hxxp://time[.]cloudflare[.]com

Analysis

max time kernel
74s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/04/2023, 21:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://time.cloudflare.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387325811"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010d3bb75b0ea114e9ca1233a5a090b7b000000000200000000001066000000010000200000009650d0174669bf528623088f359e3661088cd150a159230ae733d9dddd081167000000000e8000000002000020000000151d2671d871e4a6f99cf070b3cdd9e3eb087cffcb71b033218d98b8f0fb210020000000314f71262a834ec045d9f5a2f7eb5ac142978df01ee754bde408c6fb00d3856440000000147cf23207b397ab534fb4a6eee6704fe5dd2b2a70b7f4b88452f4717c05fc9a1106cbdd12adec8aadf0a9eb54a6af18d39b27be4b828e36d6ee8dea296c0e71	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2207201460"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024763"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{AE13FE91-D26E-11ED-8FFF-4E963766237A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024763"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 602144877b66d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2207201460"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024763"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2241421561"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010d3bb75b0ea114e9ca1233a5a090b7b00000000020000000000106600000001000020000000e628308b207bc2a0d1b40beed68a55264775d6a8a361f4b8ee00a5d4385ce7cb000000000e800000000200002000000088cee444eb35afdc4ddf2b76367df106fa5788c7cdc964b9d790f6874d7e26812000000073fdd2487ae67a082da4ed78a17ca55921214d4c2c19a054c0b630f6a920bd4b40000000eaa5b2bf91d8b860913e8252ee4daa927395bf6cfd211f3c45e341c1556bd360fda4d01e2d4914807930320ae26a8f32bca1af4da404e05a00ffbfd21d6fd3f8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c354877b66d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1952	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1952	iexplore.exe
1952	iexplore.exe
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1544	1952	iexplore.exe	81
PID 1952 wrote to memory of 1544	1952	iexplore.exe	81
PID 1952 wrote to memory of 1544	1952	iexplore.exe	81

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://time.cloudflare.com
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1544

Network

DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

time.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

time.cloudflare.com

IN A

Response

time.cloudflare.com

IN A

162.159.200.123

time.cloudflare.com

IN A

162.159.200.1
GET

https://time.cloudflare.com/

IEXPLORE.EXE

Remote address:

162.159.200.123:443

Request

GET / HTTP/2.0
host: time.cloudflare.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 301

date: Mon, 03 Apr 2023 22:27:20 GMT
location: https://cloudflare.com/time
cache-control: max-age=3600
expires: Mon, 03 Apr 2023 23:27:20 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b24bd079c1bb8f0-AMS
DNS

123.200.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.200.159.162.in-addr.arpa

IN PTR

Response

123.200.159.162.in-addr.arpa

IN PTR

time cloudflarecom
DNS

cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cloudflare.com

IN A

Response

cloudflare.com

IN A

104.16.133.229

cloudflare.com

IN A

104.16.132.229
GET

https://cloudflare.com/time

IEXPLORE.EXE

Remote address:

104.16.133.229:443

Request

GET /time HTTP/2.0
host: cloudflare.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 301

date: Mon, 03 Apr 2023 22:27:20 GMT
location: https://www.cloudflare.com/time
cache-control: max-age=3600
expires: Mon, 03 Apr 2023 23:27:20 GMT
set-cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; path=/; expires=Mon, 03-Apr-23 22:57:20 GMT; domain=.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0GaD%2BXldzeOlfobc7uJaMJ7QbJCbdGPgPDEue3oVOP6M6AlAMxewXpGu2SsVcdDkt7%2Bbd4bMT4Kw3UWg6nmLtB6wHuE%2BzG4NXrZK6SEqcFOwAh3HzZlHV8QB3bemxM7D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15780000; includeSubDomains
server: cloudflare
cf-ray: 7b24bd07e8194196-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

www.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.cloudflare.com

IN A

Response

www.cloudflare.com

IN A

104.16.124.96

www.cloudflare.com

IN A

104.16.123.96
GET

https://www.cloudflare.com/time

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /time HTTP/2.0
host: www.cloudflare.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=

Response

HTTP/2.0 301

date: Mon, 03 Apr 2023 22:27:21 GMT
content-length: 0
location: https://www.cloudflare.com/time/
set-cookie: __cf_bm=AihAvXjKI0JcqJPDTXfkZGQ95RVCqbldNAEpMJf_zbs-1680560841-0-AQnE9b+ta6VU0ryDxRis1Q8t3n34f4iidKooAF9LqgFjgqZPwcgcBTc0DFsaIVRnLwA20u6PjMz4HLEULb1nDkOpMgkN7PqZjTybNw53td+e; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2F%2FCnAqwwAuVeKjibbU%2F4GIK%2FnJlDgWaNNkGqn9fV43WWIbQiI2z8JffWAaUl%2BgL12nO%2BGRLeCCv8nasbt13scBPo6y5BLaHLgY%2FGbZgGzONKcQIonicW93mNztE5UrRRLAJ6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b24bd082d38b8c6-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/time/

