hxxps://medquizzes[.]net/#1d39db5fa-388b-441d-ae9f-981813840294

Analysis

max time kernel
67s
max time network
152s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31/01/2023, 10:42 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://medquizzes.net/#1d39db5fa-388b-441d-ae9f-981813840294

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 57 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\Total = "26"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\ = "16639"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\Total = "16762"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16762"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\ = "16762"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\ = "26"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cef44b0a7fb6944ab93e9df376c3bfc0000000002000000000010660000000100002000000024807b7982e0633c2b94dcbffc3e86de67f990edd6441d1317def64b05d6a5bc000000000e80000000020000200000003b12ad01cec9cb2899034856fc4bd4f1af90b02dcdd652d99bcec546ff5f432f200000001ece308d37ddb962d69834f63528d534e28a8c1487fbcafb193320e4d75609074000000098decd7f3c033ed3dc05b5d2180abc1205105f6b529324ee73a5665bdfc70f85660ae9eb5c62be74f145b992df98b6a67fcb5c30cd773ff2e32219a0764ee2a8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002cef44b0a7fb6944ab93e9df376c3bfc00000000020000000000106600000001000020000000a9e51456f7d3df71f609b191d48891307ef6d6efbda0e48d6f67e10152c14cde000000000e8000000002000020000000fe8056baec3dddd2d3a341b1ee00cea4b8d1c3eeeda01302aca9e60a48634f2090000000f8d63e0fe07ef8888d5dd7b654f1fb178a560a353c797877f74b15e698ed0bf92cdb123859e23cfd109af3dcb34658881bc25fa928244d5378fc2a8efb8b6006803634d0db859508432622a2f488a46a78f526d7c921b5bf8ae872adefc3eb2cf18f88b558084de8981b877bb026c1c70153c61c6258684c1d9cc7ded540c5c57a1cfa2f40a60f99005fffaea75cc55a40000000bc54dbfc881292852917ca5bfd78f460ed7a481972f09660b5acc3775004913d2cb64239d7a7ef83145ea26b08c958c8207117202245e7a21f983aaf9d33e63b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381930334"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16723"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\Total = "58"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\ = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\Total = "16639"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CD59DC1-A15C-11ED-8B55-6651945CA213} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "58"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\ = "16723"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\Total = "16723"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16639"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a03cd73b6935d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\medquizzes.net\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "26"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1920	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1920	iexplore.exe
1920	iexplore.exe
2044	IEXPLORE.EXE
2044	IEXPLORE.EXE
2044	IEXPLORE.EXE
2044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2044	1920	iexplore.exe	29
PID 1920 wrote to memory of 2044	1920	iexplore.exe	29
PID 1920 wrote to memory of 2044	1920	iexplore.exe	29
PID 1920 wrote to memory of 2044	1920	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://medquizzes.net/#1d39db5fa-388b-441d-ae9f-981813840294
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2044

Network

DNS

medquizzes.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

medquizzes.net

IN A

Response

medquizzes.net

IN A

172.96.185.219
GET

https://medquizzes.net/

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
link: <https://medquizzes.net/wp-json/>; rel="https://api.w.org/"
etag: "40520-1675155821;gz"
x-litespeed-cache: hit
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Tue, 31 Jan 2023 10:42:50 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/plugins/wp-quiz-pro/assets/frontend/css/wp-quiz.css?ver=2.1.7

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/wp-quiz-pro/assets/frontend/css/wp-quiz.css?ver=2.1.7 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Mon, 22 Feb 2021 07:21:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 9740
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/css/weather-icon.swap.css?ver=2.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/css/weather-icon.swap.css?ver=2.0 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 484
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/js/libs-script.min.js?ver=7.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/js/libs-script.min.js?ver=7.7.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 55425
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/images/searchsubmit.png

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/images/searchsubmit.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.843146960.1675165370; _gid=GA1.2.1614341284.1675165370; _gat=1

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:54 GMT
content-type: image/png
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-length: 279
date: Tue, 31 Jan 2023 10:42:54 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/mtouch-quiz/mtq_core_style.css?ver=3.1.3

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/mtouch-quiz/mtq_core_style.css?ver=3.1.3 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:50 GMT
content-type: text/css
last-modified: Thu, 06 May 2021 16:10:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 2171
date: Tue, 31 Jan 2023 10:42:50 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/plugins/mtouch-quiz/mtq_theme_style.css?ver=3.1.3

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/mtouch-quiz/mtq_theme_style.css?ver=3.1.3 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Thu, 06 May 2021 16:10:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3582
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 02:23:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1040
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/wp-quiz-pro/assets/frontend/css/animate.css?ver=3.6.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/wp-quiz-pro/assets/frontend/css/animate.css?ver=3.6.0 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Mon, 22 Feb 2021 07:21:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 6527
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: text/css
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 7762
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 02:23:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4238
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/images/penci-holder.png

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/images/penci-holder.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: image/png
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-length: 125
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.25.153

a1952.dscq.akamai.net

IN A

88.221.25.169
DNS

apps.identrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

88.221.25.169

a1952.dscq.akamai.net

IN A

88.221.25.153
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

88.221.25.153:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT
ETag: "37d-5f2b652c27a80"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 31 Jan 2023 11:42:49 GMT
Date: Tue, 31 Jan 2023 10:42:49 GMT
Connection: keep-alive
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

IEXPLORE.EXE

Remote address:

88.221.25.169:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT
ETag: "37d-5f2b652c27a80"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Tue, 31 Jan 2023 11:42:49 GMT
Date: Tue, 31 Jan 2023 10:42:49 GMT
Connection: keep-alive
GET

https://medquizzes.net/wp-content/themes/soledad/js/main.js?ver=7.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/js/main.js?ver=7.7.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12934
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/themes/soledad-child/style.css?ver=7.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad-child/style.css?ver=7.7.0 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: text/css
last-modified: Sun, 04 Apr 2021 02:57:55 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 204
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/themes/soledad/js/post-like.js?ver=7.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/js/post-like.js?ver=7.7.0 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 488
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/mtouch-quiz/script.js?ver=3.1.3

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/mtouch-quiz/script.js?ver=3.1.3 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Thu, 06 May 2021 16:10:49 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10120
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 02:24:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3247
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:51 GMT
content-type: application/javascript
last-modified: Fri, 27 May 2022 08:04:04 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 5712
date: Tue, 31 Jan 2023 10:42:51 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 02:23:47 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3200
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=8767d0da914b289bd862

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=8767d0da914b289bd862 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 02:24:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1044
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
DNS

c0.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

c0.wp.com

IN A

Response

c0.wp.com

IN A

192.0.77.37
GET

https://c0.wp.com/c/6.0.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /c/6.0.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:51 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:51 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /p/jetpack/11.5.1/css/jetpack.css HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 25 Oct 2022 13:51:34 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:52 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/c/6.0.3/wp-includes/css/dist/block-library/style.min.css

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /c/6.0.3/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:51 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 04 Jul 2022 12:10:37 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:51 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/c/6.0.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /c/6.0.3/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:52 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/p/jetpack/11.5.1/_inc/build/photon/photon.min.js

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /p/jetpack/11.5.1/_inc/build/photon/photon.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 07 Dec 2021 16:56:47 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:52 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery.min.js

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /c/6.0.3/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:52 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 1
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery-migrate.min.js

IEXPLORE.EXE

Remote address:

192.0.77.37:443

Request

GET /c/6.0.3/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Content-Encoding: gzip
Expires: Wed, 31 Jan 2024 10:42:52 GMT
Cache-Control: max-age=31536000
Strict-Transport-Security: max-age=15552000
X-nc: HIT ams 2
Timing-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Allow-Origin: *
GET

https://medquizzes.net/wp-content/themes/soledad/style.css?ver=6.0.3

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/style.css?ver=6.0.3 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: text/css
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 424
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/uploads/2021/04/logo300x100.png

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/uploads/2021/04/logo300x100.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: image/png
last-modified: Sun, 04 Apr 2021 03:16:58 GMT
accept-ranges: bytes
content-length: 8524
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
GET

https://medquizzes.net/wp-content/themes/soledad/main.css?ver=7.7.0

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/main.css?ver=7.7.0 HTTP/1.1
Accept: text/css, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Tue, 07 Feb 2023 10:42:52 GMT
content-type: text/css
last-modified: Sun, 04 Apr 2021 02:57:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 132923
date: Tue, 31 Jan 2023 10:42:52 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET

https://medquizzes.net/wp-content/themes/soledad/fonts/fontawesome-webfont.eot?

