401e5a596f3713da225.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 13028
content-md5: BdmgHLNy6yTCBA8iuotpPw==
last-modified: Wed, 29 Nov 2023 22:36:21 GMT
etag: 0x8DBF12B9C62B72D
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8357a1aa-e01e-0085-7f94-23bcdf000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767693,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/views-coachmark.d80cc4cf7d705576efff.js
200 OK 27 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/views-coachmark.d80cc4cf7d705576efff.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash e49a0d3328ad952d92ac9b79dcdcc330
4ce6adacd4c5679d29dfcb7e680de720e5589dcb
e5e54d7317acdc03a3f3515ab45094597c61a243ea77a675fedb81c615b89159
GET /bundles/v1/views/latest/views-coachmark.d80cc4cf7d705576efff.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 27250
content-md5: nbGEBBZIIl+Xuq7rydMNCw==
last-modified: Sat, 18 Nov 2023 00:15:24 GMT
etag: 0x8DBE7CB760BBB03
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3854ec5c-301e-0047-8051-1db555000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767694,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10e
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10e
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/desktop-feed-views.231480b07862d268e34c.js
200 OK 48 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/desktop-feed-views.231480b07862d268e34c.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (9678)
Hash 13706c302183ca681f8f710fc3759657
f6eeb1e4e6b5486cf5bcd4ebe863135025d1cb55
db401f57e831232fa3453d051f2a89fa16462b6fd930a9d5c02e672a78d740ae
GET /bundles/v1/views/latest/desktop-feed-views.231480b07862d268e34c.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 47948
content-md5: a7PTdv6MF/cK8KEpivA6IQ==
last-modified: Fri, 01 Dec 2023 01:25:23 GMT
etag: 0x8DBF20C644667F5
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c07d699-a01e-002a-5af5-230528000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767695,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c10f
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c10f
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-data-connector.32a14498f69ca6136674.js
200 OK 12 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-data-connector.32a14498f69ca6136674.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (59697), with no line terminators
Hash a573d82c2fd249bf52bbf7563b8348ea
4b8df7bf33df2478d9d8f5e9760ed15d3edead9f
cd01ad30a8b438b8eaec7274a09d30119faf82b3250526b1aef28c7020b91de8
GET /bundles/v1/views/latest/social-data-connector.32a14498f69ca6136674.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 12148
content-md5: SNaM5xltCBqjR+wRrN4pVw==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67DD23F3
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 021ca89a-601e-004f-1cf5-23927a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767696,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c110
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c110
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_iris-data-connector_dist_index_js.b9e610dae899a65dde25.js
200 OK 18 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_iris-data-connector_dist_index_js.b9e610dae899a65dde25.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash a9776f9b8f5d077732aaff5b61f4cb31
f7bf0dc9519d87d0b2de7a3cabeb241ee8a6231d
b8d2cadeee6a37b643837ac413e77ad5184a21149cde57fa38d2429f06a135cc
GET /bundles/v1/views/latest/libs_iris-data-connector_dist_index_js.b9e610dae899a65dde25.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 17805
content-md5: 6XmYJaNQzR789E8SBMt16Q==
last-modified: Fri, 01 Dec 2023 01:25:29 GMT
etag: 0x8DBF20C67BB6DFA
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5b0f5065-001e-001a-754f-24c451000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767697,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c111
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c111
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_finance-service-library_dist_FinanceServices_js-libs_finance-service-library_dist_redux_-8a4a82.f00457c9ec76d0ea5351.js
200 OK 70 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_finance-service-library_dist_FinanceServices_js-libs_finance-service-library_dist_redux_-8a4a82.f00457c9ec76d0ea5351.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65357)
Hash e19c73676f53e2f3b444271f8d5a4ad2
cfc7fad50299f554cabbb7c971bc2c60e16c3684
59b7944dba67175ee9b8eb5128c11ea8e5853aaeac8c514fe8998bc6494e5539
GET /bundles/v1/views/latest/libs_finance-service-library_dist_FinanceServices_js-libs_finance-service-library_dist_redux_-8a4a82.f00457c9ec76d0ea5351.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 70349
content-md5: aRdHCK8kkQUmIiKGHQbnVA==
last-modified: Fri, 01 Dec 2023 01:25:23 GMT
etag: 0x8DBF20C63C6BB6C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d451ef00-b01e-0044-2af5-234635000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767698,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c112
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c112
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_stock-chart_dist_index_js.724807a8d08cc344e267.js
200 OK 15 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_stock-chart_dist_index_js.724807a8d08cc344e267.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (51251), with no line terminators
Hash 36c1d564e2303f3eb0ab920ce7f3a121
614a8784408c8b77e5100768d3150aa43c6bb78b
badb26fa22ced486bec2744c51a7c976f139c48e27367dd1f996f0c92dd26507
GET /bundles/v1/views/latest/web-components_stock-chart_dist_index_js.724807a8d08cc344e267.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 15411
content-md5: P5FLNx0zFLFOIKcFWmry5w==
last-modified: Sat, 18 Nov 2023 00:15:22 GMT
etag: 0x8DBE7CB7493924C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4aa0294e-401e-007c-2eb5-1da063000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767974,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c226
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c226
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/money-info-span.e634dee6fc9bda3141c2.js
200 OK 25 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/money-info-span.e634dee6fc9bda3141c2.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (20475)
Hash faa9c78a16a55124ea9f80aca077f473
2c7817ff7b13433526252d8044e926230b6e8e70
9d4e020dce064eb25fd101af8058c5dc0479b96e7f094c63c7c97807125c4884
GET /bundles/v1/views/latest/money-info-span.e634dee6fc9bda3141c2.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 24902
content-md5: 0Aybr7p9PGkcInnht3CPxw==
last-modified: Sat, 18 Nov 2023 00:15:25 GMT
etag: 0x8DBE7CB76A8FF5A
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: a3671684-201e-004b-59e5-1d79d6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767975,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c227
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90c227
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/breakingnews/v1/cms/api/amp/article/AA157JY
200 OK 2.6 kB URL GET HTTP/2 assets.msn.com/breakingnews/v1/cms/api/amp/article/AA157JY
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5655), with no line terminators
Hash 66cd7a79e11002ba1ed20e55e5ddb454
addaaaa7efbcab1be58f63eaa3e7885a647774f1
14ead2d295169a0011ad26c6442cae79e8fb18b40d7321d69e734155c778a6cd
GET /breakingnews/v1/cms/api/amp/article/AA157JY HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 2641
content-encoding: gzip
last-modified: Sat, 02 Dec 2023 02:38:12 GMT
etag: W/"40453"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: AA157JY
x-cms-version: 12397
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: article
x-cms-executiontimeinmilliseconds: 0
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: 19a225c0-fd78-4147-a514-f1ce87a4bc74
x-trace-context: {"ActivityId":"19a225c0-fd78-4147-a514-f1ce87a4bc74"}
ms-cv: MHxfMX48vkKjudVwLxjF8A.0
x-cms-servicelocation: eastus:0
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569768755,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=15, origin; dur=0 , cdntime; dur=15
akamai-cache-status: RefreshHit from child, NotCacheable from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c533
cache-control: max-age=30
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c533
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_subcomponents_next-slideshow-card_index_js.1e71984cd01cc0efd030.js
200 OK 3.9 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_slideshow-base_dist_subcomponents_next-slideshow-card_index_js.1e71984cd01cc0efd030.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (12496), with no line terminators
Hash 62d9497f35299b1928ab52f8aabfc59b
ad2114b6077a8b1e227cfa0b3d28b0446c3bddf1
6a79b1bc96639d98fe29c88f0669eb2dbf73232052daad9de67d2b13c863e575
GET /bundles/v1/views/latest/web-components_slideshow-base_dist_subcomponents_next-slideshow-card_index_js.1e71984cd01cc0efd030.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 3853
content-md5: pcAt3TFvWP7AxSMoVtX1aw==
last-modified: Sat, 18 Nov 2023 00:15:23 GMT
etag: 0x8DBE7CB7592C48B
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ec41c8c7-b01e-0063-0ced-1d20a8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569768753,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c531
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c531
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/feedback-data-connector.d0cacb9a5d3dae1f701f.js
200 OK 608 B URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/feedback-data-connector.d0cacb9a5d3dae1f701f.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (1910), with no line terminators
Hash 665a2bf6d0d08f53d67835c40bc0a09f
9cc47a677914089aa9f8ff2578ea69e8827d0523
56c0f5778039ca50da5e39260e4465c32ee03d389acb5ef904486212c7c34096
GET /bundles/v1/views/latest/feedback-data-connector.d0cacb9a5d3dae1f701f.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 608
content-md5: eM9wqdbDgJ3A+zfAneq8YA==
last-modified: Fri, 01 Dec 2023 01:25:31 GMT
etag: 0x8DBF20C68DF6301
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 59c9a4bd-e01e-0009-3c59-258819000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569768754,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c532
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c532
vary: Origin
X-Firefox-Spdy: h2
c.msn.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0
302 Found 0 B URL GET HTTP/2 c.msn.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD5:8D:1D:2A:BC:86:78:79:30:4B:23:9E:B9:3A:CA:CC:F7:AF:26:61
ValidityTue, 06 Jun 2023 15:27:17 GMT - Fri, 31 May 2024 15:27:17 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0 HTTP/1.1
Host: c.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&RedC=c.msn.com&MXFR=0F42A7BCFF8E6D033159B460FE7B6CF3
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.msn.com; path=/; SameSite=None; Secure;
MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; domain=.msn.com; expires=Fri, 27-Dec-2024 20:34:28 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 0
X-Firefox-Spdy: h2
login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
200 OK 950 B URL GET HTTP/1.1 login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (950), with no line terminators
Hash 9fce93410eb828e0edf41d3f021d93e2
1584bc813f34e9b7356c6bd05cb2a14ec52e1590
f463580c98fd336d4e69e7dca36cf345a81a5e402f61d9f870eae9d8c4e59de9
GET /common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400, private
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: f85587d5-4ce2-425d-ae9b-807fdcb91900
x-ms-ests-server: 2.1.16790.7 - NEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=AivFhvidy2FLrl6GWxBVU4A; expires=Tue, 02-Jan-2024 20:34:28 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-kM4yEygLyBJA_kuaVxUeSi3ubjuW1iXkW3vqelmVJcfrHrEZfy6ytfNugUo18Tpx5x54osstbLQ6A-cyfKiRXhSyli0-viTW-8ET3b8Ki8pc67pNqGeAC-K14mDMZRstkSgmoTpOfmeS0sWwb8aEMV9tKDdigmMQdmaRUd7qBjYgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Sun, 03 Dec 2023 20:34:28 GMT
Content-Length: 950
assets.msn.com/staticsb/statics/latest/views/icons/fluent/headphones_sound_wave_24_filled.svg
200 OK 259 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/views/icons/fluent/headphones_sound_wave_24_filled.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (464), with no line terminators
Hash aed7fab286c27fb308764896f2d2788c
d709f9eab89c4fb890f543a90e8a99b4b31748c0
57e8d60bec5815de5c6d7af49969299b5f0ec0d0d94ef5f110be8d932bec7897
GET /staticsb/statics/latest/views/icons/fluent/headphones_sound_wave_24_filled.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: rtf6sobCf7MIdkiW8tJ4jA==
last-modified: Fri, 01 Dec 2023 07:16:52 GMT
etag: 0x8DBF23D7E350272
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 102ce018-b01e-0044-536c-244635000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 259
akamai-request-bc: [a=95.101.10.166,b=1569769215,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c6ff
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c6ff
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_content-actions_dist_index_js.1d0120de8a119837faf5.js
200 OK 3.4 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_content-actions_dist_index_js.1d0120de8a119837faf5.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (5453)
Hash 5edc4130ac180cc0b04994392704090e
b11b0084c6262c8a644c6cf762be468cd7d71d84
03ed97c7f4e090229769c1e827301695321b417aac939976504afe11aeab9246
GET /bundles/v1/views/latest/web-components_content-actions_dist_index_js.1d0120de8a119837faf5.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 3366
content-md5: d0FBnim8l87VSSq8rZIMvw==
last-modified: Sat, 18 Nov 2023 00:15:23 GMT
etag: 0x8DBE7CB7524C9AC
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 496fb731-a01e-0069-3764-210aea000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769214,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c6fe
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c6fe
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-bar-wc.7902357ce918d7804cf6.js
200 OK 25 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-bar-wc.7902357ce918d7804cf6.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (53347)
Hash e92f411b43149a46db85d593ef565cd1
cb4f9808d27c00ac276857b4d92d95ecaa108904
e9c4c0355da587201b289cb5bcfb5459758c935d75655b757a700e5c54810027
GET /bundles/v1/views/latest/social-bar-wc.7902357ce918d7804cf6.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 25288
content-md5: TXgTCDgfhmUO17waKNTnYw==
last-modified: Wed, 29 Nov 2023 22:36:26 GMT
etag: 0x8DBF12B9FBF1302
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3857c13c-e01e-004c-4814-23611a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769285,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c745
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c745
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/views/icons/fluent/share_20_filled.svg
200 OK 654 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/views/icons/fluent/share_20_filled.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1174), with CRLF line terminators
Hash dfcce2b0408b3ccdade4cad698a64e7d
39a536351ae4341ca3533873cdcaa5a4553565a5
4e5e110c42cbfc7943538d60fbd5fc17bca33065a1652faa35227210bd2d13ba
GET /staticsb/statics/latest/views/icons/fluent/share_20_filled.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: 38zisECLPM2t5MrWmKZOfQ==
last-modified: Fri, 01 Dec 2023 07:17:07 GMT
etag: 0x8DBF23D873B85DB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 64a36ffb-101e-0053-41b6-24e1d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
content-length: 654
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769313,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c761
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c761
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/views/icons/More.svg
200 OK 269 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/views/icons/More.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash 1e978829c04c5f8785e54840b6ada69c
694b4b13063c1e8ee799c18580d2f7f111c055ba
ecfeb63dd9ca8523e87a4fd78357d548f8a8d83fff5b3b1325d1d22f3ba5dae8
GET /staticsb/statics/latest/views/icons/More.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: HpeIKcBMX4eF5UhAtq2mnA==
last-modified: Fri, 01 Dec 2023 07:17:04 GMT
etag: 0x8DBF23D854DE7D1
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: cfeac10c-901e-0071-4fa6-2492ed000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 269
akamai-request-bc: [a=95.101.10.166,b=1569769316,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c764
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c764
vary: Origin
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1dxfIk.img?w=56&h=56&q=60&m=2&f=jpg
200 OK 2.0 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1dxfIk.img?w=56&h=56&q=60&m=2&f=jpg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 56x56, components 3\012- data
Hash cbd8575bb7a0bf00f7c0c2ce7ad33daf
5a28d2527102c37aaab66428830acda56dd4712a
b1be9c612dd0fe478c80c6a378c7ad45e0b65bf02e4876debfd370afdb88b885
GET /tenant/amp/entityid/AA1dxfIk.img?w=56&h=56&q=60&m=2&f=jpg HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Sat, 02 Dec 2023 06:57:47 GMT
x-datacenter: westus
x-activityid: 7370c0f7-fc53-4264-9b89-4981ec3c5545
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-type: image/jpeg
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1dxfIk?w=56&h=56&q=60&m=2&f=jpg
x-source-length: 9263
content-length: 2048
cache-control: public, max-age=296546
expires: Thu, 07 Dec 2023 06:56:54 GMT
date: Sun, 03 Dec 2023 20:34:28 GMT
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/views/icons/right-rail-provider-carousel/content-provider-card/GoToPartnerSite.svg
200 OK 583 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/views/icons/right-rail-provider-carousel/content-provider-card/GoToPartnerSite.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (612), with CRLF line terminators
Hash 04754ab852a0b277d47403ddac2cf16c
b5f9a2eeff4dc72cbd216d26358e6185f3155d8f
7d3e83f2249c53712f58b541af70fec5ad45b868ce100d331232b3de69849d00
GET /staticsb/statics/latest/views/icons/right-rail-provider-carousel/content-provider-card/GoToPartnerSite.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: BHVKuFKgsnfUdAPdrCzxbA==
last-modified: Fri, 01 Dec 2023 07:17:05 GMT
etag: 0x8DBF23D85BDDE98
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 96c194c1-f01e-0067-79d8-24cb04000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
content-length: 583
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769466,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c7fa
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c7fa
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/users/vid-ji3vgghjktfbvrge50nd5b789hf6cd0atpykg7je7c62547cgfsa?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 941 B URL GET HTTP/2 assets.msn.com/service/community/users/vid-ji3vgghjktfbvrge50nd5b789hf6cd0atpykg7je7c62547cgfsa?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1723), with no line terminators
Hash c0bcbdea0f94da960e77089c145d8efc
ddeb41bacc6cf094cf4ca52f0c55beccdfb2bf51
acfdce243c086e37431bd353f521c5b5e782cabd89ef08d4654d0ecd3113100d
GET /service/community/users/vid-ji3vgghjktfbvrge50nd5b789hf6cd0atpykg7je7c62547cgfsa?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce654-cbbe-4efe-9d3b-bdf4e76b380d
ddd-strategyexecutionlatency: 00:00:00.0042382
ddd-debugid: 656ce654-cbbe-4efe-9d3b-bdf4e76b380d|2023-12-03T20:34:28.6596691Z|fabric_community|NEU1|Community_23
onewebservicelatency: 5
x-msedge-responseinfo: 5
x-ceto-ref: 656ce6544bb743638ddf86f51c592f6f|2023-12-03T20:34:28.647Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7AA52CE37659454EB244BB7654D79075 Ref B: OSL30EDGE0317 Ref C: 2023-12-03T20:34:28Z
expires: Sun, 03 Dec 2023 20:34:28 GMT
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 941
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:28 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569769557,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=55, origin; dur=55 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c855
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c855
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674058&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674058&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674058&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6596
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=091dea32cca747ef84933d5687f1e502&HASH=091d&LV=202312&V=4&LU=1701635668661; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:28 GMT; Path=/;Secure; SameSite=None
MS0=328635fc1f6040e689c71ceade00e8f6; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:28 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5397
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:28 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/feedback-dialog.cd35cedee3635c3dca83.js
200 OK 34 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/feedback-dialog.cd35cedee3635c3dca83.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3a6c9e11fbd74d0ffa02729e3ceb074b
2929346013765f163b432a5939fad73708ccbe2d
3d03dc9d30de1c76da532db54b86c73f596f56c21f6dcb668971dad0dc7bce6b
GET /bundles/v1/views/latest/feedback-dialog.cd35cedee3635c3dca83.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 33716
content-md5: uBFm3r3zApm2HtZc7T4+Jg==
last-modified: Wed, 29 Nov 2023 22:36:24 GMT
etag: 0x8DBF12B9E3A74D0
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 58c484c5-401e-003f-7314-23afa1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769782,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c936
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c936
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/codex-bing-chat.5a991e1a2f377477d02b.js
200 OK 7.1 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/codex-bing-chat.5a991e1a2f377477d02b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (26237)
Hash 1ed743ea3c97dcbadfe68d6caa939e4a
bcd465f2a4558ab3ea49304eebf8f8996cfa6293
1256896b29284eced9ac43eb8e5f1a2418e86e617b65b684b6d293a5e2daef6a
GET /bundles/v1/views/latest/codex-bing-chat.5a991e1a2f377477d02b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 7144
content-md5: UJr52uoXSXgVd3l1NqIu8w==
last-modified: Fri, 01 Dec 2023 01:25:26 GMT
etag: 0x8DBF20C65C6F424
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d45141ca-b01e-0044-55f5-234635000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569769888,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90c9a0
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90c9a0
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/icons/Microsoft_16_SVG.ico
200 OK 439 B URL GET HTTP/2 assets.msn.com/statics/icons/Microsoft_16_SVG.ico
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel\012- data
Hash 97c01a03c4853e2d603ef1930b43b64c
e022f5bc55271968e3070404ad68bf50a5a6a83a
a05e7e81e793eb280fff929bfd3d800ae2f85b637387a2e1368fac03e01b007f
GET /statics/icons/Microsoft_16_SVG.ico HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/x-icon
etag: "97c01a03c4853e2d603ef1930b43b64c:1603829710.079931"
last-modified: Tue, 27 Oct 2020 20:15:10 GMT
server: AkamaiNetStorage
content-encoding: gzip
content-length: 439
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770159,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90caaf
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90caaf
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770180,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cac4
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90cac4
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770189,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cacd
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90cacd
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770188,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cacc
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90cacc
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:28 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770227,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90caf3
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635668.5d90caf3
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 0 B IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Origin
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
access-control-allow-headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
access-control-max-age: 86400
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BE108C91C20A404F95B08A718A96F8B4 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 0
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 0 B IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Origin
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
access-control-allow-headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
access-control-max-age: 86400
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 11C9C81B0C8C4D22AD248929255CC32F Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 0
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/social-avatar.02074f912354b83d0446.js
200 OK 5.5 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-avatar.02074f912354b83d0446.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (13796)
Hash 44b5a5b4a44f515148c2888ee4e312c1
b2f4c5b1673b8cfe3766a6aa742c33fc065455bc
983b1fc43b7a8ae1dbd6fdd75f6281e22fcfcb81cf3c327780f3ac5b96dbaac7
GET /bundles/v1/views/latest/social-avatar.02074f912354b83d0446.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 5508
content-md5: 7CPz9GwaYr4l2GnOUeif/g==
last-modified: Fri, 10 Nov 2023 01:42:44 GMT
etag: 0x8DBE18E55C0197C
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 542d51e7-c01e-007f-2078-165303000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770411,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=7, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cbab
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cbab
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 0 B IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Origin
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
access-control-allow-headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
access-control-max-age: 86400
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D86536DC85AC4E51A7D7133ACAE3D303 Ref B: OSL30EDGE0518 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 0
X-Firefox-Spdy: h2
assets.msn.com/service/community/posts/?topicId=AA1kQbHZ&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false
200 OK 22 B URL GET HTTP/2 assets.msn.com/service/community/posts/?topicId=AA1kQbHZ&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /service/community/posts/?topicId=AA1kQbHZ&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-0656-4492-b04b-41be285e35bf
ddd-strategyexecutionlatency: 00:00:00.0003280
ddd-debugid: 656ce655-0656-4492-b04b-41be285e35bf|2023-12-03T20:34:29.1067679Z|fabric_community|NEU1|Community_12
onewebservicelatency: 1
x-msedge-responseinfo: 1
x-ceto-ref: 656ce6550b0f4468b1ed9bb876e743e2|2023-12-03T20:34:29.103Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17400C7CBA334F94BB7AF1BE6334F78F Ref B: OSL30EDGE0306 Ref C: 2023-12-03T20:34:29Z
expires: Sun, 03 Dec 2023 20:34:29 GMT
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 22
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569770409,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=7, clienttt; dur=47, origin; dur=47 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cba9
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cba9
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/SegoeUI-Roman-VF-subset_web.woff2
200 OK 41 kB URL GET HTTP/2 assets.msn.com/statics/fonts/SegoeUI-Roman-VF-subset_web.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 41012, version 1.0\012- data
Hash f0a613ac2361dafc69aaa3cba2840a29
1405023bae14f283f618c9e655dda9868fe88337
6e466d872680c91ee276991670ddde66fd231b43abd2e402e9c79f1ba9d38519
GET /statics/fonts/SegoeUI-Roman-VF-subset_web.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "72d13803e728b0ef3dfb6da311001643:1562269510.048951"
last-modified: Thu, 04 Jul 2019 01:04:35 GMT
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767206,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf26
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf26
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
404 Not Found 92 B URL GET HTTP/2 assets.msn.com/service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 25ec8e485e119691d0d5ef8b887b30fa
06045306141ecee20507a1c773887a1256d7d81d
612536c784a4f93e935879bb68c6508d30b783407214239e3fdad3a046c2f41b
GET /service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-1d91-4eb4-a516-f1377a1cdfce
ddd-strategyexecutionlatency: 00:00:00.0022858,00:00:00.0025309
ddd-debugid: 656ce655-1d91-4eb4-a516-f1377a1cdfce|2023-12-03T20:34:29.1217101Z|fabric_msn|NEU1|News_11
onewebservicelatency: 4
x-msedge-responseinfo: 4
x-ceto-ref: 656ce655ba4c4b44a6df26a6e9c84a84|2023-12-03T20:34:29.110Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D60AF478D004C98B8A39CADEBD8C561 Ref B: OSL30EDGE0207 Ref C: 2023-12-03T20:34:29Z
expires: Sun, 03 Dec 2023 20:34:29 GMT
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 92
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569770426,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=6, clienttt; dur=57, origin; dur=57 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cbba