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /time/ HTTP/2.0
host: www.cloudflare.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=AihAvXjKI0JcqJPDTXfkZGQ95RVCqbldNAEpMJf_zbs-1680560841-0-AQnE9b+ta6VU0ryDxRis1Q8t3n34f4iidKooAF9LqgFjgqZPwcgcBTc0DFsaIVRnLwA20u6PjMz4HLEULb1nDkOpMgkN7PqZjTybNw53td+e

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: text/html; charset=utf-8
cf-ray: 7b24bd085d52b8c6-AMS
age: 39
cache-control: max-age=120
expires: Mon, 03 Apr 2023 22:26:57 GMT
last-modified: Mon, 03 Apr 2023 21:29:48 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-rm: RDWD
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=R79gCLF3DHpSWUqyyVb8Lgcyhv7qwDkh.qV.liHGbFo-1680560841-0-AV9YPVOby5Jv2M1ICEmfCWZlb1LD0ep8EbQvUVfQsAFKSsmVHFb21+um4P/k76WH9sb9SP/om1z7vNEx7mX3LocuIdDjWwU+29BYmAY64tIE; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uql3EY0AY8aYiagGTJX14%2BJDnaeTf%2BRSW0HFb9cpBidUom35wQDXl1IeYvyHdTvwvcv5FRCKRYC%2Fm2KB1fXitfgCVSzaaMiIEPXLgAytSUXHWNUrE81Pp6AAuDFbV7r0TFTvow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /vendor/onetrust/scripttemplates/otSDKStub.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=R79gCLF3DHpSWUqyyVb8Lgcyhv7qwDkh.qV.liHGbFo-1680560841-0-AV9YPVOby5Jv2M1ICEmfCWZlb1LD0ep8EbQvUVfQsAFKSsmVHFb21+um4P/k76WH9sb9SP/om1z7vNEx7mX3LocuIdDjWwU+29BYmAY64tIE

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: application/javascript
cf-ray: 7b24bd0a0ee2b8c6-AMS
age: 396179
cache-control: max-age=2592000
etag: W/"58fccbac723b412a2d6cebc77f2e8875"
expires: Thu, 30 Mar 2023 08:24:37 GMT
last-modified: Thu, 30 Mar 2023 08:24:10 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=aSQkaDdFMC9qEZ2EmF88TPN4mqDB3Vu4fW_.yrfiomw-1680560841-0-AZjLCFk+y3oCklMW9FmeVj1Fk4rzF5QSZR0aH3IatsroPrUSUCJf0N+ZxVn/rKDnkDULH8cm3JZGJQNDrbQyaNy1v10v2+o6TRivnGRDt9pz; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2Z%2F1HGKT6jm46jGSYwGuTUIYxAICdRfcuu5ihEmOefCXil0uUsGWZxR7U%2Fimn%2BmHZajxmkZrd7QfKYkaes3vR7Pddpb%2BXvsitAP%2F%2FdAdHs%2Bl36fNc3MvfxJhxLo7%2BenIVbnCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/SearchModal-3ddfdb137194c4ee1004.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /SearchModal-3ddfdb137194c4ee1004.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=aSQkaDdFMC9qEZ2EmF88TPN4mqDB3Vu4fW_.yrfiomw-1680560841-0-AZjLCFk+y3oCklMW9FmeVj1Fk4rzF5QSZR0aH3IatsroPrUSUCJf0N+ZxVn/rKDnkDULH8cm3JZGJQNDrbQyaNy1v10v2+o6TRivnGRDt9pz