IEXPLORE.EXE

Remote address:

172.96.185.219:443

Request

GET /wp-content/themes/soledad/fonts/fontawesome-webfont.eot? HTTP/1.1
Accept: */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Origin: https://medquizzes.net
Accept-Encoding: gzip, deflate
Host: medquizzes.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.843146960.1675165370; _gid=GA1.2.1614341284.1675165370; _gat=1

Response

HTTP/1.1 200 OK

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: application/vnd.ms-fontobject
last-modified: Sun, 04 Apr 2021 02:57:22 GMT
accept-ranges: bytes
content-length: 165742
date: Tue, 31 Jan 2023 10:42:53 GMT
server: LiteSpeed
DNS

i0.wp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

i0.wp.com

IN A

Response

i0.wp.com

IN A

192.0.77.2
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2021/04/logo300x100y.png?resize=300%2C100&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2021/04/logo300x100y.png?resize=300%2C100&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:52 GMT
Content-Type: image/png
Content-Length: 3566
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:42:49 GMT
Expires: Thu, 30 Jan 2025 22:42:49 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2021/04/logo300x100y.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "476a0e53c010a709"
X-Bytes-Saved: 4362
Vary: Accept
X-nc: HIT ams 5
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2021/07/cropped-logo2ok.png?fit=32%2C32&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2021/07/cropped-logo2ok.png?fit=32%2C32&ssl=1 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:58 GMT
Content-Type: image/png
Content-Length: 1382
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:42:58 GMT
Expires: Thu, 30 Jan 2025 22:42:58 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2021/07/cropped-logo2ok.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "903b4af21de68881"
X-Bytes-Saved: 190
Vary: Accept
X-nc: MISS ams 8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/09/Skin-manifestations-in-medical-disorders.png?resize=585%2C340&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2022/09/Skin-manifestations-in-medical-disorders.png?resize=585%2C340&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:58 GMT
Content-Type: image/png
Content-Length: 12159
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:42:58 GMT
Expires: Thu, 30 Jan 2025 22:42:58 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2022/09/Skin-manifestations-in-medical-disorders.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "d50a5b8971a94d0f"
X-Bytes-Saved: 19935
Vary: Accept
X-nc: MISS ams 8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2023/01/HORMONE-METABOLISM.png?resize=585%2C340&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2023/01/HORMONE-METABOLISM.png?resize=585%2C340&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:43:08 GMT
Content-Type: image/png
Content-Length: 10269
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:43:08 GMT
Expires: Thu, 30 Jan 2025 22:43:08 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2023/01/HORMONE-METABOLISM.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "ee3daf9d380aa036"
X-Bytes-Saved: 17644
Vary: Accept
X-nc: MISS ams 4
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/12/MINERAL-METABOLISM.png?resize=585%2C340&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2022/12/MINERAL-METABOLISM.png?resize=585%2C340&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:43:16 GMT
Content-Type: image/png
Content-Length: 13486
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:43:16 GMT
Expires: Thu, 30 Jan 2025 22:43:16 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2022/12/MINERAL-METABOLISM.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "f687b6b6fd0d7eca"
X-Bytes-Saved: 24267
Vary: Accept
X-nc: MISS ams 4
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/12/ENZYMES.png?resize=585%2C341&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2022/12/ENZYMES.png?resize=585%2C341&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:58 GMT
Content-Type: image/png
Content-Length: 8694
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 06:32:55 GMT
Expires: Thu, 30 Jan 2025 18:32:55 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2022/12/ENZYMES.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "4770121e06f4fa83"
X-Bytes-Saved: 15670
Vary: Accept
X-nc: HIT ams 4
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
GET

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/10/CARBOHYDRATES-AND-CARBOHYDRATE-METABOLISM.png?resize=585%2C342&ssl=1

IEXPLORE.EXE

Remote address:

192.0.77.2:443

Request

GET /medquizzes.net/wp-content/uploads/2022/10/CARBOHYDRATES-AND-CARBOHYDRATE-METABOLISM.png?resize=585%2C342&ssl=1 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: i0.wp.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Date: Tue, 31 Jan 2023 10:42:58 GMT
Content-Type: image/png
Content-Length: 12922
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 10:42:58 GMT
Expires: Thu, 30 Jan 2025 22:42:58 GMT
Cache-Control: public, max-age=63115200
Link: <https://medquizzes.net/wp-content/uploads/2022/10/CARBOHYDRATES-AND-CARBOHYDRATE-METABOLISM.png>; rel="canonical"
X-Content-Type-Options: nosniff
ETag: "2ff7bcbec9591b96"
X-Bytes-Saved: 21397
Vary: Accept
X-nc: MISS ams 8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Timing-Allow-Origin: *
DNS

googleads.g.doubleclick.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.179.194
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:54 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=Cbx7SrvDYY4OhGsONxdwPxJSZ2A-SvYjebqPBk7meEdnZHhABIOaEpipgye7thoCAoBmgAY_Htb8CyAEBqQJpVQ5ZeFlKPqgDAcgDwwSqBOkBT9CmEtRfq7T6LGOcQp7f8E_NPs6A2GKmk-b3PSf7ks4nuAdGi1A37-d04RIOEjdsNwI1A-ypQzfLXEPJZ_qgVW_vdConHakbDouiK7lKyxdOYgdRLT1EmDPI-2VFna1_ZdawwAB0YZMYTA-avpTio_Yg55aBJ0PsmRb7HiI6BwhjWOFsI3R90CBys_aTSsq4i3EhvgKR_JNsL0J_R2tPhdGysyLAflnQAloN1BU8jQKhg9wIdTNfBAo3QPT8YrvT8xkG85Llm0idz0vQHrgcO_jAK4PojJO9Ci9hiHxwHUqoh_U8Vc2m6D_ABNb-vNuNBJIFBAgEGAGSBQQIBRgEoAZmgAfZuMrAAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEP2MEdIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDIgUEdAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=apwauNFAzSU&uach_m=[UACH]&cid=CAQSGwDUE5ymgmG9E174JP0-oDuJ2JQR2DQBrG7HTxgBIBM

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=Cbx7SrvDYY4OhGsONxdwPxJSZ2A-SvYjebqPBk7meEdnZHhABIOaEpipgye7thoCAoBmgAY_Htb8CyAEBqQJpVQ5ZeFlKPqgDAcgDwwSqBOkBT9CmEtRfq7T6LGOcQp7f8E_NPs6A2GKmk-b3PSf7ks4nuAdGi1A37-d04RIOEjdsNwI1A-ypQzfLXEPJZ_qgVW_vdConHakbDouiK7lKyxdOYgdRLT1EmDPI-2VFna1_ZdawwAB0YZMYTA-avpTio_Yg55aBJ0PsmRb7HiI6BwhjWOFsI3R90CBys_aTSsq4i3EhvgKR_JNsL0J_R2tPhdGysyLAflnQAloN1BU8jQKhg9wIdTNfBAo3QPT8YrvT8xkG85Llm0idz0vQHrgcO_jAK4PojJO9Ci9hiHxwHUqoh_U8Vc2m6D_ABNb-vNuNBJIFBAgEGAGSBQQIBRgEoAZmgAfZuMrAAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEP2MEdIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDIgUEdAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=apwauNFAzSU&uach_m=[UACH]&cid=CAQSGwDUE5ymgmG9E174JP0-oDuJ2JQR2DQBrG7HTxgBIBM HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:55 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:55 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/drt/s?v=r20120211 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 145
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 10:21:51 GMT
Cache-Control: public, max-age=3600
Content-Type: text/html; charset=UTF-8
Age: 1264
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:56 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:56 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=Ctq7lr_DYY8OpKZODxdwPm7CHaIa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9CQQJ-tmqZ5iI4xOANwHbl7BOcxXmcyTknpkfnmBpjhzOI6lk5UM02rPp-bcxb3hDIu7ike7m35B_KnnZtDan07IxSxc1EDTCkvgtgQ_63iiA27XP4i_K2Az7Zp02lQMPGdJ_12NCB0whMvuxpCheKhHgIqFzkuDhm6IDovz_hHA8E4Azf4Uan5JZE1ICdoV2SOsJW9sA4QIsAusK2GPGyD0izgRPDAw5QFMAmCoELi6MwMUsmGMrGALQUyGZPbJ7rpmZJ6XQo0JjQopgbPxc6Sbf6eZhZdn10pl1zmeUExTC9qwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEP3xBtIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=fEqr_o6xEQk&uach_m=[UACH]&cid=CAQSSwDUE5ym9HH7kwMlShlBnBHDb6dZLlk6UPUk4q50OU7RihhQ79KypMZwqPbQ4VYl05kDa10OFMeSSe5aDo-BQNlcokyWnYIiCLQvJxgBIBM&template_id=484