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cbba
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 0 B IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Origin
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
access-control-allow-headers: cache-control,content-type,x-ms-flightid,x-msedge-clientid,x-msedge-market
access-control-max-age: 86400
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8DFE431AB7414348818FC437153379B3 Ref B: OSL30EDGE0518 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
content-length: 0
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_experiences-constants_dist_FeedShared_Types_js-libs_oneservice-card-provider_dist_OneSer-800ef9.4b101649f17ad05e586c.js
200 OK 11 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_experiences-constants_dist_FeedShared_Types_js-libs_oneservice-card-provider_dist_OneSer-800ef9.4b101649f17ad05e586c.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (38867), with no line terminators
Hash 2c0711290cce2845a958e917af6701be
4c3363c4424a806caeed43b913bdcff60d1f53db
8f46280ac7ed2611878e179a4e260ccc993f441020cd1d6824d6715b926a183a
GET /bundles/v1/views/latest/libs_experiences-constants_dist_FeedShared_Types_js-libs_oneservice-card-provider_dist_OneSer-800ef9.4b101649f17ad05e586c.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 11376
content-md5: eEaBO/gICeAuc2/wx4YrlQ==
last-modified: Fri, 01 Dec 2023 01:25:27 GMT
etag: 0x8DBF20C66A978D2
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 23457b65-101e-0053-3df5-23e1d1000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770604,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cc6c
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cc6c
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_super-feed_dist_index_js.eb38d982eb810a7413d7.js
200 OK 34 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_super-feed_dist_index_js.eb38d982eb810a7413d7.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (59186)
Hash 957f88eac65eeb43631e3ce994237a1e
09a5ec7dd330cb2fdd8b24742fd37eb274f80737
1986e491f4e29ec0c80d96d68e17540a91df2a3d6d3b08988d500e09c20f2cae
GET /bundles/v1/views/latest/libs_super-feed_dist_index_js.eb38d982eb810a7413d7.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 33676
content-md5: rpZbMVK5Ple7apQjnnHRjg==
last-modified: Fri, 01 Dec 2023 01:25:31 GMT
etag: 0x8DBF20C68DF6301
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 08227149-701e-0027-47f5-2337a6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770605,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cc6d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cc6d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 425 B URL GET HTTP/2 assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (688), with no line terminators
Hash 3608f843d1518e1de02cbd574f012525
387b207e170fe60c07fa7a187d8ca84df25d9182
c08c900e305f7392ebb2b96351742891c0a57f06158acd78e58844f11b91513f
GET /service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-a1cb-4751-bc40-6db5c81f74e6
ddd-strategyexecutionlatency: 00:00:00.0146402
ddd-debugid: 656ce655-a1cb-4751-bc40-6db5c81f74e6|2023-12-03T20:34:29.1717793Z|fabric_community|EUS1|Community_28
onewebservicelatency: 15
x-msedge-responseinfo: 15
x-ceto-ref: 656ce65545ac48759f4bd434134da12c|2023-12-03T20:34:29.148Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F6FE16BE7DC496B83656CE9B323546D Ref B: STOEDGE1505 Ref C: 2023-12-03T20:34:29Z
content-length: 425
date: Sun, 03 Dec 2023 20:34:29 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569770414,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=7, clienttt; dur=155, origin; dur=128 , cdntime; dur=27
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cbae
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cbae
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/marketsettings?market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 556 B URL GET HTTP/2 assets.msn.com/service/community/marketsettings?market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1337), with no line terminators
Hash 42349ccd741665400a130e306f2496ec
d2b3062c6360dbcb59cbcd887d764a22edea876f
9c4393a3553cb25c0d9ff9cbfa1911ff6970196061010096ccc2afe8989321b3
GET /service/community/marketsettings?market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-ab3c-464d-bb94-c14f210b971c
ddd-strategyexecutionlatency: 00:00:00.0002765
ddd-debugid: 656ce655-ab3c-464d-bb94-c14f210b971c|2023-12-03T20:34:29.1885265Z|fabric_community|EUS1|Community_5
onewebservicelatency: 1
x-msedge-responseinfo: 1
x-ceto-ref: 656ce65533b14735b1a6c50330d6bbbc|2023-12-03T20:34:29.185Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 838A03995DF1482B9BF34A4A98CEF5D5 Ref B: STOEDGE1608 Ref C: 2023-12-03T20:34:29Z
content-length: 556
date: Sun, 03 Dec 2023 20:34:29 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569770412,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=7, clienttt; dur=170, origin; dur=111 , cdntime; dur=59
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cbac
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cbac
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/finance/DataTrending.svg
200 OK 414 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/finance/DataTrending.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (734), with CRLF line terminators
Hash 34f254e715868ae92050333a0456d75d
0f68f7984ba64d43a36b8ea98dc64f10209379a2
096525fc658fa7ee72b0799788c13e449be1e08a1d7a7789867e129a889c558c
GET /staticsb/statics/latest/finance/DataTrending.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: NPJU5xWGiukgUDM6BFbXXQ==
last-modified: Fri, 01 Dec 2023 07:16:54 GMT
etag: 0x8DBF23D7F19D185
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 04d19d57-101e-0010-7a5d-24ee13000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 414
akamai-request-bc: [a=95.101.10.166,b=1569770809,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=4, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd39
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd39
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/icons-wc/icons/autos/CardActionFluentButton.svg
200 OK 171 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/icons-wc/icons/autos/CardActionFluentButton.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with CRLF line terminators
Hash f198b0d6d8fca53fbecea07e0dba7782
acdd0670a33b6333fa7e818e61319adbc5ccd29b
30680589e633b81f506a30ab6f63e60563fcd787f43b90b303f7d16f5bd7efae
GET /staticsb/statics/latest/icons-wc/icons/autos/CardActionFluentButton.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: 8Ziw1tj8pT++zqB+Dbp3gg==
last-modified: Fri, 01 Dec 2023 07:17:07 GMT
etag: 0x8DBF23D87086C13
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 7e384ad9-801e-005a-5f39-2438f3000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 171
akamai-request-bc: [a=95.101.10.166,b=1569770813,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=4, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd3d
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd3d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/Segoe-UI-WF-subset_vi.woff2
200 OK 31 kB URL GET HTTP/2 assets.msn.com/statics/fonts/Segoe-UI-WF-subset_vi.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 30620, version 5.19661\012- data
Hash d8775874002829ad1efa7690eb0e62bf
d2d51d15203285598d304f3d25c6f7e35bac49eb
a2fc1494baa72865acc4d1c3baba2290927fe3fa82db56ab9f01381e8d557260
GET /statics/fonts/Segoe-UI-WF-subset_vi.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "d8775874002829ad1efa7690eb0e62bf:1581457173.770636"
last-modified: Tue, 11 Feb 2020 21:38:52 GMT
server: AkamaiNetStorage
x-akamai-ew-subworker: 8096267
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 30620
akamai-request-bc: [a=95.101.10.166,b=1569770817,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd41
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd41
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/Segoe-UI-Semibold-WF-subset_vi.woff2
200 OK 27 kB URL GET HTTP/2 assets.msn.com/statics/fonts/Segoe-UI-Semibold-WF-subset_vi.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 27348, version 5.19661\012- data
Hash 568c880dd7682219bff978dca61e174e
29031fd5b83535c534eb31d1fe787f175b48706f
c42601ad2fe4ad6bbeb2477ec2a11fde1ce5cb1278e6142b55db61e5df0c7c7e
GET /statics/fonts/Segoe-UI-Semibold-WF-subset_vi.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "568c880dd7682219bff978dca61e174e:1581457173.315755"
last-modified: Tue, 11 Feb 2020 21:38:49 GMT
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 27348
akamai-request-bc: [a=95.101.10.166,b=1569770820,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd44
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd44
vary: Origin
X-Firefox-Spdy: h2
cm.mgid.com/m?cdsp=516415&c=0F42A7BCFF8E6D033159B460FE7B6CF3&mode=inverse&msn_src=ntp&gdpr=0&gdpr_consent=
400 Bad Request 11 B URL GET HTTP/2 cm.mgid.com/m?cdsp=516415&c=0F42A7BCFF8E6D033159B460FE7B6CF3&mode=inverse&msn_src=ntp&gdpr=0&gdpr_consent=
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint44:BF:9D:AD:98:A7:1A:F2:1D:18:EF:4E:3E:BE:C0:D8:28:4D:9F:04
ValidityTue, 11 Apr 2023 00:00:00 GMT - Wed, 10 Apr 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 825644f747baab2c00e420dbbc39e4b3
10588307553e766ab3c7d328d948dc6754893cef
7c41b898c5da0cfa4aa049b65ef50248bce9a72d24bef4c723786431921b75aa
GET /m?cdsp=516415&c=0F42A7BCFF8E6D033159B460FE7B6CF3&mode=inverse&msn_src=ntp&gdpr=0&gdpr_consent= HTTP/1.1
Host: cm.mgid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 400 Bad Request
date: Sun, 03 Dec 2023 20:34:29 GMT
content-type: text/plain; charset=utf-8
content-length: 11
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=MG_hkNw_7BOrEmS1aDO8r.lTyU_m0iyth7cmtPlqXJ4-1701635669-0-ARS2iDEBw9987cvpuGphBRptUpghO5E+OjqiSpTJmdp4rJSoErlLz6hjtYGsB7cmdpn280sOsONxE+edFbvmOio=; path=/; expires=Sun, 03-Dec-23 21:04:29 GMT; domain=.mgid.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 82fe97350e19b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/Segoe-UI-Bold-WF-subset_vi.woff2
200 OK 8.5 kB URL GET HTTP/2 assets.msn.com/statics/fonts/Segoe-UI-Bold-WF-subset_vi.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 27536, version 5.19661\012- data
Hash 769eb3175bd65a1d578ce147063f0e75
c14d488d19f9466a92ce496a33dbd7781ad5ac8c
d5c893b714b933da6646f3ed27cc2a219f5cfd34738f7f332ffdb2e9368b9bee
GET /statics/fonts/Segoe-UI-Bold-WF-subset_vi.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "769eb3175bd65a1d578ce147063f0e75:1581457172.782317"
last-modified: Tue, 11 Feb 2020 21:38:47 GMT
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 8508
akamai-request-bc: [a=95.101.10.166,b=1569770841,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd59
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd59
vary: Origin
X-Firefox-Spdy: h2
c.bing.com/c.gif?Red3=MSAN_MI9_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent=
302 Found 0 B URL GET HTTP/2 c.bing.com/c.gif?Red3=MSAN_MI9_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent=
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?Red3=MSAN_MI9_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent= HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://m.adnxs.com/mapuid?member=280&user=3005FAA227A864AE23FEE97E265D6508;&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fm.adnxs.com%2Fseg%3Fadd%3D5159620%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fsetuid%253Fentity%253D483%2526code%253D3005FAA227A864AE23FEE97E265D6508%2526gdpr%253D0%2526gdpr_consent%253D
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=3005FAA227A864AE23FEE97E265D6508; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:29 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Sun, 10-Dec-2023 20:34:29 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 584772D2258C44CA8B6D2822920B119A Ref B: OSL30EDGE0111 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
arc.msn.com/v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=NO&muid=0F42A7BCFF8E6D033159B460FE7B6CF3&ISSIGNEDIN=0&MSN_CANVAS=9&OPSYS=WIN10&ISMOBILE=0&BROWSER=4&placement=10837393&bcnt=1&asid=c125aa4fb3884485d2519020dbb23d85
200 OK 131 B URL GET HTTP/2 arc.msn.com/v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=NO&muid=0F42A7BCFF8E6D033159B460FE7B6CF3&ISSIGNEDIN=0&MSN_CANVAS=9&OPSYS=WIN10&ISMOBILE=0&BROWSER=4&placement=10837393&bcnt=1&asid=c125aa4fb3884485d2519020dbb23d85
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectarc.msn.com
FingerprintE3:B9:A1:8E:E8:49:60:DA:30:1C:B8:E8:FC:C9:2B:B3:E6:41:46:A5
ValidityMon, 01 May 2023 17:53:56 GMT - Thu, 25 Apr 2024 17:53:56 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash dfeb2c19558e4520b04c69571358fa54
433bc0aa49c43e31f0a472e11677cdafcab6d531
60cee415351d46754577b039691c587e64e4837be87b383fdab8c8a879bd3583
GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=NO&muid=0F42A7BCFF8E6D033159B460FE7B6CF3&ISSIGNEDIN=0&MSN_CANVAS=9&OPSYS=WIN10&ISMOBILE=0&BROWSER=4&placement=10837393&bcnt=1&asid=c125aa4fb3884485d2519020dbb23d85 HTTP/1.1
Host: arc.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-store, no-cache
pragma: no-cache
content-length: 131
content-type: application/json; charset=utf-8
expires: Mon, 01 Jan 0001 00:00:00 GMT
server: Microsoft-IIS/10.0
arc-rsp-dbg: [{"DcoPlusDebug":"Status: Ok"},{"OPTOUTSTATE":"0"}]
accept-ch: UA, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform, UA-Platform-Version
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/roboto-v20-latin-500.woff2
200 OK 16 kB URL GET HTTP/2 assets.msn.com/statics/fonts/roboto-v20-latin-500.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 15872, version 1.0\012- data
Hash 020c97dc8e0463259c2f9df929bb0c69
8f956a31154047d1b6527b63db2ecf0f3a463f24
24369e1b2461af9dcefecaf9cc93d64cf22a4c5bac32506100b9e21014507bcf
GET /statics/fonts/roboto-v20-latin-500.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "020c97dc8e0463259c2f9df929bb0c69:1601513044.306165"
last-modified: Thu, 01 Oct 2020 00:44:04 GMT
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 15872
akamai-request-bc: [a=95.101.10.166,b=1569770843,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd5b
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd5b
vary: Origin
X-Firefox-Spdy: h2
c.bing.com/c.gif?Red3=MSNLI_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent=
200 OK 42 B URL GET HTTP/2 c.bing.com/c.gif?Red3=MSNLI_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent=
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?Red3=MSNLI_pd&rid=E65B4727D45440A8A1A02BBA701687C6&lang=en-us&dgk=firefox&imd=1&pn=article&rf=&tp=https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ&gdpr=0&gdpr_consent= HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-length: 42
content-type: image/gif
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
accept-ranges: bytes
etag: "8d59566974dbd91:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:29 GMT; path=/; SameSite=None; Secure; Priority=High;
MR=0; domain=c.bing.com; expires=Sun, 10-Dec-2023 20:34:29 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CDAFCFFE7A824DC7A7364A5485FB386E Ref B: OSL30EDGE0111 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
px.ads.linkedin.com/setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent=
108 B URL GET px.ads.linkedin.com/setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent=
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjectwww.linkedin.com
FingerprintDD:64:0D:6C:03:1D:AA:A9:68:F2:FB:0C:02:7A:52:34:27:C9:FD:D9
ValidityFri, 03 Nov 2023 00:00:00 GMT - Fri, 03 May 2024 23:59:59 GMT
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /setuid?partner=microsoftSsp&dbredirect=true&dnt=0&gdpr=0&gdpr_consent= HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 108
content-type: image/png
content-encoding: gzip
vary: Accept-Encoding
set-cookie: bcookie="v=2&d8988ed2-03e4-4eb8-8d1b-fedd6c9dd90b"; Domain=.linkedin.com; Expires=Mon, 02-Dec-2024 20:34:29 GMT; Path=/; Secure; SameSite=None
li_gc=MTswOzE3MDE2MzU2Njk7MjswMjFde0Leyhkn1iTQVQqC0BOFsUGamm78vtHlWjCuRpW1Tw==; Domain=.linkedin.com; Expires=Fri, 31 May 2024 20:34:29 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2656:u=1:x=1:i=1701635669:t=1701722069:v=2:sig=AQHuFuzsuje_j7wKh2h9eLa5y6PoImfz"; Expires=Mon, 04 Dec 2023 20:34:29 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYLoO2cV1E4xYhrza8FPA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 2635D86ACE3642E0B65EE6F6D2C8A6F8 Ref B: OSL30EDGE0313 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 425 B URL GET HTTP/2 assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (688), with no line terminators
Hash 3608f843d1518e1de02cbd574f012525
387b207e170fe60c07fa7a187d8ca84df25d9182
c08c900e305f7392ebb2b96351742891c0a57f06158acd78e58844f11b91513f
GET /service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-a1cb-4751-bc40-6db5c81f74e6
ddd-strategyexecutionlatency: 00:00:00.0146402
ddd-debugid: 656ce655-a1cb-4751-bc40-6db5c81f74e6|2023-12-03T20:34:29.1717793Z|fabric_community|EUS1|Community_28
onewebservicelatency: 15
x-msedge-responseinfo: 15
x-ceto-ref: 656ce65545ac48759f4bd434134da12c|2023-12-03T20:34:29.148Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F6FE16BE7DC496B83656CE9B323546D Ref B: STOEDGE1505 Ref C: 2023-12-03T20:34:29Z
content-length: 425
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771282,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf12
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf12
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 425 B URL GET HTTP/2 assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (688), with no line terminators
Hash 3608f843d1518e1de02cbd574f012525
387b207e170fe60c07fa7a187d8ca84df25d9182
c08c900e305f7392ebb2b96351742891c0a57f06158acd78e58844f11b91513f
GET /service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-a1cb-4751-bc40-6db5c81f74e6
ddd-strategyexecutionlatency: 00:00:00.0146402
ddd-debugid: 656ce655-a1cb-4751-bc40-6db5c81f74e6|2023-12-03T20:34:29.1717793Z|fabric_community|EUS1|Community_28
onewebservicelatency: 15
x-msedge-responseinfo: 15
x-ceto-ref: 656ce65545ac48759f4bd434134da12c|2023-12-03T20:34:29.148Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F6FE16BE7DC496B83656CE9B323546D Ref B: STOEDGE1505 Ref C: 2023-12-03T20:34:29Z
content-length: 425
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771284,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf14
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf14
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/icon-assets-MediaIconVideo.7aa09daa9a79936e585b.js
200 OK 1.3 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/icon-assets-MediaIconVideo.7aa09daa9a79936e585b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (3427), with no line terminators
Hash f4b4bb780bc3b80a90f428ef99a10ccb
c5c281318a87829769d238e8eea2826cacbf5f8e
9bf65ddec8bf8a11eb0fca7c73a355938bb9fc7568a372d0638b94c0182e3649
GET /bundles/v1/views/latest/icon-assets-MediaIconVideo.7aa09daa9a79936e585b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 1347
content-md5: wd20bzdz8YVLIbvFdZ3Flg==
last-modified: Wed, 29 Nov 2023 22:36:25 GMT
etag: 0x8DBF12B9EDD7FB6
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 3b34f91f-601e-002d-6014-231de4000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771287,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf17
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf17
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771291,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf1b
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf1b
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/breakingnews/v1/cms/api/amp/article/AA157JY
200 OK 2.6 kB URL GET HTTP/2 assets.msn.com/breakingnews/v1/cms/api/amp/article/AA157JY
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5655), with no line terminators
Hash 66cd7a79e11002ba1ed20e55e5ddb454
addaaaa7efbcab1be58f63eaa3e7885a647774f1
14ead2d295169a0011ad26c6442cae79e8fb18b40d7321d69e734155c778a6cd
GET /breakingnews/v1/cms/api/amp/article/AA157JY HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 2641
content-encoding: gzip
last-modified: Sat, 02 Dec 2023 02:38:12 GMT
etag: W/"40453"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: AA157JY
x-cms-version: 12397
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: article
x-cms-executiontimeinmilliseconds: 0
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: 19a225c0-fd78-4147-a514-f1ce87a4bc74
x-trace-context: {"ActivityId":"19a225c0-fd78-4147-a514-f1ce87a4bc74"}
ms-cv: MHxfMX48vkKjudVwLxjF8A.0
x-cms-servicelocation: eastus:0
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771294,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf1e
cache-control: max-age=30
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf1e
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674782&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674782&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635674782&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6025
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=6a15171bd3064611a90d052fe9f34f5c&HASH=6a15&LV=202312&V=4&LU=1701635669553; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:29 GMT; Path=/;Secure; SameSite=None
MS0=bef9b24576784b9e92619d04e5b1feae; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:29 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5229
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
trace.mediago.io/cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
200 OK 0 B URL GET HTTP/2 trace.mediago.io/cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGlobalSign nv-sa
Subject*.mediago.io
FingerprintC8:C6:C1:04:CE:5C:CE:0B:69:F3:21:9F:08:AF:DC:FB:DD:DC:29:66
ValidityFri, 13 Jan 2023 10:42:01 GMT - Sun, 11 Feb 2024 09:35:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent= HTTP/1.1
Host: trace.mediago.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
set-cookie: __mguid_=df16c08135b0bce91t9frr00lppxxxri; Path=/; Domain=mediago.io; Max-Age=31536000; Secure; SameSite=None
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
assets.msn.com/service/community/posts/?topicId=AA17OofU&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false
200 OK 22 B URL GET HTTP/2 assets.msn.com/service/community/posts/?topicId=AA17OofU&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash d751713988987e9331980363e24189ce
97d170e1550eee4afc0af065b78cda302a97674c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
GET /service/community/posts/?topicId=AA17OofU&postType=Poll&market=en-us&top=5&skip=0&orderBy=Time&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-3e1c-4e61-866a-c05c5bff0b06
ddd-strategyexecutionlatency: 00:00:00.0003810
ddd-debugid: 656ce655-3e1c-4e61-866a-c05c5bff0b06|2023-12-03T20:34:29.6155536Z|fabric_community|NEU1|Community_10
onewebservicelatency: 1
x-msedge-responseinfo: 1
x-ceto-ref: 656ce655b3dd4d9baef63d1842989a4b|2023-12-03T20:34:29.612Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4350F3AE6B14885A152F0DCFEFF1E8E Ref B: OSL30EDGE0207 Ref C: 2023-12-03T20:34:29Z
expires: Sun, 03 Dec 2023 20:34:29 GMT
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 22
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:29 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771319,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=3, clienttt; dur=51, origin; dur=50 , cdntime; dur=1
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf37
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf37
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/codex-bing-chat/codexChatInside.png
2.5 kB URL GET assets.msn.com/staticsb/statics/latest/codex-bing-chat/codexChatInside.png
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 3e686f2cf788629be76ca8b529af20aa
e0fc33d0d00c55e74cde0cdca94ed2ffb05bc88d
d0c151b67053381e843984709b1c3628e4695e939781b9196879326de4f38a5f
GET /staticsb/statics/latest/codex-bing-chat/codexChatInside.png HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-md5: PmhvLPeIYpvnbKi1Ka8gqg==
last-modified: Fri, 01 Dec 2023 07:16:54 GMT
etag: 0x8DBF23D7EFF94EE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: c9b9339d-d01e-0052-7832-241fdc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 2522
akamai-request-bc: [a=95.101.10.166,b=1569771445,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cfb5
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cfb5
vary: Origin
X-Firefox-Spdy: h2
c.bing.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&RedC=c.msn.com&MXFR=0F42A7BCFF8E6D033159B460FE7B6CF3
302 Found 0 B URL GET HTTP/2 c.bing.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&RedC=c.msn.com&MXFR=0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectwww.bing.com
FingerprintA5:EC:34:1F:AB:B3:69:71:54:88:69:BA:64:CC:E2:9B:32:B6:65:CD
ValidityTue, 24 Oct 2023 07:42:22 GMT - Sun, 21 Apr 2024 07:42:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&RedC=c.msn.com&MXFR=0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2; MR=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.msn.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&MUID=31DE64B2864F61CA0C2E776E87BA60F2
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=31DE64B2864F61CA0C2E776E87BA60F2; domain=c.bing.com; expires=Fri, 27-Dec-2024 20:34:29 GMT; path=/; SameSite=None; Secure;
SRM_M=31DE64B2864F61CA0C2E776E87BA60F2; domain=c.bing.com; expires=Fri, 27-Dec-2024 20:34:29 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 78082BCEA6C441078E46980C4AFB077C Ref B: OSL30EDGE0111 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_info-pane_dist_info-pane-panel_index_js-web-components_info-pane_dist_info-pan-a25c1c.14f5b7ab3ca566c4f789.js
200 OK 7.8 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_info-pane_dist_info-pane-panel_index_js-web-components_info-pane_dist_info-pan-a25c1c.14f5b7ab3ca566c4f789.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (31718)
Hash b4f5b369e2d3fa86229f020cddcc9f32
3ae14fec7e72c6ccc81bdc2a8c814e209265f8f0
285f6e63deaa0d897bbcfce222f09d62bf3a8b02b53882546fbfa78e7cb9f9fd
GET /bundles/v1/views/latest/web-components_info-pane_dist_info-pane-panel_index_js-web-components_info-pane_dist_info-pan-a25c1c.14f5b7ab3ca566c4f789.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 7784
content-md5: UCl6Yjo3ksqM3YD9j1MmVQ==
last-modified: Sat, 18 Nov 2023 00:15:23 GMT
etag: 0x8DBE7CB75182084
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e61b1bc2-601e-006e-38fc-1b1226000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771538,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d012
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d012
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_motion-manager_dist_MotionManager_js-web-components_super-cards_dist_cards_sub-component-5c2afd.565f9bea12697eaa49c1.js
200 OK 5.2 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_motion-manager_dist_MotionManager_js-web-components_super-cards_dist_cards_sub-component-5c2afd.565f9bea12697eaa49c1.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (15166)
Hash 9939204be53bbe7de2360107e64f48dc
a1358f95ab8361309d59b7b807e18d49f8f61f37
0524f7ba0c6b34f84aac1155c60822398cd017d8167d837445659e1bb1e03e10
GET /bundles/v1/views/latest/libs_motion-manager_dist_MotionManager_js-web-components_super-cards_dist_cards_sub-component-5c2afd.565f9bea12697eaa49c1.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 5160
content-md5: M1f8gOZ9LPJXzf1D4bd3GQ==
last-modified: Wed, 29 Nov 2023 22:36:21 GMT
etag: 0x8DBF12B9CB7D233
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: ea557d38-e01e-004a-3014-2387db000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771542,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d016
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d016
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_card-overlap-monitor_dist_CardOverlapMonitor_js-libs_chromium-page-settings_dist_Chromiu-ae9cb6.d8a7cd677421a1cbbfdc.js
200 OK 9.3 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_card-overlap-monitor_dist_CardOverlapMonitor_js-libs_chromium-page-settings_dist_Chromiu-ae9cb6.d8a7cd677421a1cbbfdc.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (37084)
Hash f6e9ede203135982846ea868955e291a
848cfd4b92185df0a736fac330f1f7307ec2beb0
f9e463a32985a730e01fc15564656e15a4e87bf863f4b32e8653a26768335dca
GET /bundles/v1/views/latest/libs_card-overlap-monitor_dist_CardOverlapMonitor_js-libs_chromium-page-settings_dist_Chromiu-ae9cb6.d8a7cd677421a1cbbfdc.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 9322
content-md5: 3QNvFYSwh8aAGAyqjcA9EA==
last-modified: Wed, 29 Nov 2023 22:36:19 GMT
etag: 0x8DBF12B9B653AAF
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 96c37a56-301e-0023-4814-23dc0a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771539,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d013
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d013
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 10 kB IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (39312), with no line terminators
Hash 8ff0c559adfddcf87a4763e9a78ba625
8b2fa8fd5cf0fe2600f03e400dc143f4804985b8
a387ad9d7732b70f66e8c6619b367b5d5918a7b5c336ef79e16bc6dec56445a1