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: application/javascript
cf-ray: 7b24bd0a3f02b8c6-AMS
age: 535204
cache-control: max-age=2592000
etag: W/"9b452617e98099be2a701fe937f8ebe6"
expires: Tue, 28 Mar 2023 17:47:32 GMT
last-modified: Tue, 28 Mar 2023 05:49:13 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=K5.N1lPdo5uBX9WNFWukiWbO16Cpot3qD93FPfp9uyE-1680560841-0-AdFNKyyUwRXoxOsJk0U9FKQGkWIbOIxiS6R70ne12sdlBTz7zQKnmWcPQPt0W03bTX1AR6CpGJ2m0lj48O14oA7ordKDMVhWZvf9I1lNp6y8; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QSnsH3cRruMsz%2Ba6ARjn0xfBHtLGrVEREpc8F2th2bDYknh3ZPULMV90mTrG5fIyS8frphryNyHngTJhcfZeQWfeU47p1tR6IOMlUgOhnRBHmAb6niPGt7vm0zsQ3FgtF8CpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/app-aaeb3732c2eadfb1495f.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /app-aaeb3732c2eadfb1495f.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=aSQkaDdFMC9qEZ2EmF88TPN4mqDB3Vu4fW_.yrfiomw-1680560841-0-AZjLCFk+y3oCklMW9FmeVj1Fk4rzF5QSZR0aH3IatsroPrUSUCJf0N+ZxVn/rKDnkDULH8cm3JZGJQNDrbQyaNy1v10v2+o6TRivnGRDt9pz

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: application/javascript
cf-ray: 7b24bd0a3efeb8c6-AMS
age: 625113
cache-control: max-age=2592000
etag: W/"e7f6da1c17b09f45bfe22705ff3f9606"
expires: Mon, 27 Mar 2023 16:49:03 GMT
last-modified: Mon, 27 Mar 2023 04:41:48 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=r2yNAzG_h8Ow.vyupwbS63jaKZ7dE1JqM04y9GqR98Y-1680560841-0-AfAZT750M6OGDR4PRrwdvEd51I5IJ21DYhkYUsHYf3whoTS/qVdDInZA8VzJLdKzwug/8pzzIYLXLoSGJGaAFFfUx34WDSb5AviVi+DXN6dY; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5TLoIbd5jCfQMMVn2hWuHxVNq8A7clblYO5neyR4VKN5VfI54LdHIsO6pj%2BoFE0hPEnP1WhPDLy1b3l6%2FRpf7FBhiE4aC9KcUptJ%2B3PCIattZHEm0aRqEgeww00gta2%2BQqU9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/framework-af5f1d9ed36a18b8ece2.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /framework-af5f1d9ed36a18b8ece2.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=aSQkaDdFMC9qEZ2EmF88TPN4mqDB3Vu4fW_.yrfiomw-1680560841-0-AZjLCFk+y3oCklMW9FmeVj1Fk4rzF5QSZR0aH3IatsroPrUSUCJf0N+ZxVn/rKDnkDULH8cm3JZGJQNDrbQyaNy1v10v2+o6TRivnGRDt9pz

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: application/javascript
cf-ray: 7b24bd0a4f0bb8c6-AMS
age: 1561254
cache-control: max-age=2592000
etag: W/"a7fcd6856f4d926a357ba9ea0bb5d861"
expires: Thu, 16 Mar 2023 20:46:42 GMT
last-modified: Thu, 16 Mar 2023 20:44:46 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=qvmccrLklA39im4gslBXJJ.OKfZB4ZC9sR68w5y.a1M-1680560841-0-AYGOtwhALHuZgF29f19x3d1lUVMybfEvBweBj3zXrDs3vKG2Q7OaLKvt0Q4NrBocRruN19XWXazs8EbNstAjlRPNTNpbjgbhq54dcEzxICm6; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4bapUN6Rp6jx8H4%2B2sksHS2qJEwMVDRhxGz%2Fq3VeouG%2F4jNIBFSTwepCm9wK6cCdU6Us2R%2FB1FpFEjmhzWt4ASDNy0V1Wvu67IyJHKyyORigps3A7i4AWWFPwaQMcPqvezjSXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/webpack-runtime-4b24f05bf0f56258dd70.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /webpack-runtime-4b24f05bf0f56258dd70.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=aSQkaDdFMC9qEZ2EmF88TPN4mqDB3Vu4fW_.yrfiomw-1680560841-0-AZjLCFk+y3oCklMW9FmeVj1Fk4rzF5QSZR0aH3IatsroPrUSUCJf0N+ZxVn/rKDnkDULH8cm3JZGJQNDrbQyaNy1v10v2+o6TRivnGRDt9pz