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=Ctq7lr_DYY8OpKZODxdwPm7CHaIa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9CQQJ-tmqZ5iI4xOANwHbl7BOcxXmcyTknpkfnmBpjhzOI6lk5UM02rPp-bcxb3hDIu7ike7m35B_KnnZtDan07IxSxc1EDTCkvgtgQ_63iiA27XP4i_K2Az7Zp02lQMPGdJ_12NCB0whMvuxpCheKhHgIqFzkuDhm6IDovz_hHA8E4Azf4Uan5JZE1ICdoV2SOsJW9sA4QIsAusK2GPGyD0izgRPDAw5QFMAmCoELi6MwMUsmGMrGALQUyGZPbJ7rpmZJ6XQo0JjQopgbPxc6Sbf6eZhZdn10pl1zmeUExTC9qwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEP3xBtIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=fEqr_o6xEQk&uach_m=[UACH]&cid=CAQSSwDUE5ym9HH7kwMlShlBnBHDb6dZLlk6UPUk4q50OU7RihhQ79KypMZwqPbQ4VYl05kDa10OFMeSSe5aDo-BQNlcokyWnYIiCLQvJxgBIBM&template_id=484 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:57 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/drt/si?st=NO_DATA HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

Cross-Origin-Resource-Policy: cross-origin
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:57 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: DSID=NO_DATA; expires=Tue, 31-Jan-2023 11:42:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/html/r20230125/r20190131/zrt_lookup.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 4387
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 10:03:07 GMT
Expires: Tue, 14 Feb 2023 10:03:07 GMT
Cache-Control: public, max-age=1209600
ETag: 10353107486223812946
Content-Type: text/html; charset=UTF-8
Age: 2387
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:55 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=CeEKfrvDYY42WKYvXygWiy4XADdeyjt5u4a3ZipUR-p3coNQBEAEg5oSmKmDJ7u2GgICgGaABoJeOkyjIAQGoAwGqBOgBT9CKtXPQUL-MgbI1GbZKJnoZ0fnXkyo251bjSiZpUJFKD6lzJsRlnLIF8CPB8aSh47ffdjQ1k35j81VytKrO1gEiHnMrFwkRzhyt6hYEvdxfBRYL6twBiVpMdzv91fYu4nijez6zNxOm73eNAnCvZ7O6hSpXoIhUcCesCNSKqdfORdFT6nLE_MvNic5TlXYif_wrOBm8efF4QUtjJBrqF95QnSJDf5ARzJnqsBHOYJcciEqnNf1Xf0ZF7NKs7-R5iyMI8Bksw-DPK0SFgsuvzOVkYVzsZa6wbOwHxpOW97_fMhtBsM7BI8AEsP6N3a8EkgUECAQYAZIFBAgFGASAB6DP3vICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQx6Ii0ggPCIBhEAEYHzICigI6AoBAgAoByAsB2BMMiBQC0BUBmBYBgBcBshccChoIABIUcHViLTU4OTcyNDk1NzE1NzI4MjMYAA&sigh=FCTk-VJLrE4&uach_m=[UACH]&cid=CAQSGwDUE5ymTYzeWED5riSF50hHLTuKIe1tNWqHdBgBIBM&template_id=5001

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=CeEKfrvDYY42WKYvXygWiy4XADdeyjt5u4a3ZipUR-p3coNQBEAEg5oSmKmDJ7u2GgICgGaABoJeOkyjIAQGoAwGqBOgBT9CKtXPQUL-MgbI1GbZKJnoZ0fnXkyo251bjSiZpUJFKD6lzJsRlnLIF8CPB8aSh47ffdjQ1k35j81VytKrO1gEiHnMrFwkRzhyt6hYEvdxfBRYL6twBiVpMdzv91fYu4nijez6zNxOm73eNAnCvZ7O6hSpXoIhUcCesCNSKqdfORdFT6nLE_MvNic5TlXYif_wrOBm8efF4QUtjJBrqF95QnSJDf5ARzJnqsBHOYJcciEqnNf1Xf0ZF7NKs7-R5iyMI8Bksw-DPK0SFgsuvzOVkYVzsZa6wbOwHxpOW97_fMhtBsM7BI8AEsP6N3a8EkgUECAQYAZIFBAgFGASAB6DP3vICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQx6Ii0ggPCIBhEAEYHzICigI6AoBAgAoByAsB2BMMiBQC0BUBmBYBgBcBshccChoIABIUcHViLTU4OTcyNDk1NzE1NzI4MjMYAA&sigh=FCTk-VJLrE4&uach_m=[UACH]&cid=CAQSGwDUE5ymTYzeWED5riSF50hHLTuKIe1tNWqHdBgBIBM&template_id=5001 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:56 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:56 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/drt/si?st=NO_DATA HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cross-Origin-Resource-Policy: cross-origin
P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:56 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: DSID=NO_DATA; expires=Tue, 31-Jan-2023 11:42:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:56 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&adk=3809368711&adf=1654432175&pi=t.aa~a.4187550229~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=370x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=4&bdt=5162&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280&nras=2&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=847&ady=786&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=6&uci=a!6&btvi=2&xpc=V7Pw7tQQRA&p=https%3A//medquizzes.net&dtd=1207

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&adk=3809368711&adf=1654432175&pi=t.aa~a.4187550229~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=370x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=4&bdt=5162&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280&nras=2&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=847&ady=786&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=6&uci=a!6&btvi=2&xpc=V7Pw7tQQRA&p=https%3A//medquizzes.net&dtd=1207 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=CvxvQsfDYY9vECYiEygWMx5jgAYa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9DkGOnec8pIdV51CQiwm1sfH_biSPvx653XhvzKxQpcEYHfX-QEXmSPbkattjh0E-ahnuJOALqAuRiyIU_AMqLoMinzHdMb_Ar8SSuhfhej47uq6r1d_f9TCVZmmw0su5AGo0OW2RXy0QXkjLmKvS73eMO8s1oJ2Hkz1sJP0QrLA2fyyQrK58a23whaDbQ3HkDU6KxMdAXNaKwXGl9qz2AaB9D1yaHBexPE8TYyP4WgrQGpOPmMStgvOlfcsoKyRs4MbLTI1v6aRrdk-vXzf0Fe6AsgLKZfDbdAArSdlVV6pDdmwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKmQCNIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=UpD_-VnVC4U&uach_m=[UACH]&cid=CAQSSwDUE5ym6o-d27yQuFJg6jDdIGHuBknL3xzVZxJwk_BrVLPx6tZVsqShgZa7yWTAxjhUO0QBsjShyO_lLFRHNiQ7ZEishhGGyHFXkhgBIBM&template_id=484

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=CvxvQsfDYY9vECYiEygWMx5jgAYa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9DkGOnec8pIdV51CQiwm1sfH_biSPvx653XhvzKxQpcEYHfX-QEXmSPbkattjh0E-ahnuJOALqAuRiyIU_AMqLoMinzHdMb_Ar8SSuhfhej47uq6r1d_f9TCVZmmw0su5AGo0OW2RXy0QXkjLmKvS73eMO8s1oJ2Hkz1sJP0QrLA2fyyQrK58a23whaDbQ3HkDU6KxMdAXNaKwXGl9qz2AaB9D1yaHBexPE8TYyP4WgrQGpOPmMStgvOlfcsoKyRs4MbLTI1v6aRrdk-vXzf0Fe6AsgLKZfDbdAArSdlVV6pDdmwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKmQCNIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=UpD_-VnVC4U&uach_m=[UACH]&cid=CAQSSwDUE5ym6o-d27yQuFJg6jDdIGHuBknL3xzVZxJwk_BrVLPx6tZVsqShgZa7yWTAxjhUO0QBsjShyO_lLFRHNiQ7ZEishhGGyHFXkhgBIBM&template_id=484 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&adk=3809368711&adf=1654432175&pi=t.aa~a.4187550229~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=370x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=4&bdt=5162&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280&nras=2&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=847&ady=786&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=6&uci=a!6&btvi=2&xpc=V7Pw7tQQRA&p=https%3A//medquizzes.net&dtd=1207
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:57 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Cache-Control: private
DNS

partner.googleadservices.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN CNAME

partner46.googleadservices.com

partner46.googleadservices.com

IN A

142.251.36.2
GET

https://partner.googleadservices.com/gampad/cookie.js?domain=medquizzes.net&callback=_gfp_s_&client=ca-pub-5897249571572823

IEXPLORE.EXE

Remote address:

142.251.36.2:443

Request

GET /gampad/cookie.js?domain=medquizzes.net&callback=_gfp_s_&client=ca-pub-5897249571572823 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: partner.googleadservices.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:54 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&adk=1812271804&adf=3025194257&lmt=1675165373&plat=1%3A1049600%2C2%3A1049600%2C3%3A3145728%2C4%3A3145728%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&ea=0&pra=5&wgl=1&dt=1675165373148&bpp=22&bdt=3715&idt=23&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C340x280&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=2&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&ifi=5&uci=a!5&dtd=226

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&adk=1812271804&adf=3025194257&lmt=1675165373&plat=1%3A1049600%2C2%3A1049600%2C3%3A3145728%2C4%3A3145728%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&ea=0&pra=5&wgl=1&dt=1675165373148&bpp=22&bdt=3715&idt=23&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C340x280&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=2&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&ifi=5&uci=a!5&dtd=226 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:55 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:55 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/drt/s?v=r20120211 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: cafe
Content-Length: 145
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 10:21:51 GMT
Cache-Control: public, max-age=3600
Content-Type: text/html; charset=UTF-8
Age: 1265
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=200&adk=153652295&adf=3877414078&pi=t.aa~a.477061015~rp.3&w=338&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=338x200&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=2&bdt=5164&idt=2&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1095&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=7&uci=a!7&btvi=3&xpc=F17e8VY84s&p=https%3A//medquizzes.net&dtd=1284

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=200&adk=153652295&adf=3877414078&pi=t.aa~a.477061015~rp.3&w=338&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=338x200&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=2&bdt=5164&idt=2&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1095&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=7&uci=a!7&btvi=3&xpc=F17e8VY84s&p=https%3A//medquizzes.net&dtd=1284 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:42:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=C6QEKsfDYY5jaDcq-ygW6pIvwD4C4yslu2erf8pMRuO7m89sTEAEg5oSmKmDJ7u2GgICgGaAB_4uSlgPIAQGoAwHIA8MEqgTkAU_QprDWlP4THaaaYUGLA5_ICRz1aA2VwIENcQ8EQHSsJaYWvrD0ajd6HE3coIu7AgNURpNjzRDdCXWuD-2FRRYZagUtFfTRnhIYKLypo6z-POg9SxaRgHKYGSV0lTZa7T3lU95KoG54g3YaHpHOna2fOrQ2gzKERBMXbAV0J6xF_PFsXcv4eTt52g66K7mySsbCjrZUZXhAHFwh5fareituK7aawLS9CaWcn7Hxa2JgBP-_t0WH7edqdKoHYPfL6DRvSobeOVgcoHZ_VDs5spkGvo2epeQmoShw06H31ntqAr4pr8AEkODwx58EkgUECAQYAZIFBAgFGASgBmaAB-nz7WmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDKpg7SCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw2IFATQFQGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=_4jZZHQRwZw&uach_m=[UACH]&cid=CAQSSwDUE5ym7bkAes2bJCacwt3iSzfogMeZxs24LpJBlsfdGTGOC89TcB60RsjsY5J8ijTsm37LzHdkiECfnY-NcrtN7YP6fXOTxdbTERgBIBM

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=C6QEKsfDYY5jaDcq-ygW6pIvwD4C4yslu2erf8pMRuO7m89sTEAEg5oSmKmDJ7u2GgICgGaAB_4uSlgPIAQGoAwHIA8MEqgTkAU_QprDWlP4THaaaYUGLA5_ICRz1aA2VwIENcQ8EQHSsJaYWvrD0ajd6HE3coIu7AgNURpNjzRDdCXWuD-2FRRYZagUtFfTRnhIYKLypo6z-POg9SxaRgHKYGSV0lTZa7T3lU95KoG54g3YaHpHOna2fOrQ2gzKERBMXbAV0J6xF_PFsXcv4eTt52g66K7mySsbCjrZUZXhAHFwh5fareituK7aawLS9CaWcn7Hxa2JgBP-_t0WH7edqdKoHYPfL6DRvSobeOVgcoHZ_VDs5spkGvo2epeQmoShw06H31ntqAr4pr8AEkODwx58EkgUECAQYAZIFBAgFGASgBmaAB-nz7WmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDKpg7SCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw2IFATQFQGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=_4jZZHQRwZw&uach_m=[UACH]&cid=CAQSSwDUE5ym7bkAes2bJCacwt3iSzfogMeZxs24LpJBlsfdGTGOC89TcB60RsjsY5J8ijTsm37LzHdkiECfnY-NcrtN7YP6fXOTxdbTERgBIBM HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=200&adk=153652295&adf=3877414078&pi=t.aa~a.477061015~rp.3&w=338&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=338x200&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=2&bdt=5164&idt=2&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1095&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=7&uci=a!7&btvi=3&xpc=F17e8VY84s&p=https%3A//medquizzes.net&dtd=1284
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive
Cookie: DSID=NO_DATA

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:42:58 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:57:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:42:58 GMT
Cache-Control: private
GET

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 31 Jan 2023 10:43:13 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:58:12 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:43:13 GMT
Transfer-Encoding: chunked
GET

https://googleads.g.doubleclick.net/pagead/adview?ai=CcadowPDYY5emIMLqtgfj7bfoDsO8tt5u7PyUw9QQjoyOuKgyEAEg5oSmKmDJ7u2GgICgGaABxrCD4SjIAQmoAwHIA8sEqgTkAU_QLq3LPyc0AgUqajORmj6kkIfKRaaKhweR2vAkTDjR2FS01fOPMEF402JZU-v2R9HLJ7dyRHpMElgtTwbIvlMZ8XiRdXUx1df8YAZxK6aWr9ZmuCqM6BBcQM6HTcalEpHqCu9PnH-iCbr5LgS7Z5QMj1aKkZn2hXiJxb2hf8Gi39brzu67ua2oc7kTCMTcGwPdUVaXJZ5vywQ2jgOMMDkEsqZPhDjrvh0cs3snOoqKqMD4T8AMYujTcRv_4Bh2ot-A3_Kb9gO1Qc4ZWN5KydFNvzJOKXi7FJz2h6a0hY2iFBL5OsAE6tmyk6kEkgUECAQYAZIFBAgFGASgBi6AB8bo08ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQldoD0ggPCIBhEAEYHzICigI6AoBAgAoByAsBuBPkA9gTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=CSCWhRH9p6E&uach_m=[UACH]&cid=CAQSSwDUE5ymwvyEeksPk_klgD1ozD_jeZKHrIIxH3WCBpMRsnWO9u3531Ec9wGyB8mN1yoWGLMC8J_qNxfPtvYHO5ZXTaYhAIs3g6A_iRgBIBM&template_id=484

IEXPLORE.EXE

Remote address:

142.250.179.194:443

Request

GET /pagead/adview?ai=CcadowPDYY5emIMLqtgfj7bfoDsO8tt5u7PyUw9QQjoyOuKgyEAEg5oSmKmDJ7u2GgICgGaABxrCD4SjIAQmoAwHIA8sEqgTkAU_QLq3LPyc0AgUqajORmj6kkIfKRaaKhweR2vAkTDjR2FS01fOPMEF402JZU-v2R9HLJ7dyRHpMElgtTwbIvlMZ8XiRdXUx1df8YAZxK6aWr9ZmuCqM6BBcQM6HTcalEpHqCu9PnH-iCbr5LgS7Z5QMj1aKkZn2hXiJxb2hf8Gi39brzu67ua2oc7kTCMTcGwPdUVaXJZ5vywQ2jgOMMDkEsqZPhDjrvh0cs3snOoqKqMD4T8AMYujTcRv_4Bh2ot-A3_Kb9gO1Qc4ZWN5KydFNvzJOKXi7FJz2h6a0hY2iFBL5OsAE6tmyk6kEkgUECAQYAZIFBAgFGASgBi6AB8bo08ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQldoD0ggPCIBhEAEYHzICigI6AoBAgAoByAsBuBPkA9gTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=CSCWhRH9p6E&uach_m=[UACH]&cid=CAQSSwDUE5ymwvyEeksPk_klgD1ozD_jeZKHrIIxH3WCBpMRsnWO9u3531Ec9wGyB8mN1yoWGLMC8J_qNxfPtvYHO5ZXTaYhAIs3g6A_iRgBIBM&template_id=484 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: googleads.g.doubleclick.net
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Content-Security-Policy: script-src 'none'; object-src 'none'
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 31 Jan 2023 10:43:13 GMT
Server: cafe
Content-Length: 0
X-XSS-Protection: 0
Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 31-Jan-2023 10:58:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires: Tue, 31 Jan 2023 10:43:13 GMT
Cache-Control: private
DNS

tpc.googlesyndication.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.251.36.1
DNS

www.googletagservices.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

216.58.214.2
GET

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite.js

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /pagead/js/r20230125/r20110914/abg_lite.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 11100
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 01:16:36 GMT
Expires: Tue, 14 Feb 2023 01:16:36 GMT
Cache-Control: public, max-age=1209600
ETag: 8766511519597269738
Content-Type: text/javascript; charset=UTF-8
Age: 33979
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus.js