POST /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-ms-flightId: msnallexpusers,prg-sp-liveapi,platagyhp3cf,platagyhz2cf,eu3otvendor-t,otvendor-t,weather5cf,prg-1sw-skipqueue,prg-1sw-findef1,prg-1sw-fidnoti,prg-1sw-financedp,prg-1sw-findet1,prg-1sw-idxpd1,prg-1sw-premonsd,1s-eaop1,prg-1sw-darkhover,prg-adspeek,btrecrow3,1s-winauthservice,prg-1sw-header-event,prg-1sw-kdp1t3,prg-1sw-etbp1t3,prg-1sw-rfcp1,prg-pr2-stickypvts,prg-pr2-dualbgc,btie-brandsft-c,prg-ias,1s-fcrypt,artglyrank5cf,1s-wpo-prg1-cdpn,1sw-bnfintfrkv3,prg-upsaip-w1-t,prg-upsaip-r-t,prg-1sw-sacgadjc,prg-ctrlmidroll,7b83c716,1s-rpssecautht,prg-1sw-p1wtrclm,traffic-p2-tpinc-c,prg-1sw-xref1-p2-ctrl,prg-pr2-nwpi8,1s-wpo-ntp-coftinf,prg-1sw-shipfin,prg-1sw-enableact,prg-1sw-fnccombo,prg-1sw-ref1-p1-ctr,prg-pr2-bndaunoen,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-1sw-tbrcounter,spr-t-gp1025rbv9,prg-spr-t-gp1025rbv9,ads-stableidlookup,prg-ad-cbuxhld,prg-1sw-srdus,prg-1sw-rv2hpc,prg-1sw-spaipv2,1s-xapbnze,prg-ntp-wxcmcb,prg-ntp-wxcm,prg-useplmtmgr,prg-1sw-wxstm,prg-sh-rmitmlnk-c,prg-pr2-pagefilter,nopinglancecardit,ads-floorexp-t,prg-sh-recopdp,prg-wpo-nocardsqsp,prg-upscache-t,prg-wxmnns,prg-1sw-cgxap-t1,prg-1sw-cgxap,prg-1sw-esprtxp,1s-mxr-winfeed,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,1s-segdep-bint,ads-dupcount0,prg-wx-wtp,prg-pr2-wpo3,prg-ugc-likechange,prg-1sw-wxmptreplace,ads-hp-chints-c,prg-1s-wpocfp1,prg-uaskafka-t,prg-vidad-ctrlwrap,prg-wx-fredlgm,prg-1sw-wxovsig,prg-wx-fredlg,prg-sh-bd-sson,prg-sh-sson,1s-segdep-aict,1s-segdep-mapt,1s-segdep-reot,1s-segdep-vidt,1s-segdep-hert,1s-segdep-reit,1s-segdep-prit,prg-1sw-wxdmtctr7,roll_cameraicon_t,exp_cameraicon_t,ads-numbids-4,prg-1sw-wxnearbyrec,ads-cwfix,prg-pr2-cntfbnrfc,prg-sh-bd-newchckot,prg-sh-bd-nwchk,prg-c-peslt,msph-videoc2s,prg-sh-bd-disbadge,prg-bd-unqiue-c,prg-sh-bd-cm,prg-sh-bd-xtracash,prg-sh-bd-disgb,prg-sh-usecshk,prg-sh-usecshkpdp,prg-pcs-hdatainfo,prg-sh-bd-disinsight,cprg-vidad-vertctrl,prg-1sw-tbrbrp2,prg-1sw-imgqualityc
Cache-Control: no-cache
X-MSEdge-Market: en-us
X-MSEdge-ClientID: 0F42A7BCFF8E6D033159B460FE7B6CF3
Content-Length: 879
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server-timing: total;dur=336
timing-allow-origin: https://www.msn.com
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7097F067088E42B0B5A4CC73739E1D2E Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/community/img/avatar-placeholder.svg
200 OK 1.2 kB URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/community/img/avatar-placeholder.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2331), with CRLF line terminators
Hash ad7987163d0e78c542e13214a76b5d06
8b355e7e3402317fd398a0da384fc94f5c7d183f
72a718d060674cbaaf55b45bdb6edac454936deb1fb83f6a8f89d838e0c3acdb
GET /staticsb/statics/latest/community/img/avatar-placeholder.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: rXmHFj0OeMVC4TIUp2tdBg==
last-modified: Fri, 01 Dec 2023 07:16:59 GMT
etag: 0x8DBF23D823CA212
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 762e87d0-601e-004f-0e7b-24927a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 1173
akamai-request-bc: [a=95.101.10.166,b=1569771605,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d055
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d055
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 142 kB IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size 142 kB (141920 bytes)
Hash 1f8ccbdcad092f7dffb8e1d0edd2a5ba
b53a218e81a7dd6a9f94a9b589e81503ea6fc5eb
177f910a749f971fb2af0970a72c09df1a09d26c6ec4065720c4acefddd7ee32
POST /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-ms-flightId: msnallexpusers,prg-sp-liveapi,platagyhp3cf,platagyhz2cf,eu3otvendor-t,otvendor-t,weather5cf,prg-1sw-skipqueue,prg-1sw-findef1,prg-1sw-fidnoti,prg-1sw-financedp,prg-1sw-findet1,prg-1sw-idxpd1,prg-1sw-premonsd,1s-eaop1,prg-1sw-darkhover,prg-adspeek,btrecrow3,1s-winauthservice,prg-1sw-header-event,prg-1sw-kdp1t3,prg-1sw-etbp1t3,prg-1sw-rfcp1,prg-pr2-stickypvts,prg-pr2-dualbgc,btie-brandsft-c,prg-ias,1s-fcrypt,artglyrank5cf,1s-wpo-prg1-cdpn,1sw-bnfintfrkv3,prg-upsaip-w1-t,prg-upsaip-r-t,prg-1sw-sacgadjc,prg-ctrlmidroll,7b83c716,1s-rpssecautht,prg-1sw-p1wtrclm,traffic-p2-tpinc-c,prg-1sw-xref1-p2-ctrl,prg-pr2-nwpi8,1s-wpo-ntp-coftinf,prg-1sw-shipfin,prg-1sw-enableact,prg-1sw-fnccombo,prg-1sw-ref1-p1-ctr,prg-pr2-bndaunoen,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-1sw-tbrcounter,spr-t-gp1025rbv9,prg-spr-t-gp1025rbv9,ads-stableidlookup,prg-ad-cbuxhld,prg-1sw-srdus,prg-1sw-rv2hpc,prg-1sw-spaipv2,1s-xapbnze,prg-ntp-wxcmcb,prg-ntp-wxcm,prg-useplmtmgr,prg-1sw-wxstm,prg-sh-rmitmlnk-c,prg-pr2-pagefilter,nopinglancecardit,ads-floorexp-t,prg-sh-recopdp,prg-wpo-nocardsqsp,prg-upscache-t,prg-wxmnns,prg-1sw-cgxap-t1,prg-1sw-cgxap,prg-1sw-esprtxp,1s-mxr-winfeed,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,1s-segdep-bint,ads-dupcount0,prg-wx-wtp,prg-pr2-wpo3,prg-ugc-likechange,prg-1sw-wxmptreplace,ads-hp-chints-c,prg-1s-wpocfp1,prg-uaskafka-t,prg-vidad-ctrlwrap,prg-wx-fredlgm,prg-1sw-wxovsig,prg-wx-fredlg,prg-sh-bd-sson,prg-sh-sson,1s-segdep-aict,1s-segdep-mapt,1s-segdep-reot,1s-segdep-vidt,1s-segdep-hert,1s-segdep-reit,1s-segdep-prit,prg-1sw-wxdmtctr7,roll_cameraicon_t,exp_cameraicon_t,ads-numbids-4,prg-1sw-wxnearbyrec,ads-cwfix,prg-pr2-cntfbnrfc,prg-sh-bd-newchckot,prg-sh-bd-nwchk,prg-c-peslt,msph-videoc2s,prg-sh-bd-disbadge,prg-bd-unqiue-c,prg-sh-bd-cm,prg-sh-bd-xtracash,prg-sh-bd-disgb,prg-sh-usecshk,prg-sh-usecshkpdp,prg-pcs-hdatainfo,prg-sh-bd-disinsight,cprg-vidad-vertctrl,prg-1sw-tbrbrp2,prg-1sw-imgqualityc
Cache-Control: no-cache
X-MSEdge-Market: en-us
X-MSEdge-ClientID: 0F42A7BCFF8E6D033159B460FE7B6CF3
Content-Length: 821
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server-timing: total;dur=539
timing-allow-origin: https://www.msn.com
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A78BB108C9C41A3B9BCCB021A4690AD Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:28 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/web-components_content-video-player_dist_index_js.450ae5bf7ec7eeec436a.js
200 OK 37 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/web-components_content-video-player_dist_index_js.450ae5bf7ec7eeec436a.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65408)
Hash 363f9bd5f377f5c0994975f35edad30f
39522e0976e4c0b546083909b11767f5ab1a43e1
b9eba13320707c757a3d64485c0d3f44bf42ef5ff078c878b4fb31ca979e3524
GET /bundles/v1/views/latest/web-components_content-video-player_dist_index_js.450ae5bf7ec7eeec436a.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 37394
content-md5: Ssdw6hG3x2jrFzainxJgrA==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C654EE807
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 8f3cf951-d01e-0036-05f5-237683000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771697,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d0b1
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d0b1
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/video-card-wc.cef8d714b059cbfaee8b.js
200 OK 32 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/video-card-wc.cef8d714b059cbfaee8b.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (41747)
Hash 922df090e48ac5d126ec9d01005695d4
e9c29991b2736ac7939c47c43018237a39c747b5
1840fcc7f8ba3e0689c6c55c5506eec58eaf1fdeba3b4ea098b95fb39c6d3099
GET /bundles/v1/views/latest/video-card-wc.cef8d714b059cbfaee8b.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 31855
content-md5: vnRTbs4D9WhhHXh5C0r8hg==
last-modified: Fri, 01 Dec 2023 01:25:28 GMT
etag: 0x8DBF20C670AA377
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c58bbdb-e01e-0009-27f5-238819000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771725,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d0cd
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d0cd
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/experiences_video-card-wc_dist_utils_VideoCardHelper_js-experiences_video-card-wc_dist_video--792a60.7abd8925b71ab47577e5.js
200 OK 14 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/experiences_video-card-wc_dist_utils_VideoCardHelper_js-experiences_video-card-wc_dist_video--792a60.7abd8925b71ab47577e5.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (52838)
Hash 6366126f4c01fed5f548456a5e6b4ebe
5010d604a484837cef5ea64410212c819495bffd
396512579d63b72431d1da5bbf36275e8601c11b9bf1d69e80accf061776d005
GET /bundles/v1/views/latest/experiences_video-card-wc_dist_utils_VideoCardHelper_js-experiences_video-card-wc_dist_video--792a60.7abd8925b71ab47577e5.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 14131
content-md5: 4Ey19Pmz94g+Pkt85KWZ3w==
last-modified: Fri, 01 Dec 2023 01:25:23 GMT
etag: 0x8DBF20C63F7643E
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 63617f94-101e-0072-4df5-23618d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771707,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d0bb
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d0bb
vary: Origin
X-Firefox-Spdy: h2
login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
200 OK 1.5 kB URL GET HTTP/1.1 login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1547), with no line terminators
Hash 3e2129ec7ee0d22d5874d661893921c0
e6b20a5603f8b9292d46e2a74e32d1ddc6229196
c45868384dfd77121a6d62ba32304628c211fdc6d471cb985348d731890b6e96
GET /common/v2.0/.well-known/openid-configuration HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=86400, private
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 276c2158-5e46-4746-80b3-24b017d41a00
x-ms-ests-server: 2.1.16790.7 - NEULR1 ProdSlices
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: fpc=AhdB7udRAbdAoS3g-8XjIRU; expires=Tue, 02-Jan-2024 20:34:29 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-4cbAJ2VSjIxv2DSOJcPKnLojP-DeeMmNyLsbofhelN9ArMDvb3FGdcIt_w6wgB8gcB3SnzXD8huNcAtXZeeKSCd2cmkwagLX1O6U7MReREwc_JBY9_jil5ma02Lojx9nULwFqBuQyficxYBhl-M7UkO1fqRJdlBgVOKUxSh__FUgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Sun, 03 Dec 2023 20:34:29 GMT
Content-Length: 1547
assets.msn.com/bundles/v1/views/latest/ms-rewards-wc.83db4b7c24b636726a9e.js
200 OK 9.6 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/ms-rewards-wc.83db4b7c24b636726a9e.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (20370)
Hash 5c412f2a3a2f207787f9f3280849344a
be8d99e4d938711af879032b753e2ac05f80b2b3
bf5da641968d028692c293e1fdd85088ec34d5b8adedf68e68a7cc41e633b3c1
GET /bundles/v1/views/latest/ms-rewards-wc.83db4b7c24b636726a9e.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 9586
content-md5: uCftuk7lfgVkCnTW25LunQ==
last-modified: Fri, 01 Dec 2023 01:25:26 GMT
etag: 0x8DBF20C6608B281
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: dfdb82d1-401e-005d-6af5-23203f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771794,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d112
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d112
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_wpo-card-provider_dist_WpoCardProvider_js.ce327b6151d4c223c2bf.js
200 OK 12 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_wpo-card-provider_dist_WpoCardProvider_js.ce327b6151d4c223c2bf.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (44669), with no line terminators
Hash bd543d8822d7484c3a765fe5f0952102
8f80d9f3488a043e3b0d14dab28bd9544ad94789
cb14029456dff71123ae2a02a1d83835d08c9dbc4177e6d1c39feeb55ade492a
GET /bundles/v1/views/latest/libs_wpo-card-provider_dist_WpoCardProvider_js.ce327b6151d4c223c2bf.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 11926
content-md5: RoK3HTXW9fh9uH43qSa4aw==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C6534D28A
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 4d9c0b62-801e-0038-2af5-23b76d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771800,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d118
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d118
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/channel-store.ba40a81b17f47f691a11.js
200 OK 47 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/channel-store.ba40a81b17f47f691a11.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4fdea3c42edbc1ffdb04852b4964493b
d4decb2227c4dfa5818fdf2228e73f01b6168c5f
a50b4522ee78e7bd3333d4ac48d3375b460b503f1ed55a4202b2b9ec9d8cf228
GET /bundles/v1/views/latest/channel-store.ba40a81b17f47f691a11.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 46794
content-md5: qOtiVSogdqqjDVjreT/R6Q==
last-modified: Fri, 01 Dec 2023 01:25:27 GMT
etag: 0x8DBF20C662FE639
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5c07d780-a01e-002a-57f5-230528000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771808,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d120
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d120
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_topics-shared-state_dist_TopicData_connector_js-libs_topics-shared-state_dist_TopicData_-dab698.94230644b03ef93ea1b4.js
200 OK 15 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_topics-shared-state_dist_TopicData_connector_js-libs_topics-shared-state_dist_TopicData_-dab698.94230644b03ef93ea1b4.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (62911), with no line terminators
Hash 2451e078450a7cf01eb8cec6395303ff
503b604edd9c8ab3806cd63866ce1f8d61286e09
481d6a58d25667ffc4ae44ba6e28ea194de4ed55b8912cbedf418ddea0ad5891
GET /bundles/v1/views/latest/libs_topics-shared-state_dist_TopicData_connector_js-libs_topics-shared-state_dist_TopicData_-dab698.94230644b03ef93ea1b4.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 14854
content-md5: ZIXdWn2XUlu/6meuxeLrzw==
last-modified: Wed, 29 Nov 2023 22:36:23 GMT
etag: 0x8DBF12B9DECD300
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f53e15d1-e01e-000f-1214-236ed8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771801,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d119
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d119
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/notification-bell-wc.914641618397b0155cd4.js
200 OK 48 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/notification-bell-wc.914641618397b0155cd4.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (28198)
Hash 8df6baee87bc66afb7ab0ca87bc5d056
efeee883ee55572df95033e14cdf2c663fa5295e
c1b761478fe074f190c79875f2cd66e689c6e93aba83878d5033047ac806e74e
GET /bundles/v1/views/latest/notification-bell-wc.914641618397b0155cd4.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 47524
content-md5: bdTjZb8x1oY6TZ40OKCyaw==
last-modified: Fri, 01 Dec 2023 01:25:30 GMT
etag: 0x8DBF20C6802F844
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b0361f62-f01e-0024-4cf5-23c4c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771798,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d116
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d116
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
200 OK 1.5 kB URL GET HTTP/2 assets.msn.com/content/v1/cms/api/amp/Document/BBI4MeJ
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (5607), with no line terminators
Hash 478c93a521189286a8aa3627e3d410a1
cc723883ea9447632865b90cbcb8c66c8590a3c4
7c10f1b060251f7226eb9b97eb249fb7f9f18505876a7d3b0bd1c7caee1f66a3
GET /content/v1/cms/api/amp/Document/BBI4MeJ HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 1466
content-encoding: gzip
last-modified: Sun, 03 Dec 2023 07:00:23 GMT
etag: W/"29499"
server: Microsoft-HTTPAPI/2.0
x-cms-documentstoragetier: Cache
x-cms-documentid: BBI4MeJ
x-cms-version: 6176
x-cms-state: Published
x-cms-tenant: amp
x-cms-type: list
x-cms-executiontimeinmilliseconds: 3
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: X-Trace-Context,X-CMS-DocumentId,X-CMS-Type,X-CMS-Tenant,X-CMS-State,X-CMS-Version,ETag,X-CMS-SearchElapsedTimeInMilliseconds,X-CMS-SearchBackendTimeInMilliseconds,X-CMS-SearchMatchedTotal,X-CMS-SearchMaxScore,X-CMS-SearchShardsTotal,X-CMS-SearchShardsSuccessful,X-CMS-SearchShardsFailed,X-CMS-SearchReturnedCount,X-CMS-ExecutionTimeInMilliseconds,MS-CV
appex-activity-id: b6e97b1c-fbf6-49be-ac8f-ac6835b2b318
x-trace-context: {"ActivityId":"b6e97b1c-fbf6-49be-ac8f-ac6835b2b318"}
ms-cv: 7JK1t3Aw4EKG4g28UDhfqQ.0
x-cms-servicelocation: eastus:0
cache-control: max-age=900
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771891,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d173
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d173
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C6303D6BF7E9474DACC524A365DD8EEC Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD6D299B98014D669B7544CFE7F9F417 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1yZWN0YW5nbGUtMSB8IE1EIHwgQXVjdGlvbjIQNjBlNGRhNzYyYjRjNWY0Ng%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1yZWN0YW5nbGUtMSB8IE1EIHwgQXVjdGlvbjIQNjBlNGRhNzYyYjRjNWY0Ng%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1yZWN0YW5nbGUtMSB8IE1EIHwgQXVjdGlvbjIQNjBlNGRhNzYyYjRjNWY0Ng%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B5E684441D9479B9A3039D8E54FE78A Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMSB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMSB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMSB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9359501070CC4298813E48DF6E4BB155 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMiB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMiB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIXdlYmNvbXBhci1zbGl2ZXItMiB8IE1EIHwgQXVjdGlvbjIQNWNkYmQwYmM1NDc2OWNiOQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 74BB9482007C4DE8A5993BB02F3D77BE Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/rewards-data-connector.a684e3900268c1197f2f.js
200 OK 11 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/rewards-data-connector.a684e3900268c1197f2f.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (51239), with no line terminators
Hash 77c9e5e31541fff2bf4b4a2a7567735d
3a06b818fe6dbc86b0ff9d00c65ff110b73ab8f4
3983bdb0d64f70a6c169ec5339f3672ee546cdcca0542210ac467d2960c12c16
GET /bundles/v1/views/latest/rewards-data-connector.a684e3900268c1197f2f.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 10659
content-md5: LrnpZEmo7R5Rmt3pUIyHwA==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C651120EB
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d192c430-101e-0055-5ff5-230710000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771864,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d158
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d158
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3659053461204AA2ABAAE92D5B265C05 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
trace.popin.cc/cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
200 OK 0 B URL GET HTTP/2 trace.popin.cc/cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerGoogle Trust Services LLC
Subjecttrace.popin.cc
Fingerprint18:D7:BB:12:B4:A3:25:23:DE:46:DC:92:16:39:8B:FD:B3:93:03:70
ValidityFri, 13 Oct 2023 20:07:01 GMT - Thu, 11 Jan 2024 20:57:13 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cs/msn?id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent= HTTP/1.1
Host: trace.popin.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
set-cookie: __mguid_=df16c08135b0bce91ejmj200lppxxy23; Path=/; Domain=popin.cc; Max-Age=31536000; Secure; SameSite=None
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_100%2Cw_200%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F3ad8b067cc1bc7276b4190f642b02d25.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%7E%7EV1%7E%7E9096163551020680461%7E%7EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%22%7D
200 OK 4.1 kB URL GET HTTP/2 images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_100%2Cw_200%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F3ad8b067cc1bc7276b4190f642b02d25.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%7E%7EV1%7E%7E9096163551020680461%7E%7EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%22%7D
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subject*.archive-digger.com
Fingerprint93:6C:73:AF:D0:3B:7A:4D:5D:A1:FA:38:88:DE:A1:5E:DD:10:F6:F5
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 60cb1cb7cc8fdccf4967900d7427e588
98cbdf94eff1a5e4275b38c85e082cfd3c8f42a7
4b1d007556a53057f69d58f757049864b3986d2d457ad296ab29e3c6712d5755
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_100%2Cw_200%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F3ad8b067cc1bc7276b4190f642b02d25.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%7E%7EV1%7E%7E9096163551020680461%7E%7EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%22%7D HTTP/1.1
Host: images.archive-digger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 344955560109394618650947766036754857096,549203737228083100408393099338336146768,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 344955560109394618650947766036754857096,549203737228083100408393099338336146768,29ecf9b93bbf306179626feeda1fab70
etag: "77d28a2634956fdf4de34d9f3aa3905d"
last-modified: Mon, 23 Oct 2023 13:17:35 GMT
req-referer: https://www.msn.com/
status: 200 OK
surrogate-reporting: width=200,height=100,bytes=5992,owidth=1000,oheight=667,obytes=640136
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 9878fe946d1711b524291e6da3bc6f5f
x-envoy-upstream-service-time: 83
x-backend-name: US_nlb102
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 03 Dec 2023 20:34:30 GMT
age: 2730512
x-served-by: cache-iad-kiad7000172-IAD, cache-iad-kiad7000171-IAD, cache-lga21949-LGA, cache-iad-kiad7000122-IAD, cache-bma1650-BMA
x-cache: Miss from cloudfront, HIT, MISS, MISS, HIT, HIT
x-cache-hits: 1, 0, 0, 26, 1
x-timer: S1701635670.034296,VS0,VE1
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_100%2Cw_200%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F3ad8b067cc1bc7276b4190f642b02d25.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%7E%7EV1%7E%7E9096163551020680461%7E%7EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%22%7D
x-vcl-time-ms: 1
content-length: 4098
X-Firefox-Spdy: h2
images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faaa0f2608ddefd15ca15e816ec9a78e1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%7E%7EV1%7E%7E3443367330089025563%7E%7EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%22%7D
200 OK 6.0 kB URL GET HTTP/2 images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faaa0f2608ddefd15ca15e816ec9a78e1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%7E%7EV1%7E%7E3443367330089025563%7E%7EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%22%7D
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subject*.archive-digger.com
Fingerprint93:6C:73:AF:D0:3B:7A:4D:5D:A1:FA:38:88:DE:A1:5E:DD:10:F6:F5
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 4b44f0fc24d0dfd57bd41f717e5e0a15
8e187796d0e62e3b3763568fa2d908fb7a4929ac
0958054e6e2338920dcc2f6b886dc16086c3ef51fe7d1369b0bb477bf490772a
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faaa0f2608ddefd15ca15e816ec9a78e1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%7E%7EV1%7E%7E3443367330089025563%7E%7EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%22%7D HTTP/1.1
Host: images.archive-digger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 606584811257827927602342157809233212716,580692108560333385274195364442361290119,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 606584811257827927602342157809233212716,580692108560333385274195364442361290119,29ecf9b93bbf306179626feeda1fab70
etag: "3cf2c226091548eebef209c08da523b0"
last-modified: Fri, 10 Nov 2023 05:25:08 GMT
req-referer: https://www.msn.com/
status: 200 OK
surrogate-reporting: width=300,height=157,bytes=11607,owidth=800,oheight=450,obytes=156518
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 164294a6aea907b9574ed7882f76285e
x-envoy-upstream-service-time: 418
x-backend-name: CH_nlb801
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 03 Dec 2023 20:34:30 GMT
age: 1600759
x-served-by: cache-iad-kiad7000164-IAD, cache-iad-kcgs7200162-IAD, cache-chi-kigq8000172-CHI, cache-iad-kiad7000080-IAD, cache-bma1650-BMA
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 49, 84
x-timer: S1701635670.035354,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faaa0f2608ddefd15ca15e816ec9a78e1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%7E%7EV1%7E%7E3443367330089025563%7E%7EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%22%7D
x-vcl-time-ms: 0
content-length: 5980
X-Firefox-Spdy: h2
images.archive-digger.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2.0000%2Cw_5366%2Cx_0%2Cy_447/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F03af9805f5f3f8d0c77c83afe69326b1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%7E%7EV1%7E%7E-4614909549778934615%7E%7EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%22%7D
200 OK 1.4 MB URL GET HTTP/2 images.archive-digger.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2.0000%2Cw_5366%2Cx_0%2Cy_447/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F03af9805f5f3f8d0c77c83afe69326b1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%7E%7EV1%7E%7E-4614909549778934615%7E%7EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%22%7D
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subject*.archive-digger.com
Fingerprint93:6C:73:AF:D0:3B:7A:4D:5D:A1:FA:38:88:DE:A1:5E:DD:10:F6:F5
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Size 1.4 MB (1449126 bytes)
Hash 702dc722efc8439ed55f1d140501af8c
df0defa2ab129972ea0c7ed99a9b942df4d162a2
0663c4ade41dd464c22f7ad551f7e9216efe7c459674eb0d3dcccc2eaa7ca2b8
GET /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2.0000%2Cw_5366%2Cx_0%2Cy_447/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F03af9805f5f3f8d0c77c83afe69326b1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%7E%7EV1%7E%7E-4614909549778934615%7E%7EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%22%7D HTTP/1.1
Host: images.archive-digger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 629881319687492888223953383087414450699,540798753023639666546143930626157576571,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 629881319687492888223953383087414450699,540798753023639666546143930626157576571,29ecf9b93bbf306179626feeda1fab70
etag: "3ac11a85b5604d4cab3fe2a36f7b5c5a"
expiration: expiry-date="Fri, 29 Dec 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Tue, 28 Nov 2023 16:14:14 GMT
req-referer: https://www.msn.com/
surrogate-reporting: width=5366,height=2683,bytes=2086865,owidth=5366,oheight=3578,obytes=4037887
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 3447
x-backend-name: LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 03 Dec 2023 20:34:30 GMT
age: 262126
x-served-by: cache-iad-kjyo7100068-IAD, cache-iad-kcgs7200045-IAD, cache-lax-kwhp1940086-LAX, cache-iad-kiad7000032-IAD, cache-bma1650-BMA
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 1, 1
x-timer: S1701635670.030153,VS0,VE2
vary: ImageFormat
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_2.0000%2Cw_5366%2Cx_0%2Cy_447/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F03af9805f5f3f8d0c77c83afe69326b1.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%7E%7EV1%7E%7E-4614909549778934615%7E%7EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%22%7D
x-vcl-time-ms: 2
content-length: 1449126
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/icons-wc/icons/AdChoiceLight.svg
200 OK 869 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/icons-wc/icons/AdChoiceLight.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1615), with CRLF line terminators
Hash 08ea9e6b354a20d4fba4299b12081dd0
2a21200e6cc6d3e89b12466d6898d2aac380efdc
5e12591f3b257596ed8f5c54359ff79c222901aa2a37f58ec9fce7f88e223119
GET /staticsb/statics/latest/icons-wc/icons/AdChoiceLight.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: COqeazVKINT7pCmbEggd0A==
last-modified: Fri, 01 Dec 2023 07:17:01 GMT
etag: 0x8DBF23D836D6818
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 5a3859b9-c01e-0058-1db1-24359e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
content-length: 869
date: Sun, 03 Dec 2023 20:34:30 GMT
akamai-request-bc: [a=95.101.10.166,b=1569772329,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d329
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635670.5d90d329
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 425 B URL GET HTTP/2 assets.msn.com/service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (688), with no line terminators
Hash 3608f843d1518e1de02cbd574f012525
387b207e170fe60c07fa7a187d8ca84df25d9182
c08c900e305f7392ebb2b96351742891c0a57f06158acd78e58844f11b91513f
GET /service/community/urls/?cmsid=AA1kQbHZ&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-a1cb-4751-bc40-6db5c81f74e6
ddd-strategyexecutionlatency: 00:00:00.0146402
ddd-debugid: 656ce655-a1cb-4751-bc40-6db5c81f74e6|2023-12-03T20:34:29.1717793Z|fabric_community|EUS1|Community_28
onewebservicelatency: 15
x-msedge-responseinfo: 15
x-ceto-ref: 656ce65545ac48759f4bd434134da12c|2023-12-03T20:34:29.148Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F6FE16BE7DC496B83656CE9B323546D Ref B: STOEDGE1505 Ref C: 2023-12-03T20:34:29Z
content-length: 425
date: Sun, 03 Dec 2023 20:34:30 GMT
akamai-request-bc: [a=95.101.10.166,b=1569772497,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d3d1
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635670.5d90d3d1
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 4.6 kB IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (24449), with no line terminators
Hash 7754d5176088f1fe2cf0125615b1083d
1454041817c53955181e6bb015e89a45a125456b
d7f9009fc96b94e6037114cc7347479dccbc835f34c87f9bc8ded79eec74a3a1