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: application/javascript
cf-ray: 7b24bd0a3f05b8c6-AMS
age: 538892
cache-control: max-age=2592000
etag: W/"7bbe6226c9f46fa38b771a7beab7b931"
expires: Tue, 28 Mar 2023 16:46:04 GMT
last-modified: Sun, 26 Mar 2023 03:54:53 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=RSownSkalZLm4psURobjpmS.8DkIQXT413VhCUXqSCI-1680560841-0-AWh0siheqiUdttxiRx+FJQFyk/KcZFqmXmUEOXZB6sk5tL4o619Q3+l4m8ebVTb15xuHgQL94v4ee5liyPsKz69AQ0/lGwA9o3170fvaAdp1; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWrxmII59h50MEGDr3hiocY%2FS25gzWJ1MfYsCFd%2FXrYCRm5rnGBB2RVIyO5WaI02AjW818v8mxMVg32dTGz%2Bkw41D4T9kuIXNypSYg8HoKavvnl3fwB6wkye8dOsf3jS1jb4FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.json

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.json HTTP/2.0
host: www.cloudflare.com
accept: */*
referer: https://www.cloudflare.com/time/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=RSownSkalZLm4psURobjpmS.8DkIQXT413VhCUXqSCI-1680560841-0-AWh0siheqiUdttxiRx+FJQFyk/KcZFqmXmUEOXZB6sk5tL4o619Q3+l4m8ebVTb15xuHgQL94v4ee5liyPsKz69AQ0/lGwA9o3170fvaAdp1

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:22 GMT
content-type: application/json; charset=utf-8
cf-ray: 7b24bd0f2ba3b8c6-AMS
age: 2240585
cache-control: max-age=2592000
etag: W/"7c79a72882c2e437f44d5217ee17f4c4"
expires: Thu, 09 Mar 2023 00:04:30 GMT
last-modified: Thu, 09 Mar 2023 00:02:53 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=_vlIjr.pWMU_vjTUU4VyU3Xim2DfhQmsHJFbYA67TQQ-1680560842-0-ATr7Pi4K4xEJp38olsn4uljjJnXQH3NtG0WxjAr4k+I3LVN2X4cag2gMz+sYHrXdAD3zpaQnRMaMu012/t0eNOC1LOwhvV3Oo8NR7MmzalmZ; path=/; expires=Mon, 03-Apr-23 22:57:22 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WSI3Ol%2B7bPGYvKoaGx8ee0p4BYC78X%2FkIaMrfczJ3wDffXXLYaAsdOcsmHGTilSPQzjOod6uUCE4ybbwc7bnHoLDWww4gstfvEcJNlOhaXOe5AMrMNO6RiktDftdoSnlVgYUxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/favicon.ico

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /favicon.ico HTTP/2.0
host: www.cloudflare.com
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=_vlIjr.pWMU_vjTUU4VyU3Xim2DfhQmsHJFbYA67TQQ-1680560842-0-ATr7Pi4K4xEJp38olsn4uljjJnXQH3NtG0WxjAr4k+I3LVN2X4cag2gMz+sYHrXdAD3zpaQnRMaMu012/t0eNOC1LOwhvV3Oo8NR7MmzalmZ

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:23 GMT
content-type: image/vnd.microsoft.icon
cf-ray: 7b24bd168a88b8c6-AMS
age: 1771696
cache-control: max-age=2592000
etag: W/"88415acda09a4cbd9d87543c3ba78180"
expires: Tue, 14 Mar 2023 10:19:22 GMT
last-modified: Tue, 14 Mar 2023 09:46:44 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=jznfe7RA1352NX6utYIirdRxATO8QJta2U1qzujfRIg-1680560843-0-AfO3+vMIxd+lqM6eY9jjc2ailteuQt/bt59lUhfBWQLPHo/Lyabg4oq4x/mbYriYTaM/loAychX+LcISk+R82caLCcU4s7sYfvpmYBEFP6uY; path=/; expires=Mon, 03-Apr-23 22:57:23 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hsR7LT%2FJYjF41%2Bm42h1BOadgRTryjTjmfjJd8exDcO34CkHUMSiQ0CvlLU6MNjPLp7hlIJEyjee03aP8c%2FGt3PZ1Byv0%2Fy4AQ%2BBfjRDrv7incjZzgTxH2HGwD3D2SxFeNCg8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/otBannerSdk.js

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /vendor/onetrust/scripttemplates/6.21.0/otBannerSdk.js HTTP/2.0
host: www.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=jznfe7RA1352NX6utYIirdRxATO8QJta2U1qzujfRIg-1680560843-0-AfO3+vMIxd+lqM6eY9jjc2ailteuQt/bt59lUhfBWQLPHo/Lyabg4oq4x/mbYriYTaM/loAychX+LcISk+R82caLCcU4s7sYfvpmYBEFP6uY