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /pagead/js/r20230125/r20110914/client/window_focus.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 1448
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 08:42:36 GMT
Expires: Tue, 14 Feb 2023 08:42:36 GMT
Cache-Control: public, max-age=1209600
ETag: 12828169674928258300
Content-Type: text/javascript; charset=UTF-8
Age: 7219
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection.js

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /pagead/js/r20230125/r20110914/client/qs_click_protection.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 10533
X-XSS-Protection: 0
Date: Mon, 30 Jan 2023 23:10:17 GMT
Expires: Mon, 13 Feb 2023 23:10:17 GMT
Cache-Control: public, max-age=1209600
ETag: 11468148672078775617
Content-Type: text/javascript; charset=UTF-8
Age: 41558
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/simgad/10449593463279468416/14763004658117789537?w=100&h=100

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /simgad/10449593463279468416/14763004658117789537?w=100&h=100 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="content-ads-owners"
Report-To: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
Timing-Allow-Origin: *
Content-Length: 2652
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
Server: sffe
X-XSS-Protection: 0
Date: Thu, 26 Jan 2023 15:04:43 GMT
Expires: Fri, 26 Jan 2024 15:04:43 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Thu, 21 Jul 2022 14:47:22 GMT
Content-Type: image/jpeg
Age: 416293
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/simgad/329028253308374861/14763004658117789537?w=400&h=209

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /simgad/329028253308374861/14763004658117789537?w=400&h=209 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="content-ads-owners"
Report-To: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
Timing-Allow-Origin: *
Content-Length: 13306
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
Server: sffe
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 09:44:49 GMT
Expires: Wed, 31 Jan 2024 09:44:49 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Tue, 28 Jun 2022 16:01:21 GMT
Content-Type: image/jpeg
Age: 3488
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/sodar/sodar2.js

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /sodar/sodar2.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Date: Tue, 31 Jan 2023 10:42:58 GMT
Expires: Tue, 31 Jan 2023 10:42:58 GMT
Cache-Control: private, max-age=3000
ETag: "1637097310169751"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /sodar/sodar2/225/runner.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://medquizzes.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
Content-Length: 5046
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 10:23:17 GMT
Expires: Wed, 31 Jan 2024 10:23:17 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
Content-Type: text/html
Age: 1181
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/generate_204?htE-wQ

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /generate_204?htE-wQ HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 204 No Content

Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 31 Jan 2023 10:43:01 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/simgad/14271181605391421436/14763004658117789537?w=600&h=314

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /simgad/14271181605391421436/14763004658117789537?w=600&h=314 HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="content-ads-owners"
Report-To: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
Timing-Allow-Origin: *
Content-Length: 29195
Date: Tue, 31 Jan 2023 10:43:13 GMT
Expires: Wed, 31 Jan 2024 10:43:13 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Mon, 26 Sep 2022 19:18:23 GMT
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource.js

IEXPLORE.EXE

Remote address:

142.251.36.1:443

Request

GET /pagead/js/r20230125/r20110914/client/load_preloaded_resource.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: tpc.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 1220
X-XSS-Protection: 0
Date: Tue, 31 Jan 2023 10:23:14 GMT
Expires: Tue, 14 Feb 2023 10:23:14 GMT
Cache-Control: public, max-age=1209600
ETag: 11127005899800245401
Content-Type: text/javascript; charset=UTF-8
Age: 1181
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
Cross-Origin-Opener-Policy: same-origin; report-to="active-view-scs-read-write-acl"
Report-To: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
Date: Tue, 31 Jan 2023 10:42:55 GMT
Expires: Tue, 31 Jan 2023 10:42:55 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
If-None-Match: "1675083396089714"
Connection: Keep-Alive

Response

HTTP/1.1 304 Not Modified

Content-Type: text/javascript
Date: Tue, 31 Jan 2023 10:42:56 GMT
Expires: Tue, 31 Jan 2023 10:42:56 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
If-None-Match: "1675083396089714"
Connection: Keep-Alive

Response

HTTP/1.1 304 Not Modified

Content-Type: text/javascript
Date: Tue, 31 Jan 2023 10:42:57 GMT
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&adk=3809368711&adf=1654432175&pi=t.aa~a.4187550229~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=370x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=4&bdt=5162&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280&nras=2&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=847&ady=786&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=6&uci=a!6&btvi=2&xpc=V7Pw7tQQRA&p=https%3A//medquizzes.net&dtd=1207
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
If-None-Match: "1675083396089714"
Connection: Keep-Alive

Response

HTTP/1.1 304 Not Modified

Content-Type: text/javascript
Date: Tue, 31 Jan 2023 10:42:57 GMT
Expires: Tue, 31 Jan 2023 10:42:57 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=200&adk=153652295&adf=3877414078&pi=t.aa~a.477061015~rp.3&w=338&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=338x200&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=2&bdt=5164&idt=2&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1095&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=7&uci=a!7&btvi=3&xpc=F17e8VY84s&p=https%3A//medquizzes.net&dtd=1284
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
If-None-Match: "1675083396089714"
Connection: Keep-Alive

Response

HTTP/1.1 304 Not Modified

Content-Type: text/javascript
Date: Tue, 31 Jan 2023 10:42:58 GMT
Expires: Tue, 31 Jan 2023 10:42:58 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

IEXPLORE.EXE

Remote address:

216.58.214.2:443

Request

GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.googletagservices.com
If-None-Match: "1675083396089714"
Connection: Keep-Alive

Response

HTTP/1.1 304 Not Modified

Content-Type: text/javascript
Date: Tue, 31 Jan 2023 10:43:17 GMT
Expires: Tue, 31 Jan 2023 10:43:17 GMT
Cache-Control: private, max-age=3000
ETag: "1675083396089714"
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

fe0.google.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

fe0.google.com

IN A

Response
DNS

www.microsoft.com

iexplore.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

173.223.113.131

172.96.185.219:443

https://medquizzes.net/wp-content/themes/soledad/images/searchsubmit.png

tls, http

IEXPLORE.EXE

4.7kB
103.7kB
54
86

HTTP Request

GET https://medquizzes.net/

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/wp-quiz-pro/assets/frontend/css/wp-quiz.css?ver=2.1.7

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/css/weather-icon.swap.css?ver=2.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/js/libs-script.min.js?ver=7.7.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/images/searchsubmit.png

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/themes/soledad/images/penci-holder.png

tls, http

IEXPLORE.EXE

4.3kB
35.5kB
30
37

HTTP Request

GET https://medquizzes.net/wp-content/plugins/mtouch-quiz/mtq_core_style.css?ver=3.1.3

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/mtouch-quiz/mtq_theme_style.css?ver=3.1.3

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.4

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/wp-quiz-pro/assets/frontend/css/animate.css?ver=3.6.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.4

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/images/penci-holder.png

HTTP Response

200
88.221.25.153:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
88.221.25.169:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

IEXPLORE.EXE

369 B
1.6kB
5
4

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/themes/soledad/js/main.js?ver=7.7.0

tls, http

IEXPLORE.EXE

1.3kB
15.3kB
15
19

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/js/main.js?ver=7.7.0

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/themes/soledad/js/post-like.js?ver=7.7.0

tls, http

IEXPLORE.EXE

1.6kB
7.3kB
12
11

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad-child/style.css?ver=7.7.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/js/post-like.js?ver=7.7.0

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14

tls, http

IEXPLORE.EXE

2.0kB
20.7kB
18
23

HTTP Request

GET https://medquizzes.net/wp-content/plugins/mtouch-quiz/script.js?ver=3.1.3

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/intersection-observer.js?minify=false&ver=83ec8aa758f883d6da14

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=8767d0da914b289bd862

tls, http

IEXPLORE.EXE

2.2kB
12.6kB
16
19

HTTP Request

GET https://medquizzes.net/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.4

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-lazy-images/dist/lazy-images.js?minify=false&ver=8767d0da914b289bd862

HTTP Response

200
192.0.77.37:443

https://c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

tls, http

IEXPLORE.EXE

2.0kB
25.8kB
22
30

HTTP Request

GET https://c0.wp.com/c/6.0.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