POST /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-ms-flightId: msnallexpusers,prg-sp-liveapi,platagyhp3cf,platagyhz2cf,eu3otvendor-t,otvendor-t,weather5cf,prg-1sw-skipqueue,prg-1sw-findef1,prg-1sw-fidnoti,prg-1sw-financedp,prg-1sw-findet1,prg-1sw-idxpd1,prg-1sw-premonsd,1s-eaop1,prg-1sw-darkhover,prg-adspeek,btrecrow3,1s-winauthservice,prg-1sw-header-event,prg-1sw-kdp1t3,prg-1sw-etbp1t3,prg-1sw-rfcp1,prg-pr2-stickypvts,prg-pr2-dualbgc,btie-brandsft-c,prg-ias,1s-fcrypt,artglyrank5cf,1s-wpo-prg1-cdpn,1sw-bnfintfrkv3,prg-upsaip-w1-t,prg-upsaip-r-t,prg-1sw-sacgadjc,prg-ctrlmidroll,7b83c716,1s-rpssecautht,prg-1sw-p1wtrclm,traffic-p2-tpinc-c,prg-1sw-xref1-p2-ctrl,prg-pr2-nwpi8,1s-wpo-ntp-coftinf,prg-1sw-shipfin,prg-1sw-enableact,prg-1sw-fnccombo,prg-1sw-ref1-p1-ctr,prg-pr2-bndaunoen,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-1sw-tbrcounter,spr-t-gp1025rbv9,prg-spr-t-gp1025rbv9,ads-stableidlookup,prg-ad-cbuxhld,prg-1sw-srdus,prg-1sw-rv2hpc,prg-1sw-spaipv2,1s-xapbnze,prg-ntp-wxcmcb,prg-ntp-wxcm,prg-useplmtmgr,prg-1sw-wxstm,prg-sh-rmitmlnk-c,prg-pr2-pagefilter,nopinglancecardit,ads-floorexp-t,prg-sh-recopdp,prg-wpo-nocardsqsp,prg-upscache-t,prg-wxmnns,prg-1sw-cgxap-t1,prg-1sw-cgxap,prg-1sw-esprtxp,1s-mxr-winfeed,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,1s-segdep-bint,ads-dupcount0,prg-wx-wtp,prg-pr2-wpo3,prg-ugc-likechange,prg-1sw-wxmptreplace,ads-hp-chints-c,prg-1s-wpocfp1,prg-uaskafka-t,prg-vidad-ctrlwrap,prg-wx-fredlgm,prg-1sw-wxovsig,prg-wx-fredlg,prg-sh-bd-sson,prg-sh-sson,1s-segdep-aict,1s-segdep-mapt,1s-segdep-reot,1s-segdep-vidt,1s-segdep-hert,1s-segdep-reit,1s-segdep-prit,prg-1sw-wxdmtctr7,roll_cameraicon_t,exp_cameraicon_t,ads-numbids-4,prg-1sw-wxnearbyrec,ads-cwfix,prg-pr2-cntfbnrfc,prg-sh-bd-newchckot,prg-sh-bd-nwchk,prg-c-peslt,msph-videoc2s,prg-sh-bd-disbadge,prg-bd-unqiue-c,prg-sh-bd-cm,prg-sh-bd-xtracash,prg-sh-bd-disgb,prg-sh-usecshk,prg-sh-usecshkpdp,prg-pcs-hdatainfo,prg-sh-bd-disinsight,cprg-vidad-vertctrl,prg-1sw-tbrbrp2,prg-1sw-imgqualityc
Cache-Control: no-cache
X-MSEdge-Market: en-us
X-MSEdge-ClientID: 0F42A7BCFF8E6D033159B460FE7B6CF3
Content-Length: 824
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server-timing: total;dur=333
timing-allow-origin: https://www.msn.com
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F5BBD6A6225C4374967D313C2AC1DE0A Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&d=TaboolaNetBidder&p=webcompar&a=5c8372a2-91b5-442a-b65b-8deae9e60562&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%257E%257EV1%257E%257E-3046628597995316268%257E%257EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%26response.session%3Dv2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIHdlYmNvbXBhci1yaXZlci0xIHwgTUQgfCBBdWN0aW9uMhA1Y2RiZDBiYzU0NzY5Y2I5%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&d=TaboolaNetBidder&p=webcompar&a=5c8372a2-91b5-442a-b65b-8deae9e60562&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%257E%257EV1%257E%257E-3046628597995316268%257E%257EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%26response.session%3Dv2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIHdlYmNvbXBhci1yaXZlci0xIHwgTUQgfCBBdWN0aW9uMhA1Y2RiZDBiYzU0NzY5Y2I5%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&d=TaboolaNetBidder&p=webcompar&a=5c8372a2-91b5-442a-b65b-8deae9e60562&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%257E%257EV1%257E%257E-3046628597995316268%257E%257EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%26response.session%3Dv2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqIHdlYmNvbXBhci1yaXZlci0xIHwgTUQgfCBBdWN0aW9uMhA1Y2RiZDBiYzU0NzY5Y2I5%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AA2914FCE5C148F4A6E5E1DF722BFF97 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 0
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=5c8372a2-91b5-442a-b65b-8deae9e60562&ii=1&c=1715929745968498312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-1&ptid=webcompar-river-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=5c8372a2-91b5-442a-b65b-8deae9e60562&ii=1&c=1715929745968498312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-1&ptid=webcompar-river-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=5c8372a2-91b5-442a-b65b-8deae9e60562&ii=1&c=1715929745968498312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-1&ptid=webcompar-river-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F1FE022A0362489A91B063FC0065D698 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=7fa4ba6e-beff-45a6-8bf6-ef9732c20303&ii=1&c=17271362131053575708&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-2&ptid=webcompar-river-2&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=7fa4ba6e-beff-45a6-8bf6-ef9732c20303&ii=1&c=17271362131053575708&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-2&ptid=webcompar-river-2&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=7fa4ba6e-beff-45a6-8bf6-ef9732c20303&ii=1&c=17271362131053575708&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-river-2&ptid=webcompar-river-2&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D6669F86F2394F8D99F1F484F5BB9AC2 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=riverdb&i=3&p=webcompar&l=en-us&d=bing&b=firefox&a=05af3b55-5c14-4d6d-96ef-984805de6acd&ii=1&c=15128509197795306312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-riverdb-3&ptid=webcompar-riverdb-3&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=riverdb&i=3&p=webcompar&l=en-us&d=bing&b=firefox&a=05af3b55-5c14-4d6d-96ef-984805de6acd&ii=1&c=15128509197795306312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-riverdb-3&ptid=webcompar-riverdb-3&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=riverdb&i=3&p=webcompar&l=en-us&d=bing&b=firefox&a=05af3b55-5c14-4d6d-96ef-984805de6acd&ii=1&c=15128509197795306312&bid=8a357da3-e2d2-4fc8-91dc-c1f0082f7ef6&tid=webcompar-riverdb-3&ptid=webcompar-riverdb-3&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3C34BCAB7FC446748A294C26CF8DBB60 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fde120ae8a180cd25e42000dc8d99cf6a.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%7E%7EV1%7E%7E-3046628597995316268%7E%7EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%22%7D
200 OK 5.6 kB URL GET HTTP/2 images.archive-digger.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fde120ae8a180cd25e42000dc8d99cf6a.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%7E%7EV1%7E%7E-3046628597995316268%7E%7EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%22%7D
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subject*.archive-digger.com
Fingerprint93:6C:73:AF:D0:3B:7A:4D:5D:A1:FA:38:88:DE:A1:5E:DD:10:F6:F5
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 240f152d7b76b7c0c0bf26e1eec918df
74147da1975044f1b2f9ef34bdd4a8e73f2b1762
dd525ed6f495a2b689afaa7fe25cfb547ecf884608c56b609abab487f8db4464
GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fde120ae8a180cd25e42000dc8d99cf6a.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%7E%7EV1%7E%7E-3046628597995316268%7E%7EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%22%7D HTTP/1.1
Host: images.archive-digger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 316994578606690111283071537720628425681,580692108560333385274195364442361290119,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 316994578606690111283071537720628425681,580692108560333385274195364442361290119,29ecf9b93bbf306179626feeda1fab70
etag: "dff54761580fbc22782c4a6f53c2a850"
last-modified: Mon, 09 Oct 2023 06:38:23 GMT
req-referer: https://ntp.msn.com/
status: 200 OK
surrogate-reporting: width=300,height=157,bytes=10205,owidth=800,oheight=450,obytes=146850
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-request-id: 2b0f5b038d657dadaf7f1357f40a9333
x-envoy-upstream-service-time: 34
x-backend-name: LA_nlb204
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 03 Dec 2023 20:34:30 GMT
age: 2816574
x-served-by: cache-iad-kcgs7200147-IAD, cache-iad-kiad7000126-IAD, cache-bur-kbur8200161-BUR, cache-iad-kjyo7100117-IAD, cache-bma1650-BMA
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-cache-hits: 0, 3, 1, 171, 197
x-timer: S1701635670.235378,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_157%2Cw_300%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Fde120ae8a180cd25e42000dc8d99cf6a.jpg?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_8cb6bd230da96403b5086bf5244ac168_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__2583d382bb3218329590a869eacb7b84__%7E%7EV1%7E%7E-3046628597995316268%7E%7EtlOtnA85LLEK35hbd1gov7MRtgNwc4urAPsc-oAt59Fw6cLzOYgYTH58zK8cIqqSxEJdqZ27NaQynTaG_kgexpW9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnOFEQYfBeD529hWaIGI0tfc1nzZU-rOZ5Qvu9euSS9gTffknJSmgNBa64uLX4M24K5qy13h864EBs1Wrj_qpWKIwGWwRxm0aebcHhtlSag18u-5cdcerSalh_JRuJoci0__text%22%7D
x-vcl-time-ms: 0
content-length: 5646
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/icons-wc/icons/AdChoiceDark.svg
200 OK 869 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/icons-wc/icons/AdChoiceDark.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1615), with CRLF line terminators
Hash 5bf90cb27e6afe0fd141908ac72415e6
f843c3ae6b0927273aa4c2dc13bdb19932c79209
980f8c8cb140b6105b7dbe6bfc8b778d3b229d8a35b0befea61138c895df3bb0
GET /staticsb/statics/latest/icons-wc/icons/AdChoiceDark.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: W/kMsn5q/g/RQZCKxyQV5g==
last-modified: Fri, 01 Dec 2023 07:17:20 GMT
etag: 0x8DBF23D8EB2B033
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b69f8216-001e-007e-6166-24ad0e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:30 GMT
content-length: 869
akamai-request-bc: [a=95.101.10.166,b=1569772594,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d432
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635670.5d90d432
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/comments/?contentId=AA1kQbHZ_en-us&$top=6&$skip=0&$orderby=Rating&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 538 B URL GET HTTP/2 assets.msn.com/service/community/comments/?contentId=AA1kQbHZ_en-us&$top=6&$skip=0&$orderby=Rating&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (880), with no line terminators
Hash f8dfb80e8e209b2d0af5e4ec93ca083b
9e1c1b71b02721ceb8d9670b1279272a6a1f2ae6
075d4bacec07d81cf91337231a434db11cbfb27edb943400b3457dec809134dc
GET /service/community/comments/?contentId=AA1kQbHZ_en-us&$top=6&$skip=0&$orderby=Rating&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce656-f615-432e-8b7f-aa3b90ee2100
ddd-strategyexecutionlatency: 00:00:00.0066006
ddd-debugid: 656ce656-f615-432e-8b7f-aa3b90ee2100|2023-12-03T20:34:30.2528516Z|fabric_community|NEU1|Community_9
onewebservicelatency: 8
x-msedge-responseinfo: 8
x-ceto-ref: 656ce65607154fb5b7e7e17f73afb5a0|2023-12-03T20:34:30.250Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 458D93C290AF4D1DBA1961DCD3707B16 Ref B: OSL30EDGE0211 Ref C: 2023-12-03T20:34:30Z
expires: Sun, 03 Dec 2023 20:34:30 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
content-length: 538
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:30 GMT
akamai-request-bc: [a=95.101.10.166,b=1569772505,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=55, origin; dur=55 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d3d9
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635670.5d90d3d9
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/th?id=OADD2.7627974100844_15JIMQOYDNYDC20Y6J&pid=21.2&c=16&roil=0&roit=0.1077&roir=1&roib=0.893&w=300&h=157&dynsize=1&qlt=90
200 OK 12 kB URL GET HTTP/2 www.bing.com/th?id=OADD2.7627974100844_15JIMQOYDNYDC20Y6J&pid=21.2&c=16&roil=0&roit=0.1077&roir=1&roib=0.893&w=300&h=157&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x157, components 3\012- data
Hash c789861caff4310f82ab2bc4b67d9a9a
ec15b917cb89d4c812fe9b60a3b4f2cfbb947ca0
c249dd313f41f2dd5730b899a1e1fef030eac13759e234216e91beb5a15e48de
GET /th?id=OADD2.7627974100844_15JIMQOYDNYDC20Y6J&pid=21.2&c=16&roil=0&roit=0.1077&roir=1&roib=0.893&w=300&h=157&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 11980
date: Sun, 03 Dec 2023 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b9209f
X-Firefox-Spdy: h2
www.bing.com/th?id=OADD2.7627972021428_151GS4ZDQUZEA1GH9F&pid=21.2&c=16&roil=0&roit=0.003&roir=1&roib=0.996&w=612&h=304&dynsize=1&qlt=90
200 OK 48 kB URL GET HTTP/2 www.bing.com/th?id=OADD2.7627972021428_151GS4ZDQUZEA1GH9F&pid=21.2&c=16&roil=0&roit=0.003&roir=1&roib=0.996&w=612&h=304&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 612x304, components 3\012- data
Hash fbb2988dd53272de5c101fb6ab786556
4844c2542c50ef818d9ef995f5c3bc8d0814b0b2
93c29fb1460a7c49ad9b3663923c3ce5d4e4f3a816f4a4951b7775a89ef91c5e
GET /th?id=OADD2.7627972021428_151GS4ZDQUZEA1GH9F&pid=21.2&c=16&roil=0&roit=0.003&roir=1&roib=0.996&w=612&h=304&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 48168
date: Sun, 03 Dec 2023 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b920a0
X-Firefox-Spdy: h2
srtb.msn.com/auction
200 OK 14 kB IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Hash ae26cefc32a113eac597097d29195c67
a43064a3c585c534f2da94c229f25ff1cb8c5a5a
862456c19e9f65987f5185a064a835883e5a6640ead699dacd481edcaf554671
POST /auction HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
x-ms-flightId: msnallexpusers,prg-sp-liveapi,platagyhp3cf,platagyhz2cf,eu3otvendor-t,otvendor-t,weather5cf,prg-1sw-skipqueue,prg-1sw-findef1,prg-1sw-fidnoti,prg-1sw-financedp,prg-1sw-findet1,prg-1sw-idxpd1,prg-1sw-premonsd,1s-eaop1,prg-1sw-darkhover,prg-adspeek,btrecrow3,1s-winauthservice,prg-1sw-header-event,prg-1sw-kdp1t3,prg-1sw-etbp1t3,prg-1sw-rfcp1,prg-pr2-stickypvts,prg-pr2-dualbgc,btie-brandsft-c,prg-ias,1s-fcrypt,artglyrank5cf,1s-wpo-prg1-cdpn,1sw-bnfintfrkv3,prg-upsaip-w1-t,prg-upsaip-r-t,prg-1sw-sacgadjc,prg-ctrlmidroll,7b83c716,1s-rpssecautht,prg-1sw-p1wtrclm,traffic-p2-tpinc-c,prg-1sw-xref1-p2-ctrl,prg-pr2-nwpi8,1s-wpo-ntp-coftinf,prg-1sw-shipfin,prg-1sw-enableact,prg-1sw-fnccombo,prg-1sw-ref1-p1-ctr,prg-pr2-bndaunoen,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-1sw-tbrcounter,spr-t-gp1025rbv9,prg-spr-t-gp1025rbv9,ads-stableidlookup,prg-ad-cbuxhld,prg-1sw-srdus,prg-1sw-rv2hpc,prg-1sw-spaipv2,1s-xapbnze,prg-ntp-wxcmcb,prg-ntp-wxcm,prg-useplmtmgr,prg-1sw-wxstm,prg-sh-rmitmlnk-c,prg-pr2-pagefilter,nopinglancecardit,ads-floorexp-t,prg-sh-recopdp,prg-wpo-nocardsqsp,prg-upscache-t,prg-wxmnns,prg-1sw-cgxap-t1,prg-1sw-cgxap,prg-1sw-esprtxp,1s-mxr-winfeed,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,1s-segdep-bint,ads-dupcount0,prg-wx-wtp,prg-pr2-wpo3,prg-ugc-likechange,prg-1sw-wxmptreplace,ads-hp-chints-c,prg-1s-wpocfp1,prg-uaskafka-t,prg-vidad-ctrlwrap,prg-wx-fredlgm,prg-1sw-wxovsig,prg-wx-fredlg,prg-sh-bd-sson,prg-sh-sson,1s-segdep-aict,1s-segdep-mapt,1s-segdep-reot,1s-segdep-vidt,1s-segdep-hert,1s-segdep-reit,1s-segdep-prit,prg-1sw-wxdmtctr7,roll_cameraicon_t,exp_cameraicon_t,ads-numbids-4,prg-1sw-wxnearbyrec,ads-cwfix,prg-pr2-cntfbnrfc,prg-sh-bd-newchckot,prg-sh-bd-nwchk,prg-c-peslt,msph-videoc2s,prg-sh-bd-disbadge,prg-bd-unqiue-c,prg-sh-bd-cm,prg-sh-bd-xtracash,prg-sh-bd-disgb,prg-sh-usecshk,prg-sh-usecshkpdp,prg-pcs-hdatainfo,prg-sh-bd-disinsight,cprg-vidad-vertctrl,prg-1sw-tbrbrp2,prg-1sw-imgqualityc
Cache-Control: no-cache
X-MSEdge-Market: en-us
X-MSEdge-ClientID: 0F42A7BCFF8E6D033159B460FE7B6CF3
Content-Length: 822
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
vary: Origin,Accept-Encoding
access-control-allow-origin: https://www.msn.com
access-control-allow-credentials: true
x-content-type-options: nosniff
server-timing: total;dur=198
timing-allow-origin: https://www.msn.com
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A786FC5BE97746D5859E1AD9D612EBC6 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:29Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Deb81f3b0c42641c28c87b6b5f42c60c7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir
303 See Other 152 B URL GET HTTP/2 www.bing.com/api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Deb81f3b0c42641c28c87b6b5f42c60c7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash 8472ae52679a54fbbdff6bd14f62039c
5a9148826f03c544da417e6979e17377c19ee616
85f445213ca713a936faca1f815b38b6ca38732bace29c19bfe8fd44559407a0
GET /api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Deb81f3b0c42641c28c87b6b5f42c60c7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=eb81f3b0c42641c28c87b6b5f42c60c7&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 650CCF82059445A4A366163AFFC5EFD1 Ref B: OSL30EDGE0415 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:30 GMT
set-cookie: _EDGE_S=SID=1FA0B6A8C4C86EB41793A574C59F6FFA; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b9209c
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=c8d310f7-1355-4a8d-bef8-f7dd1e9133a8&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377475&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Da930849b6747485c9c2d4ad4f61b9780%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-riverdb-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk
303 See Other 152 B URL GET HTTP/2 www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=c8d310f7-1355-4a8d-bef8-f7dd1e9133a8&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377475&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Da930849b6747485c9c2d4ad4f61b9780%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-riverdb-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash c3b2f3f5a3188cf928f09400ad45bc77
f3c935c1d247544179f61b5095198c90bc9b9db1
56a6f1945d87e1f4939b0e898d01796c233f63e74267c5cda11f61368f93b825
GET /api/v1/mediation/tracking?adUnit=377474&auId=c8d310f7-1355-4a8d-bef8-f7dd1e9133a8&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377475&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3Da930849b6747485c9c2d4ad4f61b9780%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-riverdb-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=a930849b6747485c9c2d4ad4f61b9780&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66F18AB2777B47CD92A16F6C3BD9215B Ref B: OSL30EDGE0120 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:30 GMT
set-cookie: _EDGE_S=SID=36AAAA306297624F0130B9EC63626354; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b920a3
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=5259ad97-4f4d-4bfa-8322-cab1eb6f1057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D295212bacdb34b1c8a087b73a0f084c2%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk
303 See Other 152 B URL GET HTTP/2 www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=5259ad97-4f4d-4bfa-8322-cab1eb6f1057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D295212bacdb34b1c8a087b73a0f084c2%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash 587771cf5eef95b3045545bb4d0192e3
c226dce39c9427ef53664d2716fc6e5fb11c5544
f12df023bc877949584e347a1ddc25422b38d5867548b36c262eaa49fb496c45
GET /api/v1/mediation/tracking?adUnit=377474&auId=5259ad97-4f4d-4bfa-8322-cab1eb6f1057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=adcab52f-37f1-41d0-aaf9-63dfc3150346&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D295212bacdb34b1c8a087b73a0f084c2%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=fp_yvfgevpuhk HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=295212bacdb34b1c8a087b73a0f084c2&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 12D88DFDDCB5449181B46F376EA1FAEF Ref B: OSL30EDGE0118 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:30 GMT
set-cookie: _EDGE_S=SID=25E72924B01C65622DE53AF8B1E964BE; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b920a1
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.2 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash f2c685ebb861bb4f67eea7b882ee01cf
3cadebc3ab676037f98cb637c63c5463a5508e0a
d0d7ae8c91b90fad32920ceb0520d719b44baeb1e0e16d8958b93e7df3c6ade0
GET /tenant/amp/entityid/BBNvr53?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/BBNvr53?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Mon, 27 Nov 2023 07:43:05 GMT
x-source-length: 592
x-datacenter: eastus
x-activityid: 112f9302-b318-4897-a569-ffbc6d1d28b1
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1234
cache-control: public, max-age=386235
expires: Fri, 08 Dec 2023 07:51:45 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1cMGCU?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.3 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1cMGCU?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 74185d6883eef616e5091813945ee542
9d86fff715d0b5f287ce1c631b4e77552e80a1cb
d75934b547455798178a67812f2dfbc3a7c01218b9ff9d4658b74789c157e73b
GET /tenant/amp/entityid/AA1cMGCU?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1cMGCU?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Sat, 18 Nov 2023 00:12:57 GMT
x-source-length: 7293
x-datacenter: westus
x-activityid: 91e980e9-9ee6-436c-91f1-c67120eddc9c
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1324
cache-control: public, max-age=229048
expires: Wed, 06 Dec 2023 12:11:58 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUzf9j?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 512 B URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUzf9j?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 1a91d32c7ce02599f20a5d7899d63687
04086d79406a78cfc186833720a46ced83132dad
ce88e6c299365f8d39b34fd7e941682b1a53b92d733a79bab51d39881f105375
GET /tenant/amp/entityid/AAUzf9j?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Sun, 26 Nov 2023 03:04:00 GMT
x-datacenter: eastus
x-activityid: c8b9e791-eec1-4e41-bb79-437031a0e8eb
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-type: image/png
content-location: https://img.s-msn.com/tenant/amp/entityid/AAUzf9j?w=16&h=16&q=100&m=6&f=png&u=t
x-source-length: 3285
content-length: 512
cache-control: public, max-age=153100
expires: Tue, 05 Dec 2023 15:06:10 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hFFpw?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 512 B URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hFFpw?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 10ef5bb69e4271ac302e1ad9be36e575
c93201f1ff45b101cf83a7bf312896a6199a8ff3
410ff33390a6fadc979da45a122c697d7bdce70f1eecda433082a39935ab0383
GET /tenant/amp/entityid/AA1hFFpw?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1hFFpw?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Mon, 13 Nov 2023 21:28:22 GMT
x-source-length: 3876
x-datacenter: westus
x-activityid: abfac5a5-309b-4b2c-860a-46ef9e29a082
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 512
cache-control: public, max-age=262547
expires: Wed, 06 Dec 2023 21:30:17 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.a8fd1f9d203e27c3a932ed7ab927405e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 16 kB URL GET HTTP/2 th.bing.com/th?id=ORMS.a8fd1f9d203e27c3a932ed7ab927405e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash a6ed5b663544a24718367abff5df7b33
79403a3c060713c7f8654c88b6cef63c18a47312
be7fa44d87f2f61b705bf8372c8fa268de4c7130d881d8811e13857d7470a8ed
GET /th?id=ORMS.a8fd1f9d203e27c3a932ed7ab927405e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 15794
cache-control: public, max-age=2499915
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MEM_HIT from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e16
x-check-cacheable: YES
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.94fb9ab47f8a8275208855dd2cb525f8&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 7.9 kB URL GET HTTP/2 th.bing.com/th?id=ORMS.94fb9ab47f8a8275208855dd2cb525f8&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash be16266f6ce5f78ff28ef78c8543119a
b7f0fd523cb3d95a876a95476882ca337c6a14f5
4a71efaa51d2051cab667a898b3a93069e4e2c24624d507f3246762ab0f6655d
GET /th?id=ORMS.94fb9ab47f8a8275208855dd2cb525f8&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 7901
cache-control: public, max-age=2582027
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MEM_HIT from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e1e
x-check-cacheable: YES
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.1 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 505fbf9cfac6eccf3945b9b4beb4aa2c
e12e041e0a20d20e50088a771e3e3f0c0148f386
ee5c2cf14fb9c55703bd163029b7ec55e28e216614206352c0fa4082366e5599
GET /tenant/amp/entityid/BB1e6XdQ?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/BB1e6XdQ?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Sun, 03 Dec 2023 09:54:10 GMT
x-source-length: 5249
x-datacenter: northeu
x-activityid: f048a2b7-db40-4562-a088-5cc66f0fc669
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1118
cache-control: public, max-age=393593
expires: Fri, 08 Dec 2023 09:54:23 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.67491834b67233915c0c5d78642b8f32&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 7.4 kB URL GET HTTP/2 th.bing.com/th?id=ORMS.67491834b67233915c0c5d78642b8f32&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash 61d3473d45fa3c1b25d3bf0016fc25d1
b22b79fa0e241028333e018ccf3d9f0c30c725a6
57d56206c3791feeced93c6dcc469e404169031a3691136341c3e4dd67fb8ec8
GET /th?id=ORMS.67491834b67233915c0c5d78642b8f32&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 7401
x-check-cacheable: YES
cache-control: public, max-age=2294262
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e15
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.25afdb20dbb72b1c335b9404a8dc3801&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 11 kB URL GET HTTP/2 th.bing.com/th?id=ORMS.25afdb20dbb72b1c335b9404a8dc3801&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash 73493259e995da8633d2e5e4aa61085b
a9ff156eddee1468c063adac5227946ffdaa5681
b01f12347c57bb5161b086025d21655bbcd00d585685d9e5e0f0eb31f232e243
GET /th?id=ORMS.25afdb20dbb72b1c335b9404a8dc3801&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 11136
x-check-cacheable: YES
cache-control: public, max-age=2575489
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e31
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.f72c5db395ffec996545ddf50809951e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 14 kB URL GET HTTP/2 th.bing.com/th?id=ORMS.f72c5db395ffec996545ddf50809951e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash 7e33f5161a8b48515b3e7d609f4237cb
014be3a6bf7cf7951e8a619491b280caca80d093
806a628eef69b166abd4710ebdfd512a4394320ed5c643f70db8a7f60718e674
GET /th?id=ORMS.f72c5db395ffec996545ddf50809951e&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 14295
cache-control: public, max-age=2567772
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e21
x-check-cacheable: YES
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1cgbrC?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.3 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1cgbrC?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 6249c74c01492243aad4bab95956a319
a4a2626b509833b40820cba718f779cfc444b6d4
b0fd7418cf86a74f4cf10184085df318a83ff7169b9c60cffac45e18931f45b9
GET /tenant/amp/entityid/AA1cgbrC?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1cgbrC?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Wed, 15 Nov 2023 08:31:20 GMT
x-source-length: 4771
x-datacenter: eastap
x-activityid: d2a755b2-5145-4988-be2a-35152d335d22
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1304
cache-control: public, max-age=388699
expires: Fri, 08 Dec 2023 08:32:49 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.89c664afb3f579e15627a1a41871a7f6&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 9.8 kB URL GET HTTP/3 th.bing.com/th?id=ORMS.89c664afb3f579e15627a1a41871a7f6&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash 9c957fde4a3de341dc8c66ea4b9ee45f
bb26e88b91e915e7b58c10ba89e003c5af681d02
6da2af6a2843f77a8fef41eb3ab8aea9a7b7cf3ad5c9cd31e0761b0cdd2a9ffe
GET /th?id=ORMS.89c664afb3f579e15627a1a41871a7f6&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 9755
cache-control: public, max-age=2587054
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_HIT from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7e8b
x-check-cacheable: YES
img-s-msn-com.akamaized.net/tenant/amp/entityid/AACl6Lf?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.3 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AACl6Lf?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 8e4d1f1d14ddfd621a93b9862751a477
be928b991747af2a7d67487e4210d9021998629f
7d6311ad31430b58ff6c218e5d2840976a093d0523458b6d8b265f2ecab1be3d
GET /tenant/amp/entityid/AACl6Lf?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AACl6Lf?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Mon, 20 Nov 2023 02:36:34 GMT
x-source-length: 18254
x-datacenter: eastus
x-activityid: 60470a54-7768-4898-8ae1-d1dc574b9226
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1314
cache-control: public, max-age=410515
expires: Fri, 08 Dec 2023 14:36:25 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
200 OK 8.2 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 160x90, components 3\012- data
Hash 185c82dd6bdbcca8413ac95ebcb5c420
1a8b9aedf99b9a115234861ded8fb0b98669af09
b59787f35297bf2b6e463fade9c7aaa8ccadc5f5edc937d3660d4e98f108448f
GET /tenant/amp/entityid/AA13Cb9d.img?w=140&h=90 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13Cb9d?w=140&h=90
last-modified: Sun, 03 Dec 2023 20:34:30 GMT
x-source-length: 115451
x-datacenter: eastap
x-activityid: 501d5ea5-922e-4ba5-aadf-5fafbc125570
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 8192
cache-control: public, max-age=431977
expires: Fri, 08 Dec 2023 20:34:07 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/BBTUXDl?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.8 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/BBTUXDl?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash d79f794e6a617937574810ddb91e6a4a