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:23 GMT
content-type: application/javascript
cf-ray: 7b24bd176b48b8c6-AMS
age: 396179
cache-control: max-age=2592000
etag: W/"f115c8fca9b441635fc753620cc683e7"
expires: Thu, 30 Mar 2023 08:24:38 GMT
last-modified: Thu, 30 Mar 2023 08:24:10 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=RFfW7tcXRTPQW7qbf6OHIQbH7Ykird9hbxtjvoDq8W0-1680560843-0-ASbHE7A6+ydZ0J66W70EezIwMfGtEYOCirT5+I7SVEj0d5+Ix/if+1gdDXtlO5XnDytROGwrxCjgptLyOuwmrwnfr+HmnVFDC8nKxjWQVS9Y; path=/; expires=Mon, 03-Apr-23 22:57:23 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXAo6AnPx478wpz4LE3VOwcRKI5vPh0IY7hQocy6UKyyoMp6m5edhxDaoPVDE0QZ1r3v4TaVbnnpO1YKCF%2F2x%2FeSSho%2BosQyPzBQlgCZuis979Rtv6sB%2Byo0h3uWQJ%2F%2FewWqzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/d8806338-d10a-406d-9677-f925dab8e982/en.json

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/d8806338-d10a-406d-9677-f925dab8e982/en.json HTTP/2.0
host: www.cloudflare.com
accept: */*
referer: https://www.cloudflare.com/time/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=RFfW7tcXRTPQW7qbf6OHIQbH7Ykird9hbxtjvoDq8W0-1680560843-0-ASbHE7A6+ydZ0J66W70EezIwMfGtEYOCirT5+I7SVEj0d5+Ix/if+1gdDXtlO5XnDytROGwrxCjgptLyOuwmrwnfr+HmnVFDC8nKxjWQVS9Y

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:24 GMT
content-type: application/json; charset=utf-8
cf-ray: 7b24bd1b6ef2b8c6-AMS
age: 521510
cache-control: max-age=2592000
etag: W/"c940c128620835cb76c3a483bf281968"
expires: Tue, 28 Mar 2023 21:35:49 GMT
last-modified: Tue, 28 Mar 2023 21:35:08 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=nwtNELEsAzFF4anazEvbBNffXxXSRfAFoByvT08cOu0-1680560844-0-AYMqnmx2oVNpRoXqzV4bdKZRX3pWK31WrIb4J6gZQQcC4PR0aIzNmj1wAy5SfYmdo+1aiJ9gmUmwOJAJON91P0rmdXsVt805I9MWJpp0Iiq9; path=/; expires=Mon, 03-Apr-23 22:57:24 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8rftI99YLM7tOvkcsDRhfE4OsW45tSO2yS8A3IkIBRHG1g%2FB%2B%2FdA8IHy8IvAFsUPoUjyevqrqCqFgxcDKJo102Fe5Asi7D1pRLZyWESn8aiwf6BD5OLUDU0TQSXl8xNUwny%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/assets/otCommonStyles.css

IEXPLORE.EXE

Remote address:

104.16.124.96:443

Request

GET /vendor/onetrust/scripttemplates/6.21.0/assets/otCommonStyles.css HTTP/2.0
host: www.cloudflare.com
accept: */*
referer: https://www.cloudflare.com/time/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=; __cf_bm=nwtNELEsAzFF4anazEvbBNffXxXSRfAFoByvT08cOu0-1680560844-0-AYMqnmx2oVNpRoXqzV4bdKZRX3pWK31WrIb4J6gZQQcC4PR0aIzNmj1wAy5SfYmdo+1aiJ9gmUmwOJAJON91P0rmdXsVt805I9MWJpp0Iiq9; OptanonConsent=isGpcEnabled=0&datestamp=Mon+Apr+03+2023+22%3A27%3A22+GMT%2B0000+(Coordinated+Universal+Time)&version=6.21.0&isIABGlobal=false&hosts=&consentId=e69296ba-0490-4210-a2f6-0fc53bf3eed9&interactionCount=0&landingPath=https%3A%2F%2Fwww.cloudflare.com%2Ftime%2F

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:24 GMT
content-type: text/css
cf-ray: 7b24bd1c0f8eb8c6-AMS
age: 2240587
cache-control: max-age=2592000
etag: W/"17f16ce78fb1f5b40afd42e4351a787c"
expires: Thu, 09 Mar 2023 00:04:32 GMT
last-modified: Thu, 09 Mar 2023 00:01:20 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cf-cache-status: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: __cf_bm=bqRtee4WOkMg3czZ_MYuXhWjg7tK2PXmLRU7TSZcdgQ-1680560844-0-Afu4EYlhCQ2w8zpWOHaBw/4SLAJ8