HTTP Response

200

HTTP Request

GET https://c0.wp.com/p/jetpack/11.5.1/css/jetpack.css

HTTP Response

200
192.0.77.37:443

c0.wp.com

tls

IEXPLORE.EXE

746 B
4.2kB
10
10
192.0.77.37:443

https://c0.wp.com/p/jetpack/11.5.1/_inc/build/photon/photon.min.js

tls, http

IEXPLORE.EXE

2.3kB
21.2kB
22
27

HTTP Request

GET https://c0.wp.com/c/6.0.3/wp-includes/css/dist/block-library/style.min.css

HTTP Response

200

HTTP Request

GET https://c0.wp.com/c/6.0.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

HTTP Response

200

HTTP Request

GET https://c0.wp.com/p/jetpack/11.5.1/_inc/build/photon/photon.min.js

HTTP Response

200
192.0.77.37:443

https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery.min.js

tls, http

IEXPLORE.EXE

1.8kB
37.6kB
25
36

HTTP Request

GET https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery.min.js

HTTP Response

200
192.0.77.37:443

https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery-migrate.min.js

tls, http

IEXPLORE.EXE

1.3kB
9.3kB
14
16

HTTP Request

GET https://c0.wp.com/c/6.0.3/wp-includes/js/jquery/jquery-migrate.min.js

HTTP Response

200
192.0.77.37:443

c0.wp.com

tls

IEXPLORE.EXE

746 B
4.2kB
10
10
172.96.185.219:443

https://medquizzes.net/wp-content/uploads/2021/04/logo300x100.png

tls, http

IEXPLORE.EXE

1.6kB
10.9kB
13
16

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/style.css?ver=6.0.3

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/uploads/2021/04/logo300x100.png

HTTP Response

200
172.96.185.219:443

https://medquizzes.net/wp-content/themes/soledad/fonts/fontawesome-webfont.eot?

tls, http

IEXPLORE.EXE

7.2kB
315.2kB
132
236

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/main.css?ver=7.7.0

HTTP Response

200

HTTP Request

GET https://medquizzes.net/wp-content/themes/soledad/fonts/fontawesome-webfont.eot?

HTTP Response

200
192.0.77.2:443

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/12/MINERAL-METABOLISM.png?resize=585%2C340&ssl=1

tls, http

IEXPLORE.EXE

4.2kB
51.9kB
44
67

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2021/04/logo300x100y.png?resize=300%2C100&ssl=1

HTTP Response

200

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2021/07/cropped-logo2ok.png?fit=32%2C32&ssl=1

HTTP Response

200

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/09/Skin-manifestations-in-medical-disorders.png?resize=585%2C340&ssl=1

HTTP Response

200

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2023/01/HORMONE-METABOLISM.png?resize=585%2C340&ssl=1

HTTP Response

200

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/12/MINERAL-METABOLISM.png?resize=585%2C340&ssl=1

HTTP Response

200
192.0.77.2:443

https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/10/CARBOHYDRATES-AND-CARBOHYDRATE-METABOLISM.png?resize=585%2C342&ssl=1

tls, http

IEXPLORE.EXE

2.4kB
28.7kB
28
40

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/12/ENZYMES.png?resize=585%2C341&ssl=1

HTTP Response

200

HTTP Request

GET https://i0.wp.com/medquizzes.net/wp-content/uploads/2022/10/CARBOHYDRATES-AND-CARBOHYDRATE-METABOLISM.png?resize=585%2C342&ssl=1

HTTP Response

200
142.250.179.194:443

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

tls, http

IEXPLORE.EXE

13.2kB
86.5kB
52
79

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=90&slotname=6340690607&adk=529958608&adf=1521721811&pi=t.ma~as.6340690607&w=728&lmt=1675165373&format=728x90&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&wgl=1&dt=1675165372500&bpp=117&bdt=3071&idt=317&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&correlator=2175074332834&frm=20&pv=2&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=489&ady=33&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=640&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=1&ifi=1&uci=a!1&xpc=lT5UB8YQp4&p=https%3A//medquizzes.net&dtd=583

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=Cbx7SrvDYY4OhGsONxdwPxJSZ2A-SvYjebqPBk7meEdnZHhABIOaEpipgye7thoCAoBmgAY_Htb8CyAEBqQJpVQ5ZeFlKPqgDAcgDwwSqBOkBT9CmEtRfq7T6LGOcQp7f8E_NPs6A2GKmk-b3PSf7ks4nuAdGi1A37-d04RIOEjdsNwI1A-ypQzfLXEPJZ_qgVW_vdConHakbDouiK7lKyxdOYgdRLT1EmDPI-2VFna1_ZdawwAB0YZMYTA-avpTio_Yg55aBJ0PsmRb7HiI6BwhjWOFsI3R90CBys_aTSsq4i3EhvgKR_JNsL0J_R2tPhdGysyLAflnQAloN1BU8jQKhg9wIdTNfBAo3QPT8YrvT8xkG85Llm0idz0vQHrgcO_jAK4PojJO9Ci9hiHxwHUqoh_U8Vc2m6D_ABNb-vNuNBJIFBAgEGAGSBQQIBRgEoAZmgAfZuMrAAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEP2MEdIIDwiAYRABGB8yAooCOgKAQIAKAcgLAdgTDIgUEdAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=apwauNFAzSU&uach_m=[UACH]&cid=CAQSGwDUE5ymgmG9E174JP0-oDuJ2JQR2DQBrG7HTxgBIBM

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3885208187&adf=1108529472&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165374&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372634&bpp=4&bdt=3252&idt=756&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1938&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=3&uci=a!3&btvi=1&xpc=L7HzhwlmT4&p=https%3A//medquizzes.net&dtd=1623

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=Ctq7lr_DYY8OpKZODxdwPm7CHaIa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9CQQJ-tmqZ5iI4xOANwHbl7BOcxXmcyTknpkfnmBpjhzOI6lk5UM02rPp-bcxb3hDIu7ike7m35B_KnnZtDan07IxSxc1EDTCkvgtgQ_63iiA27XP4i_K2Az7Zp02lQMPGdJ_12NCB0whMvuxpCheKhHgIqFzkuDhm6IDovz_hHA8E4Azf4Uan5JZE1ICdoV2SOsJW9sA4QIsAusK2GPGyD0izgRPDAw5QFMAmCoELi6MwMUsmGMrGALQUyGZPbJ7rpmZJ6XQo0JjQopgbPxc6Sbf6eZhZdn10pl1zmeUExTC9qwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEP3xBtIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=fEqr_o6xEQk&uach_m=[UACH]&cid=CAQSSwDUE5ym9HH7kwMlShlBnBHDb6dZLlk6UPUk4q50OU7RihhQ79KypMZwqPbQ4VYl05kDa10OFMeSSe5aDo-BQNlcokyWnYIiCLQvJxgBIBM&template_id=484

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

HTTP Response

200
142.250.179.194:443

https://googleads.g.doubleclick.net/pagead/adview?ai=CvxvQsfDYY9vECYiEygWMx5jgAYa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9DkGOnec8pIdV51CQiwm1sfH_biSPvx653XhvzKxQpcEYHfX-QEXmSPbkattjh0E-ahnuJOALqAuRiyIU_AMqLoMinzHdMb_Ar8SSuhfhej47uq6r1d_f9TCVZmmw0su5AGo0OW2RXy0QXkjLmKvS73eMO8s1oJ2Hkz1sJP0QrLA2fyyQrK58a23whaDbQ3HkDU6KxMdAXNaKwXGl9qz2AaB9D1yaHBexPE8TYyP4WgrQGpOPmMStgvOlfcsoKyRs4MbLTI1v6aRrdk-vXzf0Fe6AsgLKZfDbdAArSdlVV6pDdmwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKmQCNIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=UpD_-VnVC4U&uach_m=[UACH]&cid=CAQSSwDUE5ym6o-d27yQuFJg6jDdIGHuBknL3xzVZxJwk_BrVLPx6tZVsqShgZa7yWTAxjhUO0QBsjShyO_lLFRHNiQ7ZEishhGGyHFXkhgBIBM&template_id=484

tls, http

IEXPLORE.EXE

10.5kB
80.7kB
47
72

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20230125/r20190131/zrt_lookup.html

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=9869315388&adk=3205933825&adf=2680286904&pi=t.ma~as.9869315388&w=340&fwrn=4&fwrnh=100&lmt=1675165373&rafmt=1&format=340x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165373148&bpp=16&bdt=3714&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=320&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=2&uci=a!2&xpc=U8zq0xA4lb&p=https%3A//medquizzes.net&dtd=186