f51b0d67f97b49483bc484ec444457124bf84c2c
8758c5b3804a8b19a44bfc2cc8b94ecdc6d15514905e4a9c25be5ac61cf9173d
GET /tenant/amp/entityid/BBTUXDl?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
last-modified: Sun, 03 Dec 2023 07:07:46 GMT
x-datacenter: westus
x-activityid: 39fb2af8-a469-4d6d-9e58-ec5444d83692
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-type: image/png
content-location: https://img.s-msn.com/tenant/amp/entityid/BBTUXDl?w=16&h=16&q=100&m=6&f=png&u=t
x-source-length: 6271
content-length: 1808
cache-control: public, max-age=383564
expires: Fri, 08 Dec 2023 07:07:14 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AAvcS6D?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 1.4 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AAvcS6D?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 67596bf407e5695fe0ac7ed2d1efdf37
c550091fbf26c039abffc98fe0f1f91faf8e9702
832f928f44a2b2df5332b281054012d925acb839d1e3b94dd6e2d36417884302
GET /tenant/amp/entityid/AAvcS6D?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AAvcS6D?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Fri, 01 Dec 2023 22:09:12 GMT
x-source-length: 1466
x-datacenter: northeu
x-activityid: b5a658b1-ddca-4007-a63b-37fa4bde8a81
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1430
cache-control: public, max-age=264824
expires: Wed, 06 Dec 2023 22:08:14 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.66af84d3e23f61756959080e0beb6268&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
200 OK 17 kB URL GET HTTP/3 th.bing.com/th?id=ORMS.66af84d3e23f61756959080e0beb6268&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash 43a3342bee2bc9cba4f868cc89c01624
0811bf7eda5f135c1dc0a405b6524c5a14966700
6c9e006c6b46e807e1654ba5fa66f0fb1d350a8726b636722538c3eac498e54a
GET /th?id=ORMS.66af84d3e23f61756959080e0beb6268&pid=Wdp&w=300&h=156&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 17038
x-check-cacheable: YES
cache-control: public, max-age=2530389
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7ed8
img-s-msn-com.akamaized.net/tenant/amp/entityid/AAY97Jf?w=16&h=16&q=100&m=6&f=png&u=t
200 OK 512 B URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AAY97Jf?w=16&h=16&q=100&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 09e0632f8e59759d1520202cc2cf8a12
db1d6c30758959c12d91911aa40611f5c126361f
ae717f5f4c775ae310acccaf6660afc14535be163a97550ccc0cc0bbeecdf719
GET /tenant/amp/entityid/AAY97Jf?w=16&h=16&q=100&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AAY97Jf?w=16&h=16&q=100&m=6&f=png&u=t
last-modified: Sun, 03 Dec 2023 08:46:01 GMT
x-source-length: 444
x-datacenter: westus
x-activityid: 4bcb04a1-529b-4827-a9a6-e81c5161042b
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 512
cache-control: public, max-age=389530
expires: Fri, 08 Dec 2023 08:46:40 GMT
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.e50e0a5c722f6a34a487f2ae26e91e68&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1
200 OK 27 kB URL GET HTTP/3 th.bing.com/th?id=ORMS.e50e0a5c722f6a34a487f2ae26e91e68&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 468x304, components 3\012- data
Hash 148ffc00f5c7edf3d544848bd2715dd1
848427058d790e28267d117978cfb55cfc2c4220
52331a760931349df81436df3e650ebd1c9895b89d4eea8350379efe88e4d16e
GET /th?id=ORMS.e50e0a5c722f6a34a487f2ae26e91e68&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 27036
cache-control: public, max-age=2591975
date: Sun, 03 Dec 2023 20:34:30 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7ead
x-check-cacheable: YES
assets.msn.com/bundles/v1/views/latest/social-bar-coachmark-manager.390f5139a7565efa9baa.js
200 OK 6.4 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/social-bar-coachmark-manager.390f5139a7565efa9baa.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (30236), with no line terminators
Hash 9c68a40cc886b097a1bb0bc5adb513cd
304223d35da5ed8c5f2a451f5bdd26596c63283e
a7203a6d389971e5a018601ab3762c10e590f114a0c09abeb9d5df8a38fa3775
GET /bundles/v1/views/latest/social-bar-coachmark-manager.390f5139a7565efa9baa.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 6405
content-md5: X7wggDAaKPOsBEZ9mkKBRQ==
last-modified: Fri, 01 Dec 2023 01:25:24 GMT
etag: 0x8DBF20C647EB143
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 925c97fc-901e-009f-33f5-2329b5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:31 GMT
akamai-request-bc: [a=95.101.10.166,b=1569773968,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d990
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635671.5d90d990
vary: Origin
X-Firefox-Spdy: h2
th.bing.com/th?id=ORMS.65c551bcc03cf8443c343401a68ca415&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1
200 OK 62 kB URL GET HTTP/3 th.bing.com/th?id=ORMS.65c551bcc03cf8443c343401a68ca415&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 468x304, components 3\012- data
Hash e9e392da5c20af3a13ac1a3329dcb04c
ec9fb63fef869fabc5fe06f63711cd083e2844b0
9968a91dca72ba2fec18e40c49b7d6109710aac5672b44b33ff5cb478dfbc0d3
GET /th?id=ORMS.65c551bcc03cf8443c343401a68ca415&pid=Wdp&w=468&h=304&qlt=90&c=1&rs=1 HTTP/1.1
Host: th.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 61754
cache-control: public, max-age=2591961
date: Sun, 03 Dec 2023 20:34:31 GMT
x-cache: TCP_MISS from a23-218-92-86.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2.1-52518411) (-)
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
akamai-grn: 0.565cda17.1701635670.105a7f01
x-check-cacheable: YES
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
200 OK 8.2 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 160x90, components 3\012- data
Hash 185c82dd6bdbcca8413ac95ebcb5c420
1a8b9aedf99b9a115234861ded8fb0b98669af09
b59787f35297bf2b6e463fade9c7aaa8ccadc5f5edc937d3660d4e98f108448f
GET /tenant/amp/entityid/AA13Cb9d.img?w=140&h=90 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13Cb9d?w=140&h=90
last-modified: Sun, 03 Dec 2023 20:34:30 GMT
x-source-length: 115451
x-datacenter: eastap
x-activityid: 501d5ea5-922e-4ba5-aadf-5fafbc125570
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 8192
cache-control: public, max-age=431976
expires: Fri, 08 Dec 2023 20:34:07 GMT
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1kW0kn.img?w=300&h=156&q=90&m=6&f=jpg&u=t
200 OK 16 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1kW0kn.img?w=300&h=156&q=90&m=6&f=jpg&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x156, components 3\012- data
Hash fe77a187058347e77708591cfbafb446
46909f748dcc59c5f8ac48ec16fd2239c6c6d23c
bb7bf21cf5ad6ac54cace1f1197d32f687e8cbab9961685e84bcbac4fbf91dcf
GET /tenant/amp/entityid/AA1kW0kn.img?w=300&h=156&q=90&m=6&f=jpg&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1kW0kn?w=300&h=156&q=90&m=6&f=jpg&u=t
last-modified: Sun, 03 Dec 2023 20:34:31 GMT
x-source-length: 38036
x-datacenter: westus
x-activityid: 849d82cc-ec76-4294-b06f-f01c0b0c7eaf
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 16384
cache-control: public, max-age=432000
expires: Fri, 08 Dec 2023 20:34:31 GMT
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676802&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676802&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676802&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6216
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=e800ca9c4b934dfeb444192fb9f46b2b&HASH=e800&LV=202312&V=4&LU=1701635671412; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:31 GMT; Path=/;Secure; SameSite=None
MS0=dcab67e9e1f64cb6a933325d58b48ecf; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:31 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5390
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676807&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676807&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676807&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6216
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=730e7772153e44688a0fc278cec9479c&HASH=730e&LV=202312&V=4&LU=1701635671412; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:31 GMT; Path=/;Secure; SameSite=None
MS0=84edf5be3c2247fda86414f7698a5de6; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:31 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5395
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676810&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676810&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676810&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6216
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=137671f6aa1b454d84484afad9bfb3df&HASH=1376&LV=202312&V=4&LU=1701635671428; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:31 GMT; Path=/;Secure; SameSite=None
MS0=18309249afef4d02bc49e0ac67e0a260; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:31 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5382
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676833&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676833&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635676833&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6216
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=30b56595a6274f86baaf332f8d5c0a85&HASH=30b5&LV=202312&V=4&LU=1701635671428; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:31 GMT; Path=/;Secure; SameSite=None
MS0=e045b7d7127e46289ccab6b33a213a7a; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:31 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5405
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:31 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=4&p=webcompar&l=en-us&d=bing&b=firefox&a=1aff225d-4d73-4d7b-813a-1f927ecf3248&ii=1&c=1058593901729766746&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-4&ptid=webcompar-river-4&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=4&p=webcompar&l=en-us&d=bing&b=firefox&a=1aff225d-4d73-4d7b-813a-1f927ecf3248&ii=1&c=1058593901729766746&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-4&ptid=webcompar-river-4&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=4&p=webcompar&l=en-us&d=bing&b=firefox&a=1aff225d-4d73-4d7b-813a-1f927ecf3248&ii=1&c=1058593901729766746&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-4&ptid=webcompar-river-4&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E77C99D54C4B4FE7ADBD1B3838F76C6A Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=10&p=webcompar&l=en-us&d=bing&b=firefox&a=72aad55e-8e37-46cc-b66f-dd0fda88f503&ii=1&c=16383516968950194901&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-10&ptid=webcompar-river-10&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=10&p=webcompar&l=en-us&d=bing&b=firefox&a=72aad55e-8e37-46cc-b66f-dd0fda88f503&ii=1&c=16383516968950194901&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-10&ptid=webcompar-river-10&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=10&p=webcompar&l=en-us&d=bing&b=firefox&a=72aad55e-8e37-46cc-b66f-dd0fda88f503&ii=1&c=16383516968950194901&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-10&ptid=webcompar-river-10&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D4209CE7BD04362A243D81C74A838F9 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
assets.msn.com/service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
404 Not Found 92 B URL GET HTTP/2 assets.msn.com/service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 25ec8e485e119691d0d5ef8b887b30fa
06045306141ecee20507a1c773887a1256d7d81d
612536c784a4f93e935879bb68c6508d30b783407214239e3fdad3a046c2f41b
GET /service/msn/user?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=pdp-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce657-76a3-401f-8455-9c12d1c46377
ddd-strategyexecutionlatency: 00:00:00.0014124,00:00:00.0016063
ddd-debugid: 656ce657-76a3-401f-8455-9c12d1c46377|2023-12-03T20:34:31.5543502Z|fabric_msn|NEU1|News_17
onewebservicelatency: 3
x-msedge-responseinfo: 3
x-ceto-ref: 656ce65760ba4425a12118c9ce5c5976|2023-12-03T20:34:31.548Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 653840B5E3A941258A096C061C01C471 Ref B: OSL30EDGE0506 Ref C: 2023-12-03T20:34:31Z
expires: Sun, 03 Dec 2023 20:34:31 GMT
date: Sun, 03 Dec 2023 20:34:31 GMT
content-length: 92
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:31 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:31 GMT
akamai-request-bc: [a=95.101.10.166,b=1569774728,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=54, origin; dur=53 , cdntime; dur=1
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90dc88
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635671.5d90dc88
vary: Origin
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=11&p=webcompar&l=en-us&d=bing&b=firefox&a=61bb7f6e-d34b-47fd-b64a-58aedc5d4b99&ii=1&c=12196714987853604956&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-11&ptid=webcompar-river-11&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=11&p=webcompar&l=en-us&d=bing&b=firefox&a=61bb7f6e-d34b-47fd-b64a-58aedc5d4b99&ii=1&c=12196714987853604956&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-11&ptid=webcompar-river-11&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=river&i=11&p=webcompar&l=en-us&d=bing&b=firefox&a=61bb7f6e-d34b-47fd-b64a-58aedc5d4b99&ii=1&c=12196714987853604956&bid=7845d9af-a211-46ef-9e5f-ec2063d9e035&tid=webcompar-river-11&ptid=webcompar-river-11&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3418FF0276314894B981CFA012CA3B49 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:30 GMT
X-Firefox-Spdy: h2
assets.msn.com/statics/fonts/Segoe-UI-WF-subset_east-europe.woff2
200 OK 36 kB URL GET HTTP/2 assets.msn.com/statics/fonts/Segoe-UI-WF-subset_east-europe.woff2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 35816, version 5.19661\012- data
Hash a5f7ab4836d46ac821b0de15ea8255a2
bc518041b8b3ff8249d805acd47f04b6a19cf96d
96544175e23e4b7ab40a286fe6f474f8689df337ec246f2f012707380f74e0d6
GET /statics/fonts/Segoe-UI-WF-subset_east-europe.woff2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: font/woff2
etag: "091699b2932f046c387741f49ba2c499:1581532749.30994"
last-modified: Wed, 12 Feb 2020 18:37:56 GMT
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770821,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=3, clienttt; dur=1, origin; dur=0 , cdntime; dur=1
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cd45
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cd45
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=ad79889d-746d-449b-9544-e55a63b56a8b&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D35d93ffb33b4477dbbe83534d455738b%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
303 See Other 152 B URL GET HTTP/3 www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=ad79889d-746d-449b-9544-e55a63b56a8b&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D35d93ffb33b4477dbbe83534d455738b%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash 1e3259a6135658122eb75fd05283f53a
0156654eb5a5f264f9130c5de8f54ce079ea6001
a985a63a6cc3bf6a58f6dc90f01fcaa4d7e12f9e37e642e7002fa6a2bb22907f
GET /api/v1/mediation/tracking?adUnit=377474&auId=ad79889d-746d-449b-9544-e55a63b56a8b&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D35d93ffb33b4477dbbe83534d455738b%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=35d93ffb33b4477dbbe83534d455738b&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 134E215C72E64EEE99E063071980C3FA Ref B: OSL30EDGE0511 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:31 GMT
set-cookie: _EDGE_S=SID=3226226ED46068F7223331B2D5956971; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b92904
www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=6678186b-069a-4733-814f-f53be1fd5057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D4541c3bef6c34e07a167732cfbe405c5%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-3&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
303 See Other 152 B URL GET HTTP/3 www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=6678186b-069a-4733-814f-f53be1fd5057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D4541c3bef6c34e07a167732cfbe405c5%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-3&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash fe086ec81c4d45b6117ed9433bb06b3b
7f0f775bc37f77560357d0a16f34f7e86c78f14b
31341a9e6ac8e74b9688e541eca4dd25823d9c2e04241bb9c0488059a7386b8a
GET /api/v1/mediation/tracking?adUnit=377474&auId=6678186b-069a-4733-814f-f53be1fd5057&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D4541c3bef6c34e07a167732cfbe405c5%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-3&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=4541c3bef6c34e07a167732cfbe405c5&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD03CA72CD354678A8B37712E1A4B573 Ref B: OSL30EDGE0120 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:31 GMT
set-cookie: _EDGE_S=SID=23033582F28766793FBA265EF3726789; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b9290c
www.bing.com/th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0&roit=0.0352&roir=1&roib=0.9657&w=300&h=157&dynsize=1&qlt=90
200 OK 14 kB URL GET HTTP/3 www.bing.com/th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0&roit=0.0352&roir=1&roib=0.9657&w=300&h=157&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3\012- data
Hash 02372e576d2bc5f92a9e9b6c3a742e90
33ccd36f68c7eec517e774b2db514525f538fb7a
fcb6180211022e55184943b9fef91504ab3a9a4fbc6255d75d73db9e5eb8f84e
GET /th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0&roit=0.0352&roir=1&roib=0.9657&w=300&h=157&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 13451
date: Sun, 03 Dec 2023 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b929bd
assets.msn.com/service/community/urls/?cmsid=AA17OofU&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 394 B URL GET HTTP/2 assets.msn.com/service/community/urls/?cmsid=AA17OofU&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (626), with no line terminators
Hash 826694cc21dc8a6a629d5f5a4ec64c92
7539a5fba916331bd870542f84783636acabf8a9
158c28eed593263b18801649a4300c0ecb4823bf50baf7ccacb94c8087b217b1
GET /service/community/urls/?cmsid=AA17OofU&market=en-us&version=1.1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce657-54a4-4c0a-b1cc-f2fe6abeb55f
ddd-strategyexecutionlatency: 00:00:00.0055688
ddd-debugid: 656ce657-54a4-4c0a-b1cc-f2fe6abeb55f|2023-12-03T20:34:31.6116758Z|fabric_community|NEU1|Community_16
onewebservicelatency: 6
x-msedge-responseinfo: 6
x-ceto-ref: 656ce6571f6141288810bc20de5970e1|2023-12-03T20:34:31.637Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A77C9ACB3D754FCB83B2D454B88E83A0 Ref B: STOEDGE1020 Ref C: 2023-12-03T20:34:31Z
content-length: 394
date: Sun, 03 Dec 2023 20:34:31 GMT
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:31 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:31 GMT
akamai-request-bc: [a=95.101.10.166,b=1569774780,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=121, origin; dur=51 , cdntime; dur=70
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90dcbc
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: public, max-age=120
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635671.5d90dcbc
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/view/v1/Detail/AA1kVZPe
200 OK 4.4 kB URL GET HTTP/2 assets.msn.com/content/view/v1/Detail/AA1kVZPe
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (10448), with no line terminators
Hash 3e502ce2c9c5231b3e947ac155415ef0
a45db8180a5f8a133f78ab032edf3ea5ee1c6026
7c0f27be1553aa8615cc6af5abba0e47521e201a4f4f409a2bfe6fa8cd6639cf
GET /content/view/v1/Detail/AA1kVZPe HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: Unknown
ddd-debugid: 656ce657-3c60-4bc0-95d6-f8aad483be9b|2023-12-03T20:34:31.6813060Z|fabric_msn|NEU1|News_111
onewebservicelatency: 2
x-msedge-responseinfo: 2
x-ceto-ref: 656ce65751184bbbac7941b93772b333|2023-12-03T20:34:31.677Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 4390
date: Sun, 03 Dec 2023 20:34:31 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUID=364882CA074E68510A6E9116062E69DA; expires=Fri, 27 Dec 2024 20:34:31 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=364882CA074E68510A6E9116062E69DA; expires=Fri, 27 Dec 2024 20:34:31 GMT; path=/; httponly
_EDGE_S=F=1&SID=1F6C27B899AE62A21374346498CE6388; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:31 GMT; domain=.msn.com; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569774880,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=64, origin; dur=49 , cdntime; dur=15
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90dd20
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635671.5d90dd20
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/th?id=OADD2.7627975587963_19TPVA9WDD0G4H769E&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90
200 OK 18 kB URL GET HTTP/3 www.bing.com/th?id=OADD2.7627975587963_19TPVA9WDD0G4H769E&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 1x1, segment length 16, baseline, precision 8, 300x157, components 3\012- data
Hash 792f35d90fc0d8ce7c3ea205dfe53d1b
9675eb657066b12f3e56c9829cdef37518d87be6
a89d683e8b0c91cb2347de29fd18f31b99f620a515639e1177484a4b4c0684ec
GET /th?id=OADD2.7627975587963_19TPVA9WDD0G4H769E&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 18498
date: Sun, 03 Dec 2023 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b92b0c
www.bing.com/th?id=OADD2.7627972768579_1IR09YFZOPIF59AH78&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90
200 OK 14 kB URL GET HTTP/3 www.bing.com/th?id=OADD2.7627972768579_1IR09YFZOPIF59AH78&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 300x157, components 3\012- data
Hash f9f9e609bee80bf6e71de96dee6304de
dd91ebb72e44ed3e63ee9fa0aac157cce67fd026
9579f8f6884edfbc514254c9a89c007f8a1cd095305f79c91349340c9e59c248
GET /th?id=OADD2.7627972768579_1IR09YFZOPIF59AH78&pid=21.2&c=16&roil=0&roit=0.1079&roir=1&roib=0.8936&w=300&h=157&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 14381
date: Sun, 03 Dec 2023 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b92b3b
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
200 OK 8.2 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=140&h=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 160x90, components 3\012- data
Hash 185c82dd6bdbcca8413ac95ebcb5c420
1a8b9aedf99b9a115234861ded8fb0b98669af09
b59787f35297bf2b6e463fade9c7aaa8ccadc5f5edc937d3660d4e98f108448f
GET /tenant/amp/entityid/AA13Cb9d.img?w=140&h=90 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13Cb9d?w=140&h=90
last-modified: Sun, 03 Dec 2023 20:34:30 GMT
x-source-length: 115451
x-datacenter: eastap
x-activityid: 501d5ea5-922e-4ba5-aadf-5fafbc125570
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 8192
cache-control: public, max-age=431975
expires: Fri, 08 Dec 2023 20:34:07 GMT
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
www.bing.com/bnc/notifications/count?app=verticalArticle&pageId=article
200 OK 1 B URL OPTIONS HTTP/3 www.bing.com/bnc/notifications/count?app=verticalArticle&pageId=article
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type very short file (no magic)
Hash 9eecb7db59d16c80417c72d1e1f4fbf1
2d14ab97cc3dc294c51c0d6814f4ea45f4b4e312
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
OPTIONS /bnc/notifications/count?app=verticalArticle&pageId=article HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-personalbing-csrf,x-personalbing-flights,x-search-clientid,x-search-uilang
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 1
content-type: text/html
access-control-allow-headers: *
access-control-allow-origin: https://www.msn.com
access-control-max-age: 7200
cache-control: private
content-encoding: br
vary: Accept-Encoding
x-eventid: 656ce658509b49f7bbad76638a4cbc04
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: MUID=33E39810162569FE214D8BCC178F6845; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
MUIDB=33E39810162569FE214D8BCC178F6845; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; HttpOnly
_EDGE_S=F=1&SID=25366D56A1DF646613E77E8AA075656C; domain=.bing.com; path=/; HttpOnly
_EDGE_V=1; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=E3502C5DCD8F4B6F927F81E08C3CE88C&dmnchg=1; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231203; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
_SS=SID=25366D56A1DF646613E77E8AA075656C; domain=.bing.com; path=/; secure; SameSite=None
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b92df7
assets.msn.com/service/News/Users/me/Rewards?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=rewards-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&scn=ANON&version=2
200 OK 167 B URL GET HTTP/2 assets.msn.com/service/News/Users/me/Rewards?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=rewards-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&scn=ANON&version=2
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash f3b3a097548b0e6c041c70d3a15ee208
08b62ab213c6e95cca1dc8a9305954665c9c64ec
c8d60253426ef79eb079c4802fa67641d07c8d947ce5b75156338d6ce241c00e
GET /service/News/Users/me/Rewards?apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=rewards-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&scn=ANON&version=2 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce658-f87c-45b0-98d9-6f6b0c9109f5
ddd-strategyexecutionlatency: 00:00:00.0055794
ddd-debugid: 656ce658-f87c-45b0-98d9-6f6b0c9109f5|2023-12-03T20:34:32.4502367Z|fabric_msn|NEU1|News_95
onewebservicelatency: 6
x-msedge-responseinfo: 6
x-ceto-ref: 656ce6584e774950a541f95f1726f510|2023-12-03T20:34:32.441Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 66A17AFC433C4213BC34D77EAFE09BB7 Ref B: OSL30EDGE0407 Ref C: 2023-12-03T20:34:32Z
expires: Sun, 03 Dec 2023 20:34:32 GMT
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 167
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569776079,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=0, clienttt; dur=55, origin; dur=55 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e1cf
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635672.5d90e1cf
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/bnc/notifications/count?app=verticalArticle&pageId=article
200 OK 63 B URL OPTIONS HTTP/3 www.bing.com/bnc/notifications/count?app=verticalArticle&pageId=article
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash ed6257a667e88223b4daaedb6a0cabbb
2db6bc862507947e3f960b650431d1a4b1bae622
7da74781f3557eac941550ba66c27799dc8c4f1f23822503e4baf2896900f1bb
GET /bnc/notifications/count?app=verticalArticle&pageId=article HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
X-PERSONALBING-CSRF: 1
X-Search-UILang: en-us
X-Search-ClientID: 0F42A7BCFF8E6D033159B460FE7B6CF3
X-PERSONALBING-FLIGHTS: msnallexpusers,prg-sp-liveapi,platagyhp3cf,platagyhz2cf,eu3otvendor-t,otvendor-t,weather5cf,prg-1sw-skipqueue,prg-1sw-findef1,prg-1sw-fidnoti,prg-1sw-financedp,prg-1sw-findet1,prg-1sw-idxpd1,prg-1sw-premonsd,1s-eaop1,prg-1sw-darkhover,prg-adspeek,btrecrow3,1s-winauthservice,prg-1sw-header-event,prg-1sw-kdp1t3,prg-1sw-etbp1t3,prg-1sw-rfcp1,prg-pr2-stickypvts,prg-pr2-dualbgc,btie-brandsft-c,prg-ias,1s-fcrypt,artglyrank5cf,1s-wpo-prg1-cdpn,1sw-bnfintfrkv3,prg-upsaip-w1-t,prg-upsaip-r-t,prg-1sw-sacgadjc,prg-ctrlmidroll,7b83c716,1s-rpssecautht,prg-1sw-p1wtrclm,traffic-p2-tpinc-c,prg-1sw-xref1-p2-ctrl,prg-pr2-nwpi8,1s-wpo-ntp-coftinf,prg-1sw-shipfin,prg-1sw-enableact,prg-1sw-fnccombo,prg-1sw-ref1-p1-ctr,prg-pr2-bndaunoen,1s-defaultscn,prg-1sw-pde0,1s-defaultscnw,prg-1sw-tbrcounter,spr-t-gp1025rbv9,prg-spr-t-gp1025rbv9,ads-stableidlookup,prg-ad-cbuxhld,prg-1sw-srdus,prg-1sw-rv2hpc,prg-1sw-spaipv2,1s-xapbnze,prg-ntp-wxcmcb,prg-ntp-wxcm,prg-useplmtmgr,prg-1sw-wxstm,prg-sh-rmitmlnk-c,prg-pr2-pagefilter,nopinglancecardit,ads-floorexp-t,prg-sh-recopdp,prg-wpo-nocardsqsp,prg-upscache-t,prg-wxmnns,prg-1sw-cgxap-t1,prg-1sw-cgxap,prg-1sw-esprtxp,1s-mxr-winfeed,prg-sh-bd-newbanner,mktautosqor,prg-1sw-rr2fn,prg-1sw-rr2fp,1s-segdep-bint,ads-dupcount0,prg-wx-wtp,prg-pr2-wpo3,prg-ugc-likechange,prg-1sw-wxmptreplace,ads-hp-chints-c,prg-1s-wpocfp1,prg-uaskafka-t,prg-vidad-ctrlwrap,prg-wx-fredlgm,prg-1sw-wxovsig,prg-wx-fredlg,prg-sh-bd-sson,prg-sh-sson,1s-segdep-aict,1s-segdep-mapt,1s-segdep-reot,1s-segdep-vidt,1s-segdep-hert,1s-segdep-reit,1s-segdep-prit,prg-1sw-wxdmtctr7,roll_cameraicon_t,exp_cameraicon_t,ads-numbids-4,prg-1sw-wxnearbyrec,ads-cwfix,prg-pr2-cntfbnrfc,prg-sh-bd-newchckot,prg-sh-bd-nwchk,prg-c-peslt,msph-videoc2s,prg-sh-bd-disbadge,prg-bd-unqiue-c,prg-sh-bd-cm,prg-sh-bd-xtracash,prg-sh-bd-disgb,prg-sh-usecshk,prg-sh-usecshkpdp,prg-pcs-hdatainfo,prg-sh-bd-disinsight,cprg-vidad-vertctrl,prg-1sw-tbrbrp2,prg-1sw-imgqualityc
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 63
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.msn.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: br
expires: -1
pragma: no-cache
vary: Accept-Encoding
x-eventid: 656ce6581ff7451aa31c30d9ec8aa8c3
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; HttpOnly
_EDGE_S=F=1&SID=0A9D4D3B239869A705E55EE7227368FA; domain=.bing.com; path=/; HttpOnly
_EDGE_V=1; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; HttpOnly
SRCHD=AF=NOFORM; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHUID=V=2&GUID=B47E3B76A4EA40AEAFC7F9AB26C474A4&dmnchg=1; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHUSR=DOB=20231203; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; secure; SameSite=None
_SS=SID=0A9D4D3B239869A705E55EE7227368FA; domain=.bing.com; path=/; secure; SameSite=None
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b92e5e
c.msn.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&MUID=31DE64B2864F61CA0C2E776E87BA60F2
200 OK 42 B URL GET HTTP/2 c.msn.com/c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&MUID=31DE64B2864F61CA0C2E776E87BA60F2
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectc.msn.com
FingerprintD5:8D:1D:2A:BC:86:78:79:30:4B:23:9E:B9:3A:CA:CC:F7:AF:26:61
ValidityTue, 06 Jun 2023 15:27:17 GMT - Fri, 31 May 2024 15:27:17 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?rnd=1701635673185&udc=true&pg.n=articleflex&pg.t=article&pg.c=9&pg.p=prime&rf=&tp=https%3A%2F%2Fwww.msn.com%2Fen-us%2Fmoney%2Fother%2Fthis-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization%2Far-AA1kQbHZ&cvs=Browser&di=7290&st.dpt=other&st.sdpt=&subcvs=finance&lng=en-us&rid=e65b4727d45440a8a1a02bba701687c6&activityId=e65b4727d45440a8a1a02bba701687c6&d.imd=false&scr=1280x1024&anoncknm=anon&issso=true&aadState=0&ctsa=mr&CtsSyncId=CC2A93743E99482094B66CF39A42F518&MUID=31DE64B2864F61CA0C2E776E87BA60F2 HTTP/1.1
Host: c.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; SM=T; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
accept-ranges: bytes
etag: "8d59566974dbd91:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=C; domain=c.msn.com; path=/; SameSite=None; Secure;
MUID=31DE64B2864F61CA0C2E776E87BA60F2; domain=.msn.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; SameSite=None; Secure; Priority=High;
SRM_M=31DE64B2864F61CA0C2E776E87BA60F2; domain=c.msn.com; expires=Fri, 27-Dec-2024 20:34:32 GMT; path=/; SameSite=None; Secure;
MR=0; domain=c.msn.com; expires=Sun, 10-Dec-2023 20:34:32 GMT; path=/; SameSite=None; Secure;
ANONCHK=0; domain=c.msn.com; expires=Sun, 03-Dec-2023 20:44:32 GMT; path=/; SameSite=None; Secure;
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 42
X-Firefox-Spdy: h2
assets.msn.com/content/view/v2/provider/en-us/BBYWgsv
200 OK 708 B URL GET HTTP/2 assets.msn.com/content/view/v2/provider/en-us/BBYWgsv
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1956), with no line terminators
Hash d6b8674759c0700710214def0f40e0ed
65bcd9300f961eb8fde2d5b40215b4936e72d963
f195d7a6ad4a3a3472c3add382bdbafd03a12874dc2ce9280d99fb5b98b12627
GET /content/view/v2/provider/en-us/BBYWgsv HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: Unknown
ddd-debugid: 656ce658-7ac0-4de7-8828-7c55b92e4829|2023-12-03T20:34:32.7479341Z|fabric_msn|NEU1|News_138
onewebservicelatency: 2
x-msedge-responseinfo: 2
x-ceto-ref: 656ce658b18443c9b968e266a79c08f6|2023-12-03T20:34:32.742Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 708
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUID=3B5F86CCCDC96BF907CE9510CC2D6A71; expires=Fri, 27 Dec 2024 20:34:32 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=3B5F86CCCDC96BF907CE9510CC2D6A71; expires=Fri, 27 Dec 2024 20:34:32 GMT; path=/; httponly
_EDGE_S=F=1&SID=2CEC5D439501611A03DD4E9F94E560E4; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:32 GMT; domain=.msn.com; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569776507,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=0, clienttt; dur=61, origin; dur=0 , cdntime; dur=61
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e37b
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635672.5d90e37b
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/service/community/users/vid-eub8k9jesxepwx2d92mars9yyy6eubp0gi8ksghui3ry7ibc2i6a?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 961 B URL GET HTTP/2 assets.msn.com/service/community/users/vid-eub8k9jesxepwx2d92mars9yyy6eubp0gi8ksghui3ry7ibc2i6a?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , ASCII text, with very long lines (1723), with no line terminators
Hash 0f8d0d9e64b84f764c0a115cfa977b08
f2504fd422f57b1a8c87213aaf0a2f99f9c86907
4e5145de77c1c2661a8866b2675d51d2c5ddc0c7d76fd395292146a469317155
GET /service/community/users/vid-eub8k9jesxepwx2d92mars9yyy6eubp0gi8ksghui3ry7ibc2i6a?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce658-d88f-4b7c-8e0d-8213376dc5f7
ddd-strategyexecutionlatency: 00:00:00.0041407
ddd-debugid: 656ce658-d88f-4b7c-8e0d-8213376dc5f7|2023-12-03T20:34:32.8095286Z|fabric_community|NEU1|Community_17
onewebservicelatency: 4
x-msedge-responseinfo: 4
x-ceto-ref: 656ce6584fd84fabbf24a4f30e532390|2023-12-03T20:34:32.801Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4EFB27CD7DC402891612EF2B8D041AC Ref B: OSL30EDGE0507 Ref C: 2023-12-03T20:34:32Z
expires: Sun, 03 Dec 2023 20:34:32 GMT
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 961
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:32 GMT
akamai-request-bc: [a=95.101.10.166,b=1569776641,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=0, clienttt; dur=50, origin; dur=50 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e401
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635672.5d90e401
vary: Origin
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17OgO2.img?w=768&h=432&m=6
200 OK 66 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17OgO2.img?w=768&h=432&m=6
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 768x432, components 3\012- data
Hash 67078dca857b0ed157e916e27737da89
920a6af809202f9b82ac47898126bbfa135b2f4f
d6b547e2e5dd80611e6be487dab58ae5947680ea8d46d3754e63005b439524b7
GET /tenant/amp/entityid/AA17OgO2.img?w=768&h=432&m=6 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17OgO2?w=768&h=432&m=6
last-modified: Sun, 03 Dec 2023 19:57:47 GMT
x-source-length: 103495
x-datacenter: eastus
x-activityid: 02c366f4-30da-4384-8ed5-034bee087b25
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 65536
cache-control: public, max-age=429764
expires: Fri, 08 Dec 2023 19:57:16 GMT
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYWeDb.img?w=48&h=48&q=60&m=6&f=png&u=t
200 OK 7.8 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYWeDb.img?w=48&h=48&q=60&m=6&f=png&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash e1998655434f11bfd2b5f193d85c11b4
94abb2ac0928d8477c3080c90dc3240fade64f53
ab95e669ddf761ee220ab276f254e84170bbc11c8d4d5b9fdb9b956f267e0ea2
GET /tenant/amp/entityid/BBYWeDb.img?w=48&h=48&q=60&m=6&f=png&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/BBYWeDb?w=48&h=48&q=60&m=6&f=png&u=t
last-modified: Fri, 01 Dec 2023 07:42:17 GMT
x-source-length: 11974
x-datacenter: westus
x-activityid: e2ce83e0-55eb-4d9e-9093-b46ff09a549a
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 7812
cache-control: public, max-age=212896
expires: Wed, 06 Dec 2023 07:42:48 GMT
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&d=TaboolaNetBidder&p=webcompar&a=b353dc1c-3785-47d2-81b1-3d024a40370b&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%257E%257EV1%257E%257E7385751002122617757%257E%257EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%26response.session%3Dv2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1pbmFydGljbGUtMSB8IE1EIHwgQXVjdGlvbjIQYTRmYmY4NGZjNjZkNGEwMQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&d=TaboolaNetBidder&p=webcompar&a=b353dc1c-3785-47d2-81b1-3d024a40370b&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%257E%257EV1%257E%257E7385751002122617757%257E%257EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%26response.session%3Dv2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1pbmFydGljbGUtMSB8IE1EIHwgQXVjdGlvbjIQYTRmYmY4NGZjNjZkNGEwMQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&d=TaboolaNetBidder&p=webcompar&a=b353dc1c-3785-47d2-81b1-3d024a40370b&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-available%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%257E%257EV1%257E%257E7385751002122617757%257E%257EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%26response.session%3Dv2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26cpb%3DeAGiAQhTQ09OTVNGVKoBCVNDT05fTVNGVLIBBE1TRlS6AQR0ZXh0wAH7swPKAQJhbQ%26ppb%3DGPqzAyCA1AMqJHdlYmNvbXBhci1pbmFydGljbGUtMSB8IE1EIHwgQXVjdGlvbjIQYTRmYmY4NGZjNjZkNGEwMQ%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2C9BDB8735644D869B93FBCA0642691A Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:32Z
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 0
X-Firefox-Spdy: h2
images.archive-digger.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.3333%2Cw_899%2Cx_150%2Cy_63/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F43761e251b69fb633662ea0986aa6767.png?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%7E%7EV1%7E%7E7385751002122617757%7E%7EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%22%7D
200 OK 43 kB URL GET HTTP/2 images.archive-digger.com/taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.3333%2Cw_899%2Cx_150%2Cy_63/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F43761e251b69fb633662ea0986aa6767.png?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%7E%7EV1%7E%7E7385751002122617757%7E%7EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%22%7D
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subject*.archive-digger.com
Fingerprint93:6C:73:AF:D0:3B:7A:4D:5D:A1:FA:38:88:DE:A1:5E:DD:10:F6:F5
ValidityTue, 14 Nov 2023 00:00:00 GMT - Sat, 14 Dec 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 09ed9cdc9bee73c58302992265be6c6f
8d6e9e4b2f1bea79caf7f67f88146f9848b748e9
5de5d6a97f4205382aebcb795cd1299b7836e582197f9fa93832079183b31cca
GET /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.3333%2Cw_899%2Cx_150%2Cy_63/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F43761e251b69fb633662ea0986aa6767.png?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%7E%7EV1%7E%7E7385751002122617757%7E%7EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%22%7D HTTP/1.1
Host: images.archive-digger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/webp
access-control-allow-headers: X-Requested-With
access-control-allow-origin: *
cache-tag: 362799396392667983892061775000457368078,357930979710361090364002304675504446029,29ecf9b93bbf306179626feeda1fab70
edge-cache-tag: 362799396392667983892061775000457368078,357930979710361090364002304675504446029,29ecf9b93bbf306179626feeda1fab70
etag: "23deb991af3dcc084ee116e8c95d4f4c"
expiration: expiry-date="Thu, 23 Nov 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
last-modified: Mon, 23 Oct 2023 08:55:52 GMT
req-referer: https://www.msn.com/
surrogate-reporting: width=899,height=674,bytes=71722,owidth=1200,oheight=800,obytes=548070
timing-allow-origin: *
x-ratelimit-limit: 101
x-ratelimit-remaining: 100
x-ratelimit-reset: 1
x-envoy-upstream-service-time: 468
x-backend-name: LA_nlb202
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Sun, 03 Dec 2023 20:34:32 GMT
age: 2800664
x-served-by: cache-iad-kcgs7200077-IAD, cache-iad-kiad7000034-IAD, cache-lax-kwhp1940076-LAX, cache-iad-kjyo7100093-IAD, cache-bma1650-BMA
x-cache: Miss from cloudfront, MISS, MISS, MISS, HIT, HIT
x-cache-hits: 0, 0, 0, 22, 2
x-timer: S1701635673.911273,VS0,VE0
vary: ImageFormat
x-debug: /taboola/image/fetch/c_crop%2Cf_jpg%2Cq_auto%2Ce_sharpen%2Car_1.3333%2Cw_899%2Cx_150%2Cy_63/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F43761e251b69fb633662ea0986aa6767.png?taboola_event_details=%7B%22publisher%22%3A%22msn-msn%22%2C%22actionType%22%3A%22visible%22%2C%22appType%22%3A%22bidder%22%2C%22apiKey%22%3A%2269629143827c91b118c7e0dc9f2a4eb0059feae9%22%2C%22session%22%3A%22v2_d4c536701175a25b0095bfc797dd3433_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%22%2C%22responseId%22%3A%22__fedf1fc016b6403975e2740597eae885__df416fb4330d57740edf3574e8f90249__%7E%7EV1%7E%7E7385751002122617757%7E%7EyzZa3eipdvSD7Lg4OiZxRS9c9h14vqhoBQWpoYEpswhw6cLzOYgYTH58zK8cIqqSTTe1NFYPaYB-QDiCLzfBs5W9-mQEUaKCMbne7sjOPhQEIWaVWUOx1G-LpP3c7qLnLxcNskOlYfDqSIhjTQsZuqhYe5U-hrmM5B0NGdcvbO3ffknJSmgNBa64uLX4M24K4OdkFgRRMDM4hmTlXuzwT2fGn1851C7WPO9M3KkdFq8oIwg2qAJNvLqE9vyTgE-eNnNpLRsuRrFv9gflWF3-Ew__text%22%7D
x-vcl-time-ms: 0
content-length: 42938
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=b353dc1c-3785-47d2-81b1-3d024a40370b&ii=1&c=9490256497265259590&bid=2829ba12-34f1-4105-8fd9-6d77e9024cf5&tid=webcompar-inarticle-1&ptid=webcompar-inarticle-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=b353dc1c-3785-47d2-81b1-3d024a40370b&ii=1&c=9490256497265259590&bid=2829ba12-34f1-4105-8fd9-6d77e9024cf5&tid=webcompar-inarticle-1&ptid=webcompar-inarticle-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=inarticle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=b353dc1c-3785-47d2-81b1-3d024a40370b&ii=1&c=9490256497265259590&bid=2829ba12-34f1-4105-8fd9-6d77e9024cf5&tid=webcompar-inarticle-1&ptid=webcompar-inarticle-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D3E51D36F1FC414682D9DC0EFE4EDC67 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:32Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=a930849b6747485c9c2d4ad4f61b9780&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=a930849b6747485c9c2d4ad4f61b9780&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=a930849b6747485c9c2d4ad4f61b9780&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 75FE27A819BD4889B6CBB15A1D128913 Ref B: OSL30EDGE0512 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=2532A2EE9E736EDC148AB1329F866FCD; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b930ef
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=eb81f3b0c42641c28c87b6b5f42c60c7&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=eb81f3b0c42641c28c87b6b5f42c60c7&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=eb81f3b0c42641c28c87b6b5f42c60c7&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A8E9A396884C46A08425A3340E7079C2 Ref B: OSL30EDGE0120 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=3F53FAFACEC461EA3C0EE926CF316043; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b930e8
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=295212bacdb34b1c8a087b73a0f084c2&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=295212bacdb34b1c8a087b73a0f084c2&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=295212bacdb34b1c8a087b73a0f084c2&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6DCA9BE0CD104DFE8C75248D8D366160 Ref B: OSL30EDGE0213 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=04E55AC450DE6DE20CF24918512B6C6B; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b930f0
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=881aab063c5045e0941b7c28847b01b1&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=881aab063c5045e0941b7c28847b01b1&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=881aab063c5045e0941b7c28847b01b1&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED2AA37D34144F67A8B63C94A460D197 Ref B: OSL30EDGE0511 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=3690FE13B84D6B1F1116EDCFB9B86AE6; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b93113
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=35d93ffb33b4477dbbe83534d455738b&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=35d93ffb33b4477dbbe83534d455738b&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=35d93ffb33b4477dbbe83534d455738b&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ED26C8461C9A4DF2B9537C7C69D8F51F Ref B: OSL30EDGE0214 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=3566D552ED06682F3E2EC68EECF369AA; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b93119
www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=4541c3bef6c34e07a167732cfbe405c5&SNR=1&GV=2&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=4541c3bef6c34e07a167732cfbe405c5&SNR=1&GV=2&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?DI=0&DIS=SB_15000-1?&RG=4541c3bef6c34e07a167732cfbe405c5&SNR=1&GV=2&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E6941A501E3F48FBA7A28AC9052367F4 Ref B: OSL30EDGE0415 Ref C: 2023-12-03T20:34:32Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:32 GMT
set-cookie: _EDGE_S=SID=1DE1E01526226F341A36F3C927756E30; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:32 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635672.2b9312b
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=d7b530a4-7680-4c23-a8bf-c52c121d2e87&scope=User.Read%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fwww.msn.com%2Fstaticsb%2Fstatics%2Flatest%2Fauth%2Fauth-redirect-blank.html&client-request-id=ea772a5c-b02b-4d6f-ae2d-d970aa9cea22&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.18.0&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=48hj_307P4cqgv-milZ9JxtTUKhe_x449xvi8340ieY&code_challenge_method=S256&prompt=none&nonce=287b588f-8e4e-49cf-be95-002a0efa2136&state=eyJpZCI6ImFkMWUyMzUyLTgwYmQtNDNiMC1iYjkwLTI1N2RkNWM3MzlhZCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19
200 OK 9.7 kB URL GET HTTP/1.1 login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=d7b530a4-7680-4c23-a8bf-c52c121d2e87&scope=User.Read%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fwww.msn.com%2Fstaticsb%2Fstatics%2Flatest%2Fauth%2Fauth-redirect-blank.html&client-request-id=ea772a5c-b02b-4d6f-ae2d-d970aa9cea22&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.18.0&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=48hj_307P4cqgv-milZ9JxtTUKhe_x449xvi8340ieY&code_challenge_method=S256&prompt=none&nonce=287b588f-8e4e-49cf-be95-002a0efa2136&state=eyJpZCI6ImFkMWUyMzUyLTgwYmQtNDNiMC1iYjkwLTI1N2RkNWM3MzlhZCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjectstamp2.login.microsoftonline.com
Fingerprint5F:41:B5:48:4D:2A:D3:78:6B:12:6B:D6:0B:85:B4:F8:2A:FF:48:29
ValiditySun, 17 Sep 2023 00:00:00 GMT - Tue, 17 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (8483), with CRLF, LF line terminators
Hash eb3b6809c9500d6b3e5f83d7a5c23834
c4a24ebad42aee67ee1bb7f08f79c9c28ba006ed
f0c880aca0dd5db2e9a07bdc13bf93f57d94806e967a38a73e40d39f91eb652e
GET /common/oauth2/v2.0/authorize?client_id=d7b530a4-7680-4c23-a8bf-c52c121d2e87&scope=User.Read%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fwww.msn.com%2Fstaticsb%2Fstatics%2Flatest%2Fauth%2Fauth-redirect-blank.html&client-request-id=ea772a5c-b02b-4d6f-ae2d-d970aa9cea22&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.18.0&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=48hj_307P4cqgv-milZ9JxtTUKhe_x449xvi8340ieY&code_challenge_method=S256&prompt=none&nonce=287b588f-8e4e-49cf-be95-002a0efa2136&state=eyJpZCI6ImFkMWUyMzUyLTgwYmQtNDNiMC1iYjkwLTI1N2RkNWM3MzlhZCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoic2lsZW50In19 HTTP/1.1
Host: login.microsoftonline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Link: <https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
X-DNS-Prefetch-Control: on
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id: 1693e49e-8c82-4b67-aa24-0fdeed6d2200
x-ms-ests-server: 2.1.16790.7 - NEULR1 ProdSlices
x-ms-clitelem: 1,0,0,,
Referrer-Policy: strict-origin-when-cross-origin
X-XSS-Protection: 0
Set-Cookie: buid=0.AS8AMe_N-B6jSkuT5F9XHpElWqQwtdeAdiNMqL_FLBIdLocBAAA.AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-6TUZ8GObyCdw-Vz6LZlYs-ZMxMEcwg7fanKpJgDLlFeaZnXUUQkSe4nIBpWK_bih5ixyFO8mfKZfKth9_5Z-RblRmRs7S1niSaC5UBZ-hzEgAA; expires=Tue, 02-Jan-2024 20:34:32 GMT; path=/; secure; HttpOnly; SameSite=None
esctx=PAQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-HqgdS3FqLUxCCjvW63Ynf_7hwDP2ajC2bPko51XvSQB5pgoXYWMqum4sVjxA_55ryPPlX8_2EFOwdoUEnhbsstzhUfRRMVz11BhG0YvshWM-GqUksXhX66ZhXGI2R2qmA1INqBNYGv4097ESzk6on5WoyGm8aSjRf2PP0jSteU4gAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
esctx-ZyUuCDzP4mg=AQABAAEAAAAmoFfGtYxvRrNriQdPKIZ-8T0vczdDbskBWRASADNIfDc_bXhYEjHXhqBZ5l0xToat6UCow4WcgYMV66vXae7eIofs200IFH9eHEoirWx3pYB5KEutb6J-OAijyb9kk5tuIXkNFDQ4TjYrtDt_Etcd529n9fSz-C1gABTgXAAC_SAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly; SameSite=None
fpc=AipZ2dZ8AL1Pl-9aijqBB06SbVEHAQAAAFjd_twOAAAA; expires=Tue, 02-Jan-2024 20:34:32 GMT; path=/; secure; HttpOnly; SameSite=None
x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly
stsservicecookie=estsfd; path=/; secure; samesite=none; httponly
Date: Sun, 03 Dec 2023 20:34:32 GMT
Content-Length: 9694
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635678433&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635678433&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635678433&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6237
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=a1311c9b683646198da4c3c4c97e4fe4&HASH=a131&LV=202312&V=4&LU=1701635673037; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:33 GMT; Path=/;Secure; SameSite=None
MS0=52de7f2030eb42e8b3b87f4960aab687; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:33 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5396
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_FDnZhONkppB9I1GgfHh9ew2.js
51 kB URL aadcdn.msftauth.net/shared/1.0/content/js/FetchSessions_Core_FDnZhONkppB9I1GgfHh9ew2.js
IP
File type ASCII text, with very long lines (49250)
Hash 1439d984e364a6907d2351a07c787d7b
82911fb63dde55639e091c61474456ad6b017631
e7b1ac055b245ebabeb675aac1ec2eeefadac0795fa59da71f2e392c554bfa9c
GET /shared/1.0/content/js/FetchSessions_Core_FDnZhONkppB9I1GgfHh9ew2.js HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
Origin: https://login.microsoftonline.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
age: 2680216
cache-control: public, max-age=31536000
content-md5: XZF5QvQ4BDmMiZEwKBoNHw==
content-type: application/x-javascript
date: Sun, 03 Dec 2023 20:34:33 GMT
etag: 0x8DBDA579361CCFC
last-modified: Tue, 31 Oct 2023 21:23:07 GMT
server: ECAcc (ska/F753)
vary: Accept-Encoding
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: 3a125935-d01e-004e-7dc7-0d2b2a000000
x-ms-version: 2009-09-19
content-length: 50730
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/latest/video-card-wc/icons/watch-more.svg
200 OK 305 B URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/video-card-wc/icons/watch-more.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (361), with CRLF line terminators
Hash 54bf950900043648d9d880dd5951f3ae
272c2d9362784c0767e7a9056447ec28cba0d196
2f7ba75dd41b4ee334b91e654b89a8bafd4d44c1768aa13a599533108848cc09
GET /staticsb/statics/latest/video-card-wc/icons/watch-more.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: VL+VCQAENkjZ2IDdWVHzrg==
last-modified: Fri, 01 Dec 2023 07:16:57 GMT
etag: 0x8DBF23D815402B2
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 16f9bae0-201e-004d-2b3b-249f17000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:33 GMT
content-length: 305
akamai-request-bc: [a=95.101.10.166,b=1569777245,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e65d
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635673.5d90e65d
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/staticsb/statics/pr-3888520/icons-wc/icons/VideoBlue.svg
200 OK 526 B URL GET HTTP/2 assets.msn.com/staticsb/statics/pr-3888520/icons-wc/icons/VideoBlue.svg
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (503), with CRLF line terminators
Hash 52062b8c8ffb4d3adb0152e4d66327cf
9a4802aed336341d814803b9d16abd1e851a04ec
57a788c6c6fbd740ab582d3c70254e13a32f0fd92f9a7d88a7ee9993fd7a65bd
GET /staticsb/statics/pr-3888520/icons-wc/icons/VideoBlue.svg HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-md5: UgYrjI/7TTrbAVLk1mMnzw==
last-modified: Thu, 11 May 2023 17:46:52 GMT
etag: 0x8DB5247B47A4E86
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e495fc42-601e-0049-6b6a-8774bb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
content-length: 526
date: Sun, 03 Dec 2023 20:34:33 GMT
akamai-request-bc: [a=95.101.10.166,b=1569777244,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=0, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e65c
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635673.5d90e65c
vary: Origin
X-Firefox-Spdy: h2
assets.msn.com/content/view/v1/Detail/AA1jxCyK
200 OK 4.1 kB URL GET HTTP/2 assets.msn.com/content/view/v1/Detail/AA1jxCyK
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (10341), with no line terminators
Hash ed26f281752b889679977df26603c60e
03c91e90b02122b1b3a661e8822d851bd36b042c
cea2bacbca9142351b70041cfaabedb7bc2b2586d20ec9d7ef1c3638e37441ec
GET /content/view/v1/Detail/AA1jxCyK HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: Unknown
ddd-debugid: 656ce659-d8df-4174-bc34-947b9e65c4ee|2023-12-03T20:34:33.1131885Z|fabric_msn|EUS1|News_132
onewebservicelatency: 1
x-msedge-responseinfo: 1
x-ceto-ref: 656ce6594a7d407e93bf8c99979072b3|2023-12-03T20:34:33.110Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 4139
date: Sun, 03 Dec 2023 20:34:33 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUID=3CD4949909F96FFF17D58745086A6EA2; expires=Fri, 27 Dec 2024 20:34:33 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=3CD4949909F96FFF17D58745086A6EA2; expires=Fri, 27 Dec 2024 20:34:33 GMT; path=/; httponly
_EDGE_S=F=1&SID=1666374C54876B352FFB249055146AE1; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:33 GMT; domain=.msn.com; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569777113,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=0, clienttt; dur=125, origin; dur=0 , cdntime; dur=125
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90e5d9
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635673.5d90e5d9
vary: Origin
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t
200 OK 1.0 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 16x16, components 3\012- data
Hash ae08423e091f09df187751f3a38b231c
3b86a8d1178749187c03505dd58c2ded7be27bd4
002eae00d1a42c6266c7120fbcfd4d1d9ee3fe7295a147306f2839624205a03b
GET /tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1ihomG?w=16&h=16&q=60&m=6&f=jpg&u=t
last-modified: Sun, 03 Dec 2023 11:05:07 GMT
x-source-length: 9417
x-datacenter: westus
x-activityid: ce774d14-8c81-41b8-b9d5-d3ba196bd100
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1024
cache-control: public, max-age=397786
expires: Fri, 08 Dec 2023 11:04:19 GMT
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t
200 OK 1.0 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 16x16, components 3\012- data
Hash ae08423e091f09df187751f3a38b231c
3b86a8d1178749187c03505dd58c2ded7be27bd4
002eae00d1a42c6266c7120fbcfd4d1d9ee3fe7295a147306f2839624205a03b
GET /tenant/amp/entityid/AA1ihomG.img?w=16&h=16&q=60&m=6&f=jpg&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1ihomG?w=16&h=16&q=60&m=6&f=jpg&u=t
last-modified: Sun, 03 Dec 2023 11:05:07 GMT
x-source-length: 9417
x-datacenter: westus
x-activityid: ce774d14-8c81-41b8-b9d5-d3ba196bd100
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 1024
cache-control: public, max-age=397786
expires: Fri, 08 Dec 2023 11:04:19 GMT
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&ii=1&c=9381137179146187087&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-1&ptid=webcompar-sliver-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8E797FBDC5D14FF8A2981DB7627EAB06 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCNsD%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCNsD%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=1&d=TaboolaNetBidder&p=webcompar&a=8dcc9bb7-ed97-4872-8ab3-c1b3e0f964f1&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__4072dfefb0307a84e414d7fbafdc982f__%257E%257EV1%257E%257E9096163551020680461%257E%257EIUnR9fce86jiQsFTTGDbkMmSws9igMTDeZeeomDMHa59_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15mDIoFW0jUHWuIySImhrlPuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKzQHlEBhntT_DGIKeLa95I27juG29wRGIeca0hrE4L-2-XqpPIQGJ0_YE_eCF6Ike1NmZ8eZuZGvXujkB34m5PIG1ZLgoAoZ7OcdcK5jGnrK5rbxdnTF8dpf8ajNaZaIX9xgTaznDSKGSTRURj290Xr__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCNsD%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D220CB47A8344ADB8C197481EB61F1E1 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 0
X-Firefox-Spdy: h2
srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&ii=1&c=781382088180119434&bid=ccc096b5-e2ea-473e-98a8-32753d1d1124&tid=webcompar-sliver-2&ptid=webcompar-sliver-2&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F0980E6242C644EEBC1AF3BC48E83328 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCOUG%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCOUG%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=sliver&i=2&d=TaboolaNetBidder&p=webcompar&a=c69b7a5b-00c2-48a9-88a6-43573c5d6a54&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__efeabcd30147f1d847045b94bb06a779__%257E%257EV1%257E%257E-4614909549778934615%257E%257EbGy0VIX0EpznnJBaaRW8223FAQv_cDERy6B9fYTKXy19_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l17m3fkbPaYaydeGMENWyzy0uboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKw8TDR1k9QlDW_eS6HIrjVc8A1EOiSI_l_OT5b1EH2mcZLbod-k1aOr_SlFSpNKSd2iS5N4jqr45jbPQpBVg5XGtVf73YxTmCLQEmy5c3zuhZ9A-4cobTlEeIH4oZKnLOU__text%26response.session%3Dv2_6ee6fa9c7b418f41597079e8af0c8c92_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCOUG%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDA0Mjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAbn5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 436A334A27A84A7493BC31577CA06AC5 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 0
X-Firefox-Spdy: h2
login.live.com/Me.htm?v=3
1.1 kB URL login.live.com/Me.htm?v=3
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
Hash e86ef8b6111e5fb1d1665bcdc90888c9
994bf7651cb967cd9053056af2d69acb74db7f29
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
GET /Me.htm?v=3 HTTP/1.1
Host: login.live.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=315360000
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: Wed, 30 Nov 2033 20:34:33 GMT
Vary: Accept-Encoding
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Referrer-Policy: strict-origin-when-cross-origin
x-ms-route-info: C105_BL2
x-ms-request-id: d009d4e6-9842-4798-bd5c-383e2785c096
PPServer: PPV: 30 H: BL6PPFD6A7724A6 V: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