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=CeEKfrvDYY42WKYvXygWiy4XADdeyjt5u4a3ZipUR-p3coNQBEAEg5oSmKmDJ7u2GgICgGaABoJeOkyjIAQGoAwGqBOgBT9CKtXPQUL-MgbI1GbZKJnoZ0fnXkyo251bjSiZpUJFKD6lzJsRlnLIF8CPB8aSh47ffdjQ1k35j81VytKrO1gEiHnMrFwkRzhyt6hYEvdxfBRYL6twBiVpMdzv91fYu4nijez6zNxOm73eNAnCvZ7O6hSpXoIhUcCesCNSKqdfORdFT6nLE_MvNic5TlXYif_wrOBm8efF4QUtjJBrqF95QnSJDf5ARzJnqsBHOYJcciEqnNf1Xf0ZF7NKs7-R5iyMI8Bksw-DPK0SFgsuvzOVkYVzsZa6wbOwHxpOW97_fMhtBsM7BI8AEsP6N3a8EkgUECAQYAZIFBAgFGASAB6DP3vICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQx6Ii0ggPCIBhEAEYHzICigI6AoBAgAoByAsB2BMMiBQC0BUBmBYBgBcBshccChoIABIUcHViLTU4OTcyNDk1NzE1NzI4MjMYAA&sigh=FCTk-VJLrE4&uach_m=[UACH]&cid=CAQSGwDUE5ymTYzeWED5riSF50hHLTuKIe1tNWqHdBgBIBM&template_id=5001

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&adk=3809368711&adf=1654432175&pi=t.aa~a.4187550229~rp.3&w=370&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=370x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=4&bdt=5162&idt=-M&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280&nras=2&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=847&ady=786&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=6&uci=a!6&btvi=2&xpc=V7Pw7tQQRA&p=https%3A//medquizzes.net&dtd=1207

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=CvxvQsfDYY9vECYiEygWMx5jgAYa3o9lu_YTm6vwQ04f1_QgQASDmhKYqYMnu7YaAgKAZoAHTl8r6A8gBCagDAcgDywSqBOQBT9DkGOnec8pIdV51CQiwm1sfH_biSPvx653XhvzKxQpcEYHfX-QEXmSPbkattjh0E-ahnuJOALqAuRiyIU_AMqLoMinzHdMb_Ar8SSuhfhej47uq6r1d_f9TCVZmmw0su5AGo0OW2RXy0QXkjLmKvS73eMO8s1oJ2Hkz1sJP0QrLA2fyyQrK58a23whaDbQ3HkDU6KxMdAXNaKwXGl9qz2AaB9D1yaHBexPE8TYyP4WgrQGpOPmMStgvOlfcsoKyRs4MbLTI1v6aRrdk-vXzf0Fe6AsgLKZfDbdAArSdlVV6pDdmwATZsrvSoASSBQQIBBgBkgUECAUYBKAGLoAHlei1BagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEKmQCNIIDwiAYRABGB8yAooCOgKAQIAKAcgLAbgT5APYEwLQFQGYFgGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=UpD_-VnVC4U&uach_m=[UACH]&cid=CAQSSwDUE5ym6o-d27yQuFJg6jDdIGHuBknL3xzVZxJwk_BrVLPx6tZVsqShgZa7yWTAxjhUO0QBsjShyO_lLFRHNiQ7ZEishhGGyHFXkhgBIBM&template_id=484

HTTP Response

200
142.251.36.2:443

https://partner.googleadservices.com/gampad/cookie.js?domain=medquizzes.net&callback=_gfp_s_&client=ca-pub-5897249571572823

tls, http

IEXPLORE.EXE

1.2kB
5.7kB
10
11

HTTP Request

GET https://partner.googleadservices.com/gampad/cookie.js?domain=medquizzes.net&callback=_gfp_s_&client=ca-pub-5897249571572823

HTTP Response

200
142.251.36.2:443

partner.googleadservices.com

tls

IEXPLORE.EXE

719 B
4.8kB
9
9
142.250.179.194:443

https://googleads.g.doubleclick.net/pagead/adview?ai=CcadowPDYY5emIMLqtgfj7bfoDsO8tt5u7PyUw9QQjoyOuKgyEAEg5oSmKmDJ7u2GgICgGaABxrCD4SjIAQmoAwHIA8sEqgTkAU_QLq3LPyc0AgUqajORmj6kkIfKRaaKhweR2vAkTDjR2FS01fOPMEF402JZU-v2R9HLJ7dyRHpMElgtTwbIvlMZ8XiRdXUx1df8YAZxK6aWr9ZmuCqM6BBcQM6HTcalEpHqCu9PnH-iCbr5LgS7Z5QMj1aKkZn2hXiJxb2hf8Gi39brzu67ua2oc7kTCMTcGwPdUVaXJZ5vywQ2jgOMMDkEsqZPhDjrvh0cs3snOoqKqMD4T8AMYujTcRv_4Bh2ot-A3_Kb9gO1Qc4ZWN5KydFNvzJOKXi7FJz2h6a0hY2iFBL5OsAE6tmyk6kEkgUECAQYAZIFBAgFGASgBi6AB8bo08ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQldoD0ggPCIBhEAEYHzICigI6AoBAgAoByAsBuBPkA9gTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=CSCWhRH9p6E&uach_m=[UACH]&cid=CAQSSwDUE5ymwvyEeksPk_klgD1ozD_jeZKHrIIxH3WCBpMRsnWO9u3531Ec9wGyB8mN1yoWGLMC8J_qNxfPtvYHO5ZXTaYhAIs3g6A_iRgBIBM&template_id=484

tls, http

IEXPLORE.EXE

14.3kB
92.5kB
55
84

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&adk=1812271804&adf=3025194257&lmt=1675165373&plat=1%3A1049600%2C2%3A1049600%2C3%3A3145728%2C4%3A3145728%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&ea=0&pra=5&wgl=1&dt=1675165373148&bpp=22&bdt=3715&idt=23&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90%2C340x280&nras=1&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=2&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=1&ifi=5&uci=a!5&dtd=226

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=200&adk=153652295&adf=3877414078&pi=t.aa~a.477061015~rp.3&w=338&fwrn=4&fwrnh=100&lmt=1675165375&rafmt=1&to=qs&pwprc=2434042266&format=338x200&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1675165374464&bpp=2&bdt=5164&idt=2&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=1095&biw=1263&bih=626&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=1&ifi=7&uci=a!7&btvi=3&xpc=F17e8VY84s&p=https%3A//medquizzes.net&dtd=1284

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=C6QEKsfDYY5jaDcq-ygW6pIvwD4C4yslu2erf8pMRuO7m89sTEAEg5oSmKmDJ7u2GgICgGaAB_4uSlgPIAQGoAwHIA8MEqgTkAU_QprDWlP4THaaaYUGLA5_ICRz1aA2VwIENcQ8EQHSsJaYWvrD0ajd6HE3coIu7AgNURpNjzRDdCXWuD-2FRRYZagUtFfTRnhIYKLypo6z-POg9SxaRgHKYGSV0lTZa7T3lU95KoG54g3YaHpHOna2fOrQ2gzKERBMXbAV0J6xF_PFsXcv4eTt52g66K7mySsbCjrZUZXhAHFwh5fareituK7aawLS9CaWcn7Hxa2JgBP-_t0WH7edqdKoHYPfL6DRvSobeOVgcoHZ_VDs5spkGvo2epeQmoShw06H31ntqAr4pr8AEkODwx58EkgUECAQYAZIFBAgFGASgBmaAB-nz7WmoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDKpg7SCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw2IFATQFQGAFwGyFxwKGggAEhRwdWItNTg5NzI0OTU3MTU3MjgyMxgA&sigh=_4jZZHQRwZw&uach_m=[UACH]&cid=CAQSSwDUE5ym7bkAes2bJCacwt3iSzfogMeZxs24LpJBlsfdGTGOC89TcB60RsjsY5J8ijTsm37LzHdkiECfnY-NcrtN7YP6fXOTxdbTERgBIBM