X-XSS-Protection: 1; mode=block
Set-Cookie: uaid=f53038340a2849d195f724d99b064711; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
MSPRequ=id=N<=1701635673&co=1; domain=login.live.com; Secure; path=/; SameSite=None; HttpOnly
Date: Sun, 03 Dec 2023 20:34:33 GMT
Content-Length: 1132
srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&p=webcompar&l=en-us&d=TaboolaNetBidder&b=firefox&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&ii=1&c=9267554076319473867&bid=ffbfb445-ddf5-443a-ba1f-23add2961fee&tid=webcompar-rectangle-1&ptid=webcompar-rectangle-1&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8136C8BD8C4647C48BD2C542D175AA4F Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/viewed?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8FF3D133AE6849E7B22112D3A39CDCD3 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Deb81f3b0c42641c28c87b6b5f42c60c7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir
303 See Other 146 B URL GET HTTP/3 www.bing.com/api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Deb81f3b0c42641c28c87b6b5f42c60c7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document, ASCII text
Hash c117706a7952b50e3268738e532c3934
e8b7473665f754e61f10194da686d40feac6cde8
530a11495f43b887ee5a90681a806ba5acad2f966f8c3538918e68f5bfbc02f9
GET /api/v1/mediation/tracking?adUnit=367325&auId=a4393072-6222-414f-8e20-11def6ac4a96&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=374443&publisherId=17160724&rId=860875cf-36a8-498f-84c4-e467ee37f616&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Deb81f3b0c42641c28c87b6b5f42c60c7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=ar-rectangle-2&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=ego_erfreir HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 146
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=eb81f3b0c42641c28c87b6b5f42c60c7&tids=15000&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EDC627C7615E41C78506C1BA414DFBB9 Ref B: OSL30EDGE0120 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:33 GMT
set-cookie: _EDGE_S=SID=249BB7E004F365D80A86A43C05066463; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:33 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635673.2b93457
srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCAk%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDAzMjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAeb5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
200 OK 0 B URL GET HTTP/2 srtb.msn.com/notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCAk%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDAzMjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAeb5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/partnerserve?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=1&d=TaboolaNetBidder&p=webcompar&a=60209c90-d4bc-4eb3-a844-56b3544ee20e&l=en-us&pb=https%3A%2F%2Fam-api.taboola.com%2F2.0%2Fjson%2Fmsn-msn%2Frecommendations.notify-visible%3Fapp.type%3Dbidder%26app.apikey%3D69629143827c91b118c7e0dc9f2a4eb0059feae9%26response.id%3D__fedf1fc016b6403975e2740597eae885__ba6998ccacc1b92ea39a07a6c1d17d73__%257E%257EV1%257E%257E3443367330089025563%257E%257EI9gt31d_vMlmRvX8H2ch2P0N54w9owV8L4nKqF4jzjZ9_9IWyVTZYEw3zPc60dwzHu_TYvngZ3fIkOCpr71_kAqE0_yL1hRu0U20mv8_l15I3ecj-XG32srY38DDBuSvuboV1g5JHqjGqI-fT95WwmIRhuBFsW2WK6EPS_uSHKwyDcHa9Q4ezwH_fKTSUaw7k4VaTD3VGt3JmhS4VmI-NUXW4MJSXZ6sq6EzxEDTRJ9NXGMAWMJlMmhlVnSefCZ04jH9tPN6OlRc0OJa4mWKm7dZaORxKh6ESyA8UscxqjY__text%26response.session%3Dv2_a76551e587f82475e8dd65cd0172464b_0F42A7BCFF8E6D033159B460FE7B6CF3_1701635669_1701635669_CNawjgYQrrs-GNvsj4Gr8OiynwEgASgFMKIBON-HDECelxBI-ajZA1D___________8BWABgAGinlumg7Oznu-YBcAA%26view.external-id%3De65b4727d45440a8a1a02bba701687c6%26ppb%3DCAk%26cpb%3DGO8JIKvtFyoZYW0udGFib29sYXN5bmRpY2F0aW9uLmNvbTIIdHJjNDAzMjk4gNTo2gVA34cMSJ6XEFD5qNkDWP___________wFjCNcWENUfGCNkYwjc__________8BENz__________wEYJGRjCNIDEOAGGAhkYwjcFRD7JRgJZGMIpCcQgzUYL2RjCIVCEKlXGA9kYwjQNxCNUxgwZGMIzkQQ61oYMmRjCNwKEKAQGBZkYwjiTxDxaRg2ZGMI0AwQ8BIYF2RjCJYUEJgcGBhkYwj_RhCKZhgdZGMI9BQQnh0YH2RqIGU2NWI0NzI3ZDQ1NDQwYThhMWEwMmJiYTcwMTY4N2M2eAGAAQKIAd2SzkiQARyYAeb5jovDMaIBCFNDT05NU0ZUqgEJU0NPTl9NU0ZUsgEETVNGVLoBBHRleHTAAfuzA8oBAmFt%26viperAppType%3DSCONMSFT&t=type.msft-content-card HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2E98F1B3684E4A8A83AC8CB5F879019B Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
content-length: 0
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1kVOEx.img?w=680&h=475&q=60&m=6&f=jpg&u=t
200 OK 33 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1kVOEx.img?w=680&h=475&q=60&m=6&f=jpg&u=t
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 680x475, components 3\012- data
Hash 710452b706e6ee099deec301bc67abe0
d97123580b29f69057425e6b87e55ab470e4af52
9f04c477f4f005460ed73510bb0e543a51936026cb5e54394d4129933a3b692f
GET /tenant/amp/entityid/AA1kVOEx.img?w=680&h=475&q=60&m=6&f=jpg&u=t HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA1kVOEx?w=680&h=475&q=60&m=6&f=jpg&u=t
last-modified: Sun, 03 Dec 2023 20:34:33 GMT
x-source-length: 54367
x-datacenter: westus
x-activityid: 6b1414d0-1390-44a0-b880-cc5b420ff4b2
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
content-length: 32768
cache-control: public, max-age=432000
expires: Fri, 08 Dec 2023 20:34:33 GMT
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
www.msn.com/staticsb/statics/latest/auth/auth-redirect-blank.html
98 B URL www.msn.com/staticsb/statics/latest/auth/auth-redirect-blank.html
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 823a2cd25deffc60d1fd2dafb75a4f93
32ab16dedb3cdd2dac7ea272aa134d62e12141fc
c9bd52ecd38bf9093c7a257a069d08cf03dab816d8da5c1a4f0eced0d9b1ee79
GET /staticsb/statics/latest/auth/auth-redirect-blank.html HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; MicrosoftApplicationsTelemetryDeviceId=d514f282-300c-435d-b1c6-8e6420446b00; ai_session=gu5SVaXIAfSANfBNs/NCR7|1701635672570|1701635672570
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 98
content-type: text/html
content-encoding: gzip
content-md5: gjos0l3v/GDR/S2vt1pPkw==
last-modified: Fri, 01 Dec 2023 07:17:07 GMT
etag: 0x8DBF23D86E2709B
vary: Origin
x-ms-request-id: b76272e6-301e-0025-0b7a-243acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.3.89,b=2364693939,c=g,n=SE_AB_STOCKHOLM,o=20940]
server-timing: clientrtt; dur=11, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.3.89
akamai-request-id: 8cf25db3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.59034917.1701635673.8cf25db3
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3F08C30636084392B0EF142DD4434871 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=eb81f3b0c42641c28c87b6b5f42c60c7&tids=15000&med=10
200 OK 0 B URL GET HTTP/3 www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=eb81f3b0c42641c28c87b6b5f42c60c7&tids=15000&med=10
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aes/c.gif?type=mv&reqver=1.0&rg=eb81f3b0c42641c28c87b6b5f42c60c7&tids=15000&med=10 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
DNT: 1
Connection: keep-alive
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6E96050EFAED46B8B7122CEEB8079685 Ref B: OSL30EDGE0120 Ref C: 2023-12-03T20:34:33Z
content-length: 0
date: Sun, 03 Dec 2023 20:34:33 GMT
set-cookie: _EDGE_S=SID=1B78940CDE6D62A60E1687D0DF986349; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:33 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635673.2b935ab
assets.msn.com/staticsb/statics/latest/js/thirdparty/msft/in-stream-video-sdk.1.0.1.js
200 OK 52 kB URL GET HTTP/2 assets.msn.com/staticsb/statics/latest/js/thirdparty/msft/in-stream-video-sdk.1.0.1.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65483), with CRLF line terminators
Hash a90ca8e91433a368246f3e18d0a87f3c
63ab9cdf3a99434e2ec55487a3d5d38644bee64b
1a8c98289550f07aff555dfe43427e823b2b2879c288c4a6147d4233a7bc3575
GET /staticsb/statics/latest/js/thirdparty/msft/in-stream-video-sdk.1.0.1.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-md5: qQyo6RQzo2gkbz4Y0Kh/PA==
last-modified: Fri, 01 Dec 2023 07:16:56 GMT
etag: 0x8DBF23D80525F21
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f723739d-701e-0027-802c-2437a6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: gzip
date: Sun, 03 Dec 2023 20:34:33 GMT
content-length: 52488
akamai-request-bc: [a=95.101.10.166,b=1569778200,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=6, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90ea18
cache-control: public, max-age=31536000
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635673.5d90ea18
vary: Origin
X-Firefox-Spdy: h2
prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/manifest(format=m3u8-aapl)
200 OK 646 B URL GET HTTP/1.1 prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/manifest(format=m3u8-aapl)
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type M3U playlist, ASCII text, with CRLF line terminators
Hash 2c7356825b957d7dbc0a1e15361a3a2d
fb0ea2d755a6cd3bb0695574ba0c8e613bf4a7ad
f7ad37713049a9ec0286463797047c667cc2f285fd1bd405d98a076076f258c1
GET /4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/manifest(format=m3u8-aapl) HTTP/1.1
Host: prod-streaming-video-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: IISMS/6.0,IIS Media Services Premium by Microsoft
Content-Type: application/vnd.apple.mpegurl
Content-Encoding: gzip
ETag: "0x8DBF4365A85B879"
Server: Microsoft-IIS/10.0 IISMS/6.0
x-ms-streaming-duration: 0
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Length: 646
Cache-Control: max-age=2592000
Expires: Tue, 02 Jan 2024 20:34:33 GMT
Date: Sun, 03 Dec 2023 20:34:33 GMT
Connection: keep-alive
Vary: Accept-Encoding
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679260&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679260&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679260&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7223
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=fec8b72976f0448298dfcb8750c0d6e6&HASH=fec8&LV=202312&V=4&LU=1701635673865; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:33 GMT; Path=/;Secure; SameSite=None
MS0=d255a18d8877454da5d08e16ec261a4d; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:33 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5395
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679458&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679458&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635679458&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7255
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c054da75f3e144f4b7ab104667cd4c91&HASH=c054&LV=202312&V=4&LU=1701635674084; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:34 GMT; Path=/;Secure; SameSite=None
MS0=e2763bbfa8c841c8a6a7eda8dbad5a52; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:34 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5374
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/AA1kVZPe?blobrefkey=closedcaptionen-us&$blob=1&vtt=true
200 OK 566 B URL GET HTTP/1.1 prod-video-cms-amp-microsoft-com.akamaized.net/tenant/amp/entityid/AA1kVZPe?blobrefkey=closedcaptionen-us&$blob=1&vtt=true
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type ASCII text, with CRLF line terminators
Hash 650b2d0377991dcc632f991fdbd892bf
9f26a5191ff387a0427e35f14d09e83d66311c1a
3b52b0cda4cc12be1e768ea9d7f85f43d488cea83b8cbacb60c9015c52b28abd
GET /tenant/amp/entityid/AA1kVZPe?blobrefkey=closedcaptionen-us&$blob=1&vtt=true HTTP/1.1
Host: prod-video-cms-amp-microsoft-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/vtt
Content-Encoding: gzip
VideoShimDatacenter: northeu
VideoShimActivityId: 775ac241-c780-48a3-9c28-fb5e1567dcd8
X-Powered-By: ASP.NET
Content-Length: 566
Cache-Control: public, max-age=1209563
Expires: Sun, 17 Dec 2023 20:33:57 GMT
Date: Sun, 03 Dec 2023 20:34:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Access-Control-Allow-Origin: *
js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js
200 OK 34 kB URL GET HTTP/2 js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectjs.monitor.azure.com
FingerprintFF:8C:AA:D5:CE:B8:1C:2B:92:4E:2E:4C:30:25:29:9E:54:57:FC:73
ValidityWed, 20 Sep 2023 05:47:48 GMT - Sat, 14 Sep 2024 05:47:48 GMT
File type ASCII text, with very long lines (65395)
Hash 6c6e1a3cd82e81abab9d7abc397a107d
246f870580dcdace936284daa47a08e7e54355cf
077052944d805da1cd832b70df86d282be6a1309626c646fc36dacdc9fbc7ddb
GET /scripts/c/ms.shared.analytics.mectrl-3.2.7.gbl.min.js HTTP/1.1
Host: js.monitor.azure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000, immutable, no-transform
content-type: text/javascript; charset=utf-8
content-encoding: br
content-md5: bG4aPNgugaurnXq8OXoQfQ==
last-modified: Wed, 05 Oct 2022 16:53:03 GMT
etag: 0x8DAA6F2118B127C
x-cache: TCP_HIT
x-ms-request-id: 7d181c66-401e-00da-1928-18a2f8000000
x-ms-version: 2009-09-19
x-ms-meta-jssdkver: 3.2.7
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,x-ms-meta-jssdkver,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0vG1VZQAAAADKhc5I2fJPSrI7b9J1rEiMQU1TMDRFREdFMTkxMwBmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
x-azure-ref: 0WuZsZQAAAAAjhejZYcbFRIke6Q9zuUywU1ZHMjBFREdFMDUxMABmMWNhNzNkNC04ODgzLTRjYWYtYWJkYy1mZTJkNTY3YWZiOTY=
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Manifest(video,format=m3u8-aapl)
200 OK 380 B URL GET HTTP/1.1 prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Manifest(video,format=m3u8-aapl)
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type M3U playlist, ASCII text, with CRLF line terminators
Hash d482e341b3699308088db2201e1ee1e8
10c792117878d1dcd51167ac972fb62743e0db4f
19592ac49b078c3d92cb46eba6e16a6a4e1e0f705cc8b6dfc806c04bc296e3ac
GET /4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Manifest(video,format=m3u8-aapl) HTTP/1.1
Host: prod-streaming-video-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: IISMS/6.0,IIS Media Services Premium by Microsoft
Content-Type: application/vnd.apple.mpegurl
Content-Encoding: gzip
ETag: "0x8DBF4365A85B879"
Server: Microsoft-IIS/10.0 IISMS/6.0
x-ms-streaming-duration: 0
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Length: 380
Cache-Control: max-age=2592000
Expires: Tue, 02 Jan 2024 20:34:34 GMT
Date: Sun, 03 Dec 2023 20:34:34 GMT
Connection: keep-alive
Vary: Accept-Encoding
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Fragments(video=0,format=m3u8-aapl)
200 OK 1.7 MB URL GET HTTP/1.1 prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Fragments(video=0,format=m3u8-aapl)
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type MPEG transport stream data\012- data
Size 1.7 MB (1681848 bytes)
Hash c632dc4da83fc85c6528e43d1542560f
6ac957c13ed54e4bad537ba46e773250111f7c55
1ab940ad78c5b531f080e3148cc914d0537620704dbc7288eb711d83afad3cc3
GET /4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(2293558)/Fragments(video=0,format=m3u8-aapl) HTTP/1.1
Host: prod-streaming-video-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: IISMS/6.0,IIS Media Services Premium by Microsoft
Content-Type: video/mp2t
ETag: "0x8DBF43658989566"
Server: Microsoft-IIS/10.0 IISMS/6.0
x-ms-streaming-duration: video=6006
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Length: 1681848
Cache-Control: max-age=2591987
Expires: Tue, 02 Jan 2024 20:34:22 GMT
Date: Sun, 03 Dec 2023 20:34:35 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
assets.msn.com/serviceak/news/feed/pages/viewspage?contentId=AA17OofU&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
404 Not Found 10 B URL GET HTTP/2 assets.msn.com/serviceak/news/feed/pages/viewspage?contentId=AA17OofU&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash 7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
GET /serviceak/news/feed/pages/viewspage?contentId=AA17OofU&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=winp1&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
date: Sun, 03 Dec 2023 20:34:35 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771324,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=23.48.243.16,c=o],[a=23.50.234.7,c=o]
server-timing: clientrtt; dur=0, clienttt; dur=2687, origin; dur= , cdntime; dur=2687
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf3c
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-expose-headers: X-Statics-Fallback,Akamai-Request-BC
access-control-allow-headers: X-Statics-Fallback
x-cache-key: /service/news/feedpages/viewspage/en-us/AA17OofU
access-control-allow-origin: https://www.msn.com
content-type: application/json; charset=utf-8
x-statics-fallback: true
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635672.5d90cf3c
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680852&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680852&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680852&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 9349
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=447dd69b0c2d4a35b129c109b5b3092e&HASH=447d&LV=202312&V=4&LU=1701635675459; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:35 GMT; Path=/;Secure; SameSite=None
MS0=a54aa594e75a497ba0e2f50cfaa44ef3; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:35 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5393
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:35 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/meversion?partner=msnews&market=en-us
200 OK 10 kB URL GET HTTP/2 mem.gfx.ms/meversion?partner=msnews&market=en-us
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (30143)
Hash 5d450e92c6cb16e3a0186b0de8eedae7
0a8fed313ee288d33dab44cc79b8f04921164e98
ab70db54f0176840ab90b8c3d4134ff43bcafcc00270db45515b91ed1c05cba4
GET /meversion?partner=msnews&market=en-us HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: application/javascript
content-encoding: br
expires: Mon, 04 Dec 2023 01:11:50 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0ln5sZQAAAAD8Dj4jL5QDR6cviKJU9CHFQU1TMDRFREdFMTkxNgBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0WuZsZQAAAACw6jx3NoTCQLoP0U4GwTVwU1ZHMjBFREdFMDYwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Sun, 03 Dec 2023 20:34:33 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/libs_views-full-page-connector_dist_experimental_infinitereading-fallback_js.f8e4c23becf9dadaadf5.js
200 OK 6.6 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_views-full-page-connector_dist_experimental_infinitereading-fallback_js.f8e4c23becf9dadaadf5.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (22605), with no line terminators
Hash d2463331970e039fe9d7981da10890ad
6267a238781468df10a55b9752b7f3655f8a2cb4
ad8cdfd0b3251fa87d35d157b557bfd6fdb3a6ddfcba1294cbe61f10befe6cf8
GET /bundles/v1/views/latest/libs_views-full-page-connector_dist_experimental_infinitereading-fallback_js.f8e4c23becf9dadaadf5.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 6594
content-md5: TBiCtLNZ0XM2FyQiEKYaAQ==
last-modified: Wed, 29 Nov 2023 22:36:26 GMT
etag: 0x8DBF12B9F71BF47
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d46d156b-001e-001c-4614-232290000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:35 GMT
akamai-request-bc: [a=95.101.10.166,b=1569781329,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90f651
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635675.5d90f651
vary: Origin
X-Firefox-Spdy: h2
prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Fragments(aac_eng_2_96115_2_1=0,format=m3u8-aapl)
200 OK 79 kB URL GET HTTP/1.1 prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Fragments(aac_eng_2_96115_2_1=0,format=m3u8-aapl)
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type MPEG transport stream data\012- data
Hash 1d46a6ad68bf2d2ab8b4eb106012a411
6bc3a3504e9643bb92b40f897d7cdc9e0af23f2a
3235cc85a68c7d6eac547ec6a96a050450eb0348d0b94f4d219c919596093118
GET /4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Fragments(aac_eng_2_96115_2_1=0,format=m3u8-aapl) HTTP/1.1
Host: prod-streaming-video-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: IISMS/6.0,IIS Media Services Premium by Microsoft
Content-Type: video/mp2t
ETag: "0x8DBF436589957DA"
Server: Microsoft-IIS/10.0 IISMS/6.0
x-ms-streaming-duration: audio=6016
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Length: 78584
Cache-Control: max-age=2592000
Expires: Tue, 02 Jan 2024 20:34:35 GMT
Date: Sun, 03 Dec 2023 20:34:35 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681202&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681202&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681202&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6327
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=9651a9b185ef49b38cb8bfd40ca276fc&HASH=9651&LV=202312&V=4&LU=1701635675819; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:35 GMT; Path=/;Secure; SameSite=None
MS0=5ee5f97fc43c4148ba97b4f19712fe98; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:35 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5383
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:35 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681334&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681334&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681334&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7256
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=9954a5a158cb43789cf271da9c401962&HASH=9954&LV=202312&V=4&LU=1701635675944; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:35 GMT; Path=/;Secure; SameSite=None
MS0=0ab43cd6d5cc4a01906f8d89bc2431ba; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:35 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5390
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:35 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681338&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681338&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681338&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7256
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=9b70486506ee41b5b8229e411a78e419&HASH=9b70&LV=202312&V=4&LU=1701635675944; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:35 GMT; Path=/;Secure; SameSite=None
MS0=e825d8cf7b7b40c584621b39714be397; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:35 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5394
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:35 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681398&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681398&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681398&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7493
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=e3e27d538442455f873e89cc3b7d7e5f&HASH=e3e2&LV=202312&V=4&LU=1701635676006; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:36 GMT; Path=/;Secure; SameSite=None
MS0=fb100723b47b4a829ebcf96112b7ded4; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:36 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5392
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:35 GMT
X-Firefox-Spdy: h2
assets.msn.com/service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false
200 OK 22 kB URL GET HTTP/2 assets.msn.com/service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65466), with no line terminators
Hash e021f243442cd4c3fed814c3991874ba
458a785cc26209977161794a83f5219a046564b0
6ddfbf227ffcb707efd631493b33e4be6c8f40bc5084d617db4f75798ef676e0
GET /service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: XFeed;PageViewCount0;IsRecoNewUser:1;TileID:u4xu;WasRecoNewUser:1;BingRecoCode:Success;RR:0
ddd-feedfeatures: 0100010000000101010000000000000000
ddd-featureset: 0,Msn.OneDataService.Search.FeatureTracker.Models.NewsFeedFeature:wgAA;
ddd-activityid: 656ce65c-da42-4616-b71c-9cd9db688aa9
ddd-strategyexecutionlatency: 00:00:00.1254646
ddd-debugid: 656ce65c-da42-4616-b71c-9cd9db688aa9|2023-12-03T20:34:36.1574584Z|fabric_msn|NEU1|News_72
onewebservicelatency: 128
x-msedge-responseinfo: 128
x-ceto-ref: 656ce65cbcbb4d1bad6f4fdc9feab056|2023-12-03T20:34:36.027Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 37692FF3D4F14FB587993A39DA5290A7 Ref B: OSL30EDGE0507 Ref C: 2023-12-03T20:34:36Z
expires: Sun, 03 Dec 2023 20:34:36 GMT
date: Sun, 03 Dec 2023 20:34:36 GMT
content-length: 22510
set-cookie: _C_ETH=1; expires=Sat, 02 Dec 2023 20:34:36 GMT; domain=.msn.com; path=/; secure; httponly
_C_Auth=
akamai-request-bc: [a=95.101.10.166,b=1569781828,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=178, origin; dur=177 , cdntime; dur=1
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90f844
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635675.5d90f844
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681627&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681627&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635681627&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6456
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=02b80ea5f8104f1cbde423b615553409&HASH=02b8&LV=202312&V=4&LU=1701635676225; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:36 GMT; Path=/;Secure; SameSite=None
MS0=0abb1debc0cc40508c14d9a3b14df4b3; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:36 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5402
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:36 GMT
X-Firefox-Spdy: h2
assets.msn.com/service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow,webcontent&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false
200 OK 23 kB URL GET HTTP/2 assets.msn.com/service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow,webcontent&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65466), with no line terminators
Hash f184a15b25a0d48b6a9c4924c6fd24d8
722027b64397fca82388f589cfd7a40b641cfc1c
fcb2b131f16291aa5d688fcd2f03b2e4a4c0ac197b9f07ea075b74ea2bec42b3
GET /service/MSN/Feed/me?$top=30&DisableTypeSerialization=true&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&channel=contentconsumption&cm=en-us&contentType=article,video,slideshow,webcontent&it=web&location=59.9368|10.9071&ocid=windows-windowshp-feeds&query=news&queryType=myfeed&responseSchema=cardview&timeOut=1000&user=m-31DE64B2864F61CA0C2E776E87BA60F2&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: XFeed;PageViewCount0;IsRecoNewUser:1;TileID:u4xu;WasRecoNewUser:1;BingRecoCode:Success;RR:0
ddd-feedfeatures: 0100010000000101010000000000000000
ddd-featureset: 0,Msn.OneDataService.Search.FeatureTracker.Models.NewsFeedFeature:wgAA;
ddd-activityid: 656ce65c-3cef-4ecb-b661-6f4fa5fe89ed
ddd-strategyexecutionlatency: 00:00:00.1339568
ddd-debugid: 656ce65c-3cef-4ecb-b661-6f4fa5fe89ed|2023-12-03T20:34:36.3972032Z|fabric_msn|NEU1|News_93
onewebservicelatency: 136
x-msedge-responseinfo: 136
x-ceto-ref: 656ce65ceca948f88c6895f7e361dc59|2023-12-03T20:34:36.259Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 01DF59DFFCEF4C3D96177A99B0392D22 Ref B: OSL30EDGE0507 Ref C: 2023-12-03T20:34:36Z
expires: Sun, 03 Dec 2023 20:34:36 GMT
date: Sun, 03 Dec 2023 20:34:36 GMT
content-length: 22641
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:36 GMT
akamai-request-bc: [a=95.101.10.166,b=1569782275,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=190, origin; dur=189 , cdntime; dur=1
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90fa03
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635676.5d90fa03
vary: Origin
X-Firefox-Spdy: h2
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
200 OK 0 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint75:5B:58:BD:CE:E2:49:2A:83:F0:83:EB:41:5D:B7:2C:F9:3B:7B:47
ValidityMon, 18 Sep 2023 23:54:14 GMT - Thu, 12 Sep 2024 23:54:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,cache-control,client-id,client-version,content-type,time-delta-to-apply-millis,upload-time
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, 3600
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: AuthMsaDeviceTicket,AuthXToken,Content-Encoding,Content-Type,Cache-Control,Client-Id,SDK-Name,sdk-version,apikey,x-apikey,client-version,upload-time,time-delta-to-apply-millis,client-time-epoch-millis,persistence-mode,reliability-mode,NoResponseBody
access-control-max-age: 3600
access-control-allow-origin: https://www.msn.com
date: Sun, 03 Dec 2023 20:34:37 GMT
X-Firefox-Spdy: h2
browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
200 OK 154 B URL OPTIONS HTTP/2 browser.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
Fingerprint75:5B:58:BD:CE:E2:49:2A:83:F0:83:EB:41:5D:B7:2C:F9:3B:7B:47
ValidityMon, 18 Sep 2023 23:54:14 GMT - Thu, 12 Sep 2024 23:54:14 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash e4825d50b7ff03f104d4bc209bfb4e3d
eace894785f9ca04c35890c99dc24c056439f98f
f717bc5155d132fc46843786b3f5db20efefd8da01e532346d808651cecda34c
POST /OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=0 HTTP/1.1
Host: browser.events.data.microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Id: NO_AUTH
client-version: 1DS-Web-JS-3.2.7
apikey: b8ffe739c47a401190627519795ca4d2-044a8309-9d4b-430b-9d47-6e87775cbab6-6888
upload-time: 1701635682368
time-delta-to-apply-millis: use-collector-delta
cache-control: no-cache, no-store
content-type: application/x-json-stream
Content-Length: 30851
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 154
content-type: application/json
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c6e37433f7434aefb15a9527f71d7d45&HASH=c6e3&LV=202312&V=4&LU=1701635677802; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:37 GMT; Path=/;Secure; SameSite=None
MS0=00ad0413644644f0a0c5c8c98daa2e44; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:37 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -4566
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:37 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635689210&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
0 B URL browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635689210&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635689210&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7027
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c6e37433f7434aefb15a9527f71d7d45&HASH=c6e3&LV=202312&V=4&LU=1701635677802; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:43 GMT; Path=/;Secure; SameSite=None
MS0=426be8ee155c45e1b1fe648246ace446; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:43 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5373
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:43 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692747&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
0 B URL browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692747&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692747&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6649
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c6e37433f7434aefb15a9527f71d7d45&HASH=c6e3&LV=202312&V=4&LU=1701635677802; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:47 GMT; Path=/;Secure; SameSite=None
MS0=1be40a37448344f2981d2be74ea89da8; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:47 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5393
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:47 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692775&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
0 B URL browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692775&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635692775&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7787
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c6e37433f7434aefb15a9527f71d7d45&HASH=c6e3&LV=202312&V=4&LU=1701635677802; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:47 GMT; Path=/;Secure; SameSite=None
MS0=8f08a3ff8d98473c800901e613492720; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:47 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5390
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:47 GMT
X-Firefox-Spdy: h2
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635694748&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
0 B URL browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635694748&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635694748&ext.intweb.msfpc=GUID%3Dc6e37433f7434aefb15a9527f71d7d45%26HASH%3Dc6e3%26LV%3D202312%26V%3D4%26LU%3D1701635677802&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 6145
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=c6e37433f7434aefb15a9527f71d7d45&HASH=c6e3&LV=202312&V=4&LU=1701635677802; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:49 GMT; Path=/;Secure; SameSite=None
MS0=d85d27c60cc34c98ad416827a22163f1; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:49 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5269
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:49 GMT
X-Firefox-Spdy: h2
code.yengo.com/sync?ssp=msn&id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
0 B URL GET code.yengo.com/sync?ssp=msn&id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent=
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?ssp=msn&id=0F42A7BCFF8E6D033159B460FE7B6CF3&gdpr=0&gdpr_consent= HTTP/1.1
Host: code.yengo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
www.msn.com/bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js
200 OK 92 kB URL GET HTTP/2 www.msn.com/bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash d0adad06e7f81b097894b3f9636548b9
7073b6c67897b0974c704da802f7b824eefc63ed
ba977bc5ca3698ce98222e90c8b12d0a79a671c38a10b75529a3ab4cc1fe913c
GET /bundles/v1/views/latest/web-worker.f9ccf6b42d8eab976879.js HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Cookie: _C_ETH=1; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, no-transform, max-age=31535892
content-length: 23791
content-type: application/javascript
content-encoding: br
content-md5: HZ+Eai0+2flE0ZZh3o8RGA==
last-modified: Fri, 01 Dec 2023 01:25:25 GMT
etag: 0x8DBF20C653BFDDF
vary: Origin
x-cache: TCP_HIT
x-ms-request-id: 71e1b0ac-001e-003d-70f5-23a2cc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.3.89,b=2356659887,c=g,n=SE_AB_STOCKHOLM,o=20940]
server-timing: clientrtt; dur=11, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.3.89
akamai-request-id: 8c77c6af
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.59034917.1701634260.8c77c6af
x-cid: 7
x-ccc: NO
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 747DC6B873EA437BA302005074E87C5B Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:25Z
date: Sun, 03 Dec 2023 20:34:24 GMT
X-Firefox-Spdy: h2
srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1-
204 No Content 0 B URL GET HTTP/2 srtb.msn.com/notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1-
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /notify/served?rid=e65b4727d45440a8a1a02bba701687c6&r=rectangle&i=2&p=webcompar&l=en-us&d=bing&b=firefox&a=9074482a-ac66-4432-a96c-48a2f62ce6d7&ii=1&c=1058593901729766746&bid=4e13d33b-732e-40b1-863c-797f9c5e77fc&tid=webcompar-rectangle-2&ptid=ar-rectangle-2&t=type.msft-content-card&dec=1- HTTP/1.1
Host: srtb.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: -1
x-content-type-options: nosniff
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6AFBA9D070B247EA835B7DEA966E8370 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:30Z
date: Sun, 03 Dec 2023 20:34:29 GMT
X-Firefox-Spdy: h2
assets.msn.com/service/community/users/me?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
200 OK 221 B URL GET HTTP/2 assets.msn.com/service/community/users/me?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 973ae47499991df81954b247accb3618
7dfd9ececefb2e6bbdf00c099f3ff01e2285583f
d337a8932b45c68a9d3514dcf4db19afd709c4f8cbe065f78cb64901fe4fa145
GET /service/community/users/me?version=1.1&profile=social&verify=false&market=en-us&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&ocid=social-peregrine&cm=en-us&it=web&user=m-0F42A7BCFF8E6D033159B460FE7B6CF3&wrapodata=false HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted,appUninstall
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-activityid: 656ce655-81b7-4221-80a0-9b9202132225
ddd-strategyexecutionlatency: 00:00:00.0002784
ddd-debugid: 656ce655-81b7-4221-80a0-9b9202132225|2023-12-03T20:34:29.1107313Z|fabric_community|NEU1|Community_8
onewebservicelatency: 2
x-msedge-responseinfo: 2
x-ceto-ref: 656ce655167a4499b82eb3bd48242c87|2023-12-03T20:34:29.105Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D350213AECC842ACB1D42F1EA09DBB64 Ref B: OSL30EDGE0407 Ref C: 2023-12-03T20:34:29Z
expires: Sun, 03 Dec 2023 20:34:29 GMT
date: Sun, 03 Dec 2023 20:34:29 GMT
content-length: 171
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569770415,c=g,n=NO__OSLO,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=7, clienttt; dur=69, origin; dur=59 , cdntime; dur=10
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cbaf
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
x-as-suppresssetcookie: 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cbaf
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=b04bb101-06ed-4b19-aa37-57515b5b12f6&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D881aab063c5045e0941b7c28847b01b1%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
303 See Other 0 B URL GET HTTP/3 www.bing.com/api/v1/mediation/tracking?adUnit=377474&auId=b04bb101-06ed-4b19-aa37-57515b5b12f6&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D881aab063c5045e0941b7c28847b01b1%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/mediation/tracking?adUnit=377474&auId=b04bb101-06ed-4b19-aa37-57515b5b12f6&bidId=15000&bidderId=4&cmExpId=LV2&oAdUnit=377474&publisherId=17160724&rId=5ad4efdb-8b14-47b9-9958-9527bf5b712d&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1%3F%26RG%3D881aab063c5045e0941b7c28847b01b1%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=webcompar-river-1&trafficGroup=zfa_hf_zretr_1&trafficSubGroup=1c_fp_nfgeb_pbzovar HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 303 See Other
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 152
content-type: text/html; charset=utf-8
expires: 0
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1?&RG=881aab063c5045e0941b7c28847b01b1&SNR=1&GV=2&med=10
vary: Origin
strict-transport-security: max-age=15724800; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D59471250C074AD0A9DC73EC53C1A141 Ref B: OSL30EDGE0118 Ref C: 2023-12-03T20:34:31Z
date: Sun, 03 Dec 2023 20:34:31 GMT
set-cookie: _EDGE_S=SID=198CBBAE2EC16501322DA8722F346414; path=/; httponly; domain=bing.com
MUIDB=31DE64B2864F61CA0C2E776E87BA60F2; path=/; httponly; expires=Fri, 27-Dec-2024 20:34:31 GMT
quic-version: 0x00000001
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635671.2b928f1
browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680003&w=0&anoncknm=anon&NoResponseBody=true
204 No Content 0 B URL POST HTTP/2 browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680003&w=0&anoncknm=anon&NoResponseBody=true
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.events.data.microsoft.com
FingerprintCC:07:04:12:C6:22:27:41:2C:7E:9E:06:35:A6:61:57:26:E6:B0:E0
ValidityTue, 19 Sep 2023 10:13:07 GMT - Fri, 13 Sep 2024 10:13:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1701635680003&w=0&anoncknm=anon&NoResponseBody=true HTTP/1.1
Host: browser.events.data.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 11000
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; adslrid=_; _C_ETH=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 204 No Content
content-length: 0
server: Microsoft-HTTPAPI/2.0
strict-transport-security: max-age=31536000
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
set-cookie: MC1=GUID=1292678fa7924187ace50574e21e30f3&HASH=1292&LV=202312&V=4&LU=1701635674615; Domain=.microsoft.com; Expires=Mon, 02 Dec 2024 20:34:34 GMT; Path=/;Secure; SameSite=None
MS0=f4c137545fbf40818d1c8c19ce9a68bb; Domain=.microsoft.com; Expires=Sun, 03 Dec 2023 21:04:34 GMT; Path=/;Secure; SameSite=None
time-delta-millis: -5388
access-control-allow-headers: P3P,Set-Cookie,time-delta-millis
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: time-delta-millis
date: Sun, 03 Dec 2023 20:34:34 GMT
X-Firefox-Spdy: h2
assets.msn.com/bundles/v1/views/latest/node_modules_video_js_dist_video_es_js.ddd2b3f02fc3604c4c32.js
200 OK 594 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/node_modules_video_js_dist_video_es_js.ddd2b3f02fc3604c4c32.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Size 594 kB (594144 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/v1/views/latest/node_modules_video_js_dist_video_es_js.ddd2b3f02fc3604c4c32.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 138016
content-md5: 7BeKKBwv3aZju+s8M/1qFQ==
last-modified: Sat, 18 Nov 2023 00:15:19 GMT
etag: 0x8DBE7CB729861D0
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 6ca88ca2-f01e-0024-7938-1cc4c6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:29 GMT
akamai-request-bc: [a=95.101.10.166,b=1569771692,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90d0ac
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90d0ac
vary: Origin
X-Firefox-Spdy: h2
www.bing.com/th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0.1625&roit=0&roir=0.8375&roib=1&w=300&h=157&dynsize=1&qlt=90
200 OK 11 kB URL GET HTTP/2 www.bing.com/th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0.1625&roit=0&roir=0.8375&roib=1&w=300&h=157&dynsize=1&qlt=90
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectr.bing.com
Fingerprint23:E0:B1:D9:C5:02:8F:FE:35:CB:2A:E6:86:20:A8:83:F8:82:34:9B
ValidityWed, 18 Oct 2023 20:32:40 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3\012- data
Hash 3c275671747be7729e4d69be52df3bfe
e68c3bb350c74e7ef78adc84afe1ced709b25af9
05284ba010a86bd6dee7c7f2b25366053b43f74fde21ac88e1f802040acb3fc1
GET /th?id=OADD2.9964441920593_1F9MI44F59DUJVEVKM&pid=21.2&c=16&roil=0.1625&roit=0&roir=0.8375&roib=1&w=300&h=157&dynsize=1&qlt=90 HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Cookie: MUID=31DE64B2864F61CA0C2E776E87BA60F2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 10723
date: Sun, 03 Dec 2023 20:34:30 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.b50a655f.1701635670.2b9209d
X-Firefox-Spdy: h2
www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
200 OK 40 kB URL User Request GET HTTP/2 www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (31141), with CRLF line terminators
Hash dc1b4b0cdbbc1f6aad7c3fee0ecf9323
b6a49c80cd63b1af2a5a599024650366150f9118
7607f8290fe2490c481f0bbbd62bf8e103feddedb7b64b2080247de2f19169e7
GET /en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: no-store, no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
USRLOC=; expires=Wed, 03 Dec 2025 20:34:25 GMT; domain=.msn.com; path=/; secure; samesite=none; httponly
MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27 Dec 2024 20:34:25 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; expires=Fri, 27 Dec 2024 20:34:25 GMT; path=/; httponly
_EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:25 GMT; domain=.msn.com; path=/; httponly
access-control-allow-methods: HEAD,GET,OPTIONS
content-security-policy: block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample';
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-ua-compatible: IE=Edge;chrome=1
x-fabric-cluster: pmeprodneu
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]},{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://deff.nelreports.net/api/report"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.5}
x-ceto-ref: E65B4727D45440A8A1A02BBA701687C6|2023-12-03T20:34:25.176Z
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E65B4727D45440A8A1A02BBA701687C6 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:25Z
date: Sun, 03 Dec 2023 20:34:24 GMT
X-Firefox-Spdy: h2
prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Manifest(aac_eng_2_96115_2_1,format=m3u8-aapl)
200 OK 605 B URL GET HTTP/1.1 prod-streaming-video-msn-com.akamaized.net/4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Manifest(aac_eng_2_96115_2_1,format=m3u8-aapl)
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type M3U playlist, ASCII text, with very long lines (641), with no line terminators
Hash 6b5ee5c53a972bc265927eeb611e55e3
b068f9d706ae46ec7a444ac935c4e2bf0dae69af
4e6a577eb15e9ade605e5fb47aea7b4c5d9e4efddf738dc30cd14d823e901deb
GET /4904e50c-d7d7-4c56-bb6c-f9a4c983fed6/1cec65bb-fe45-45c9-909f-1a2f934b.ism/QualityLevels(96115)/Manifest(aac_eng_2_96115_2_1,format=m3u8-aapl) HTTP/1.1
Host: prod-streaming-video-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Pragma: IISMS/6.0,IIS Media Services Premium by Microsoft
Content-Type: application/vnd.apple.mpegurl
Content-Encoding: gzip
ETag: "0x8DBF4365A85B879"
Server: Microsoft-IIS/10.0 IISMS/6.0
x-ms-streaming-duration: 0
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Content-Length: 384
Cache-Control: max-age=2591960
Expires: Tue, 02 Jan 2024 20:33:55 GMT
Date: Sun, 03 Dec 2023 20:34:35 GMT
Connection: keep-alive
Vary: Accept-Encoding
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
assets.msn.com/bundles/v1/views/latest/libs_ad-service_dist_BeaconService_js.509b6d4194556c3bf5c7.js
200 OK 36 kB URL GET HTTP/2 assets.msn.com/bundles/v1/views/latest/libs_ad-service_dist_BeaconService_js.509b6d4194556c3bf5c7.js
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type ASCII text, with very long lines (36334), with no line terminators
Hash de907ca0f18db336d4c912968bc89575
d4b9aadddf87bc0d93e69c56d291466b95ebf449
4491013da584105187c3453ac37116c16c61cf21c2278cac6634b5f443c0ba48
GET /bundles/v1/views/latest/libs_ad-service_dist_BeaconService_js.509b6d4194556c3bf5c7.js HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 10033
content-md5: FP8urrwWKEFRiDeKZ0U46w==
last-modified: Sat, 18 Nov 2023 00:15:25 GMT
etag: 0x8DBE7CB7685E9EE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 2da24adc-701e-0064-65c9-223864000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
content-encoding: br
date: Sun, 03 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767212,c=g,n=NO__OSLO,o=20940]
server-timing: clientrtt; dur=1, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
content-type: application/javascript
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf2c
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
cache-control: public, no-transform, max-age=31535892
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf2c
vary: Origin
X-Firefox-Spdy: h2
img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=768&h=432&m=6
200 OK 131 kB URL GET HTTP/2 img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13Cb9d.img?w=768&h=432&m=6
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 768x432, components 3\012- data
Size 131 kB (131072 bytes)
Hash a5e559eed85935ac30e0c80e5a9c303a
701ade832593d74bd3ed5dec2c2c13ae48dfd694
2be40c1109e0ab1887be88783e70e38aac6f50e3b4ce917b4a42faa9b2bec565
GET /tenant/amp/entityid/AA13Cb9d.img?w=768&h=432&m=6 HTTP/1.1
Host: img-s-msn-com.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
access-control-allow-origin: *
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13Cb9d?w=768&h=432&m=6
last-modified: Sun, 03 Dec 2023 20:34:27 GMT
x-source-length: 115451
x-datacenter: eastap
x-activityid: 9c4e396a-546d-49bb-82a2-a6586a19d3c9
timing-allow-origin: *
x-frame-options: DENY
x-resizerversion: 1.0
cache-control: public, max-age=432000
expires: Fri, 08 Dec 2023 20:34:28 GMT
date: Sun, 03 Dec 2023 20:34:28 GMT
X-Firefox-Spdy: h2
assets.msn.com/serviceak/news/feed/pages/viewspage?activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&timeOut=3000&ocid=winp1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&ContentId=AA1kQbHZ&cm=en-us&User=m-0F42A7BCFF8E6D033159B460FE7B6CF3&%24skip=3&scrollContentCount=4
200 OK 124 kB URL GET HTTP/2 assets.msn.com/serviceak/news/feed/pages/viewspage?activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&timeOut=3000&ocid=winp1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&ContentId=AA1kQbHZ&cm=en-us&User=m-0F42A7BCFF8E6D033159B460FE7B6CF3&%24skip=3&scrollContentCount=4
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Size 124 kB (123694 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /serviceak/news/feed/pages/viewspage?activityId=E65B4727-D454-40A8-A1A0-2BBA701687C6&timeOut=3000&ocid=winp1&apikey=0QfOX3Vn51YCzitbLaRkTTBadtWpgTN8NZLW0C1SEM&ContentId=AA1kQbHZ&cm=en-us&User=m-0F42A7BCFF8E6D033159B460FE7B6CF3&%24skip=3&scrollContentCount=4 HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Cookie: _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; adslrid=_
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-origin: https://www.msn.com
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
content-encoding: gzip
ddd-authenticatedwithjwtflow: False
ddd-usertype: AnonymousMuid
ddd-tmpl: ConsumptionRanking:AA1kQbHZ;XFeed;UsingClientIpUserProfile:1;BingRecoCode:Success;ConsumptionIMArticleNegUser:0;ConsumptionSageUserStatus:0_0_0_0;HasClientIpUserProfile:1;ConsumptionReaderScore:0;WasRecoNewUser:1;PageViewCount0;RR:0;TSv3:1;ULatLon0:0;ColdUserHist_0;NotTPUser
ddd-featureset: 0,Msn.OneDataService.Search.FeatureTracker.Models.NewsFeedFeature:QgAA;
ddd-activityid: 656ce653-d2fc-45e7-a252-03d44dcf72b2
ddd-strategyexecutionlatency: 00:00:00.2337269
ddd-debugid: 656ce653-d2fc-45e7-a252-03d44dcf72b2|2023-12-03T20:34:27.5676995Z|fabric_msn|NEU1|News_51
onewebservicelatency: 235
x-msedge-responseinfo: 235
x-ceto-ref: 656ce653e2064d62b9d64beb93b0edfc|2023-12-03T20:34:27.328Z
expires: Sun, 03 Dec 2023 20:34:27 GMT
date: Sun, 03 Dec 2023 20:34:27 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=; expires=Sat, 02 Dec 2023 20:34:27 GMT
akamai-request-bc: [a=95.101.10.166,b=1569767205,c=g,n=NO__OSLO,o=20940],[a=20.166.136.152,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=276, origin; dur=276 , cdntime; dur=0
akamai-cache-status: NotCacheable from child
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90bf25
x-as-suppresssetcookie: 1, 1
cache-control: private, max-age=0
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635667.5d90bf25
vary: Origin
X-Firefox-Spdy: h2
www.msn.com/staticsb/statics/latest/auth/auth-redirect-blank.html
200 OK 102 B URL GET HTTP/2 www.msn.com/staticsb/statics/latest/auth/auth-redirect-blank.html
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash bcb10412298e5bcfe6b04d0dbb6780b6
98e15d849da717c5fe2191c4d57c421754fdfa7b
ac4846d8c46610a6d1338345d611f0c4c93db4c2e99dfeb829a5d7d4a75975bb
GET /staticsb/statics/latest/auth/auth-redirect-blank.html HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.microsoftonline.com/
DNT: 1
Connection: keep-alive
Cookie: USRLOC=; MUID=31DE64B2864F61CA0C2E776E87BA60F2; MicrosoftApplicationsTelemetryDeviceId=d514f282-300c-435d-b1c6-8e6420446b00; ai_session=gu5SVaXIAfSANfBNs/NCR7|1701635672570|1701635672570
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, max-age=31536000
content-length: 98
content-type: text/html
content-encoding: gzip
content-md5: gjos0l3v/GDR/S2vt1pPkw==
last-modified: Fri, 01 Dec 2023 07:17:07 GMT
etag: 0x8DBF23D86E2709B
vary: Origin
x-ms-request-id: b76272e6-301e-0025-0b7a-243acb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
akamai-request-bc: [a=23.73.3.89,b=2364693939,c=g,n=SE_AB_STOCKHOLM,o=20940]
server-timing: clientrtt; dur=11, clienttt; dur=0, origin; dur=0 , cdntime; dur=0
akamai-cache-status: Hit from child
akamai-server-ip: 23.73.3.89
akamai-request-id: 8cf25db3
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
timing-allow-origin: *
akamai-grn: 0.59034917.1701635673.8cf25db3
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3F08C30636084392B0EF142DD4434871 Ref B: OSL30EDGE0112 Ref C: 2023-12-03T20:34:33Z
date: Sun, 03 Dec 2023 20:34:32 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/me/mecache?partner=msnews&wreply=https%3A%2F%2Fwww.msn.com
200 OK 3.4 kB URL GET HTTP/2 mem.gfx.ms/me/mecache?partner=msnews&wreply=https%3A%2F%2Fwww.msn.com
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3521), with no line terminators
Hash a739368a8fc9aff2a224fda877e9dac3
c685866812b222238c1f1db880e7b86f09cf05ad
648d253cba0753bd4acd2217a5d6a07633a99154b2e02fd8e9fa27aaee74f409
GET /me/mecache?partner=msnews&wreply=https%3A%2F%2Fwww.msn.com HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cache-control: public, no-transform, max-age=43200
content-type: text/html; charset=utf-8
content-encoding: br
expires: Sun, 03 Dec 2023 21:06:12 GMT
x-cache: TCP_HIT
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://www.msn.com;
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0BEVsZQAAAADdRcYzfnRbTIEcguOLda/1QU1TMDRFREdFMTkwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0WuZsZQAAAACXiNhKE6jmQ6uxjvBN5+kbU1ZHMjBFREdFMDYwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Sun, 03 Dec 2023 20:34:34 GMT
X-Firefox-Spdy: h2
assets.msn.com/content/view/v2/Detail/en-us/AA17OofU
200 OK 10 kB URL GET HTTP/2 assets.msn.com/content/view/v2/Detail/en-us/AA17OofU
IP
ASN #20940 Akamai International B.V.
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectassets.msn.com
FingerprintD2:49:8D:0A:5B:1A:88:10:F9:95:1D:61:B3:13:55:46:77:A5:8D:B4
ValidityTue, 25 Jul 2023 19:29:13 GMT - Thu, 27 Jun 2024 23:59:59 GMT
File type HTML document text\012- troff or preprocessor input, Unicode text, UTF-8 text, with very long lines (10759), with no line terminators
Hash 300f1ef3b608d90ed9cf9ffb3fb8cd81
2a59eb5203d03eec2394a13cb37051430c0a6fa1
5aecf4eb63777e04d0b28dab1df757a0c341e04e1aaea99b540d9cc31b2b4bab
GET /content/view/v2/Detail/en-us/AA17OofU HTTP/1.1
Host: assets.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.msn.com/
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-encoding: gzip
access-control-allow-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
access-control-expose-headers: TicketType,RequestContinuationKey,AuthToken,Content-Type,x-client-activityid,ms-cv,OneSvc-Uni-Feat-Tun,signedInCookieName,muid,appid,User-Location,user-location,userauthtoken,usertickettype,sitename,s2sauthtoken,thumbprint,Authorization,Ent-Authorization,UserIdToken,DDD-TMPL,DDD-ActivityId,DDD-FeatureSet,DDD-Session-ID,Date,date,ads-referer,ads-referer,taboola-sessionId,taboola-sessionid,Akamai-Request-ID,Akamai-Server-IP,X-MSEdge-Ref,DDD-DebugId,s-xbox-token,OneWebServiceLatency,X-FD-Features,DDD-UserType,traceparent,Widgets,Muted
ddd-authenticatedwithjwtflow: False
ddd-usertype: Unknown
ddd-debugid: 656ce655-dbea-469a-9fa0-963649919a1e|2023-12-03T20:34:29.6427300Z|fabric_msn|EUS1|News_110
onewebservicelatency: 3
x-msedge-responseinfo: 3
x-ceto-ref: 656ce655f0954e41a013893755331968|2023-12-03T20:34:29.635Z
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-length: 4505
date: Sun, 03 Dec 2023 20:34:29 GMT
set-cookie: _C_ETH=1; domain=.msn.com; path=/; secure; httponly
_C_Auth=
MUID=1F4D09A5A33464992BC11A79A222652C; expires=Fri, 27 Dec 2024 20:34:29 GMT; domain=.msn.com; path=/; secure; samesite=none
MUIDB=1F4D09A5A33464992BC11A79A222652C; expires=Fri, 27 Dec 2024 20:34:29 GMT; path=/; httponly
_EDGE_S=F=1&SID=3CDE0BE53C7060FD09A218393D666136; domain=.msn.com; path=/; httponly
_EDGE_V=1; expires=Fri, 27 Dec 2024 20:34:29 GMT; domain=.msn.com; path=/; httponly
akamai-request-bc: [a=95.101.10.166,b=1569771289,c=g,n=NO__OSLO,o=20940],[c=c,n=SE_AB_STOCKHOLM,o=20940],[a=204.79.197.203,c=o]
server-timing: clientrtt; dur=1, clienttt; dur=139, origin; dur=0 , cdntime; dur=139
akamai-cache-status: Miss from child, Miss from parent
akamai-server-ip: 95.101.10.166
akamai-request-id: 5d90cf19
access-control-allow-methods: PUT,PATCH,POST,GET,OPTIONS,DELETE
access-control-allow-credentials: true
access-control-allow-origin: https://www.msn.com
cache-control: public, max-age=60
x-as-suppresssetcookie: 1
timing-allow-origin: *
akamai-grn: 0.a60a655f.1701635669.5d90cf19
vary: Origin
X-Firefox-Spdy: h2
www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/fast-e4tngb%7Bfast-e4tngb-2499%7Dfast-e4tngb
0 B URL GET www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/fast-e4tngb%7Bfast-e4tngb-2499%7Dfast-e4tngb
IP
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subject*.msn.com
Fingerprint18:36:A0:D6:0E:15:7A:D8:23:26:F3:20:FF:F0:5F:EE:1F:67:73:7F
ValidityFri, 11 Aug 2023 22:44:21 GMT - Thu, 27 Jun 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/fast-e4tngb%7Bfast-e4tngb-2499%7Dfast-e4tngb HTTP/1.1
Host: www.msn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Cookie: _C_Auth=; USRLOC=; MUID=0F42A7BCFF8E6D033159B460FE7B6CF3; MUIDB=0F42A7BCFF8E6D033159B460FE7B6CF3; _EDGE_S=F=1&SID=086B9ECD101465632F0C8D11110F6407; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=d514f282-300c-435d-b1c6-8e6420446b00; adslrid=_; ai_session=gu5SVaXIAfSANfBNs/NCR7|1701635672570|1701635672570; _C_ETH=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js
200 OK 181 kB URL GET HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 181 kB (181223 bytes)
Hash 9839b66d7c986a67a821e7b3783bdf69
4f356c1a92358156486ee50921fe4c728f6d0eac
fa334c1e3766c50298f83ee32aed20fcd0978230350837dc7cb9115d096a7167
GET /scripts/me/MeControl/10.23271.5/en-US/meBoot.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Tue, 10 Oct 2023 21:40:52 GMT
etag: "1d9fbfd1d3fa1e7"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0VTJrZQAAAABKWos/+KwbToYv3X5T8DBmQU1TMDRFREdFMTgxMQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0WuZsZQAAAAD1BxH8zYNDSZdBheLAqTLEU1ZHMjBFREdFMDYwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Sun, 03 Dec 2023 20:34:34 GMT
X-Firefox-Spdy: h2
mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meCore.min.js
200 OK 101 kB URL GET HTTP/2 mem.gfx.ms/scripts/me/MeControl/10.23271.5/en-US/meCore.min.js
IP
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://www.msn.com/en-us/money/other/this-sneaky-new-android-malware-can-hide-in-plain-sight-and-its-all-thanks-to-virtualization/ar-AA1kQbHZ
Certificate IssuerMicrosoft Corporation
Subjectidentitycdn.msauth.net
Fingerprint35:07:0F:A2:57:03:9D:87:1C:4A:44:52:5D:35:DF:30:45:0E:A9:F6
ValidityMon, 23 Oct 2023 22:07:15 GMT - Thu, 17 Oct 2024 22:07:15 GMT
File type ASCII text, with very long lines (34235), with CRLF, LF line terminators
Size 101 kB (100769 bytes)
Hash 6fe3dd83a0d98bc1977f57ea33c37693
8df606f40e4cc8c07ce929d5a82fd5304eaf4eb7
a5268a183f2a091d2d17773997e89a25fc45cbd60e586edf61f544fb85d6f6a8
GET /scripts/me/MeControl/10.23271.5/en-US/meCore.min.js HTTP/1.1
Host: mem.gfx.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.msn.com
DNT: 1
Connection: keep-alive
Referer: https://www.msn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
last-modified: Wed, 15 Nov 2023 22:13:40 GMT
etag: "1da18540ae44ba1"
x-cache: TCP_HIT
x-content-type-options: nosniff
access-control-allow-origin: *
x-ua-compatible: IE=edge
strict-transport-security: max-age=31536000; includeSubDomains
x-azure-ref-originshield: 0dsVsZQAAAACkoky0KvVQSpGW2CnsK7uAQU1TMDRFREdFMTkwOQBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
x-azure-ref: 0WuZsZQAAAACBvfs6MqkNSZ0juD7roB/PU1ZHMjBFREdFMDYwNwBlYWM1ZjQ5Zi1lMDJkLTRmNDEtYjBhNi0yZDUwZjlmY2Y4NGE=
date: Sun, 03 Dec 2023 20:34:34 GMT
X-Firefox-Spdy: h2
204.79.197.203
51.105.71.136
35.213.89.133
23.218.92.90
20.190.177.19
95.101.10.185
0.0.0.0
20.31.169.57
0.0.0.0