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5897249571572823&output=html&h=280&slotname=6845710809&adk=2063813918&adf=1706824535&pi=t.ma~as.6845710809&w=1170&fwrn=4&fwrnh=100&lmt=1675165390&rafmt=1&format=1170x280&url=https%3A%2F%2Fmedquizzes.net%2F%231d39db5fa-388b-441d-ae9f-981813840294&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1675165372639&bpp=4&bdt=3717&idt=1635&shv=r20230125&mjsv=m202301170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5e0bc100f8c61047-229d7bfdc9da006e%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaHY5nv3J3P-dh5IqUpuH6FXlVcMA&gpic=UID%3D000009994e6fddc7%3AT%3D1675161774%3ART%3D1675161774%3AS%3DALNI_MaxGO20aJJUVo7kBmN22AOWrwBpiQ&prev_fmts=728x90%2C340x280%2C0x0%2C340x280%2C370x280%2C338x200&nras=3&correlator=2175074332834&frm=20&pv=1&ga_vid=843146960.1675165370&ga_sid=1675165373&ga_hid=2001663860&ga_fc=1&u_tz=0&u_his=2&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=47&ady=3804&biw=1263&bih=626&scr_x=0&scr_y=1502&eid=44759875%2C44759926%2C44759837%2C31071765%2C31071973&oid=2&psts=AD37Y7vVy7K17ETxfl9ULp5lnz27DAy-gUrgz5q2A3e597JuydOiT6pZQEfim72bE_Eixd3UOg8aUGJW5ash5tk3%2CAD37Y7uac57fCSpsTk-4YtL8k9tROb9TqsjClERWwULQwpji6QQfgVEwaQdGLX5-HerQhSHC8CbEFhO5atItUeZU%2CAD37Y7tJr4f1uKV49DG3_XZxwjilntDN4czeer0IDN_DwNnIMjd0fq2glusaxcadcjm2wACRdEeNzF1rvyf7Ag%2CAD37Y7uX_Ki5rncQz6rHRVautm7AUZ-JcKfA7bE5UxDaMYKiXjQBCRl5A_ct8TliOug9iAa7ZrSKiCE_VRaDq1w%2CAD37Y7tv8nbuWJbP58hAuMEUrILxlebp67K9EMS4dPyMlo4K4TGNNJzdIfyMEHyQs7nNaYxC0WubSzMljZBtUQ&pvsid=1857169244856371&tmod=1905707647&nvt=1&eae=0&fc=896&docm=11&brdim=0%2C54%2C-8%2C-8%2C1280%2C%2C1296%2C696%2C1280%2C626&vis=1&rsz=%7C%7CeoEbr%7C&abl=CS&pfx=0&fu=128&bc=1&ifi=4&uci=a!4&btvi=4&xpc=WJuFsx0CTM&p=https%3A//medquizzes.net&dtd=18038

HTTP Response

200

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/adview?ai=CcadowPDYY5emIMLqtgfj7bfoDsO8tt5u7PyUw9QQjoyOuKgyEAEg5oSmKmDJ7u2GgICgGaABxrCD4SjIAQmoAwHIA8sEqgTkAU_QLq3LPyc0AgUqajORmj6kkIfKRaaKhweR2vAkTDjR2FS01fOPMEF402JZU-v2R9HLJ7dyRHpMElgtTwbIvlMZ8XiRdXUx1df8YAZxK6aWr9ZmuCqM6BBcQM6HTcalEpHqCu9PnH-iCbr5LgS7Z5QMj1aKkZn2hXiJxb2hf8Gi39brzu67ua2oc7kTCMTcGwPdUVaXJZ5vywQ2jgOMMDkEsqZPhDjrvh0cs3snOoqKqMD4T8AMYujTcRv_4Bh2ot-A3_Kb9gO1Qc4ZWN5KydFNvzJOKXi7FJz2h6a0hY2iFBL5OsAE6tmyk6kEkgUECAQYAZIFBAgFGASgBi6AB8bo08ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQldoD0ggPCIBhEAEYHzICigI6AoBAgAoByAsBuBPkA9gTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi01ODk3MjQ5NTcxNTcyODIzGAA&sigh=CSCWhRH9p6E&uach_m=[UACH]&cid=CAQSSwDUE5ymwvyEeksPk_klgD1ozD_jeZKHrIIxH3WCBpMRsnWO9u3531Ec9wGyB8mN1yoWGLMC8J_qNxfPtvYHO5ZXTaYhAIs3g6A_iRgBIBM&template_id=484

HTTP Response

200
142.251.36.1:443

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite.js

tls, http

IEXPLORE.EXE

2.2kB
18.3kB
14
18

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/abg_lite.js

HTTP Response

200
142.251.36.1:443

https://tpc.googlesyndication.com/simgad/14271181605391421436/14763004658117789537?w=600&h=314

tls, http

IEXPLORE.EXE

13.0kB
85.9kB
53
79

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/window_focus.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/qs_click_protection.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/simgad/10449593463279468416/14763004658117789537?w=100&h=100

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/simgad/329028253308374861/14763004658117789537?w=400&h=209

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2.js

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

HTTP Response

200

HTTP Request

GET https://tpc.googlesyndication.com/generate_204?htE-wQ

HTTP Response

204

HTTP Request

GET https://tpc.googlesyndication.com/simgad/14271181605391421436/14763004658117789537?w=600&h=314

HTTP Response

200
142.251.36.1:443

tpc.googlesyndication.com

tls

IEXPLORE.EXE

762 B
4.7kB
10
9
142.251.36.1:443

https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource.js

tls, http

IEXPLORE.EXE

2.0kB
6.7kB
10
10

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20230125/r20110914/client/load_preloaded_resource.js

HTTP Response

200
216.58.214.2:443

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

tls, http

IEXPLORE.EXE

13.4kB
61.6kB
44
62

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

200

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

304

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

304

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

304

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

304

HTTP Request

GET https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

HTTP Response

304
216.58.214.2:443

www.googletagservices.com

tls

IEXPLORE.EXE

716 B
5.0kB
9
9
142.250.179.194:443

googleads.g.doubleclick.net

tls

IEXPLORE.EXE

531 B
355 B
6
5
192.0.77.2:443

i0.wp.com

tls

IEXPLORE.EXE

778 B
4.2kB
10
10
192.0.77.2:443

i0.wp.com

tls

IEXPLORE.EXE

778 B
4.2kB
10
10
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.6kB
9
11

8.8.8.8:53

medquizzes.net

dns

IEXPLORE.EXE

60 B
76 B
1
1

DNS Request

medquizzes.net

DNS Response

172.96.185.219
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.25.153

88.221.25.169
8.8.8.8:53

apps.identrust.com

dns

IEXPLORE.EXE

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

88.221.25.169

88.221.25.153
8.8.8.8:53

c0.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

c0.wp.com

DNS Response

192.0.77.37
8.8.8.8:53

i0.wp.com

dns

IEXPLORE.EXE

55 B
71 B
1
1

DNS Request

i0.wp.com

DNS Response

192.0.77.2
8.8.8.8:53

googleads.g.doubleclick.net

dns

IEXPLORE.EXE

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.179.194
8.8.8.8:53

partner.googleadservices.com

dns

IEXPLORE.EXE

74 B
114 B
1
1

DNS Request

partner.googleadservices.com

DNS Response

142.251.36.2
8.8.8.8:53

tpc.googlesyndication.com

dns

IEXPLORE.EXE

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.251.36.1
8.8.8.8:53

www.googletagservices.com

dns

IEXPLORE.EXE

71 B
87 B
1
1

DNS Request

www.googletagservices.com

DNS Response

216.58.214.2
8.8.8.8:53

fe0.google.com

dns

IEXPLORE.EXE

60 B
110 B
1
1

DNS Request

fe0.google.com
8.8.8.8:53

www.microsoft.com

dns

iexplore.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

173.223.113.131

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2ba74b39771f4001a9af1cba0e74a8e

SHA1
682d769eb537f95e873c82633d6e28912160db4a

SHA256
ff84094e2229ef6f4630680e4dbeab6bbcb76528734cb5433a5038cab160a17a

SHA512
05c1eac77c2e42deaba6cb0801f3efe456c2d3eceab5cb4d8c8aabf3543bf6877164d8cfeecac85ae993c3d6444c91132d19def90a5244a2d5af41232380cc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lwrmjt1\imagestore.dat

Filesize
5KB

MD5
ea55424eda2e5350fa59bf617513d8a8

SHA1
f38dbf5267b8378b15b71462b4fb0cb753485b07

SHA256
ace60032605929a95ce3a4f37af0115d575e5d62d66daafd24c3cae08ca01a85

SHA512
34e84d24ce1a345f9fdd1ee3d0900bdfeca4359b1a833d89eaf1e672a1900b8a83d2ba104917782b5396e89969b1d9a6c42f312eaab5337f794a25c865af46af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MM6A7FC5.txt

Filesize
600B

MD5
bd106f9820c383a6de49a6559863c628

SHA1
02870b2770bd509da29df14dc39e3d2ca01de106

SHA256
a171783ccf45fb1a3d3c5ac9aff30cf3d37542ee5475eaffb3fed416d7ecd3c5

SHA512
b8d6203341edda0aef361d9fdf056838569d7a52c95dc388443c2171030850523dd37d56e02d078c5e9a26830e18e770daffa1ea130d834a55ec03195e057d00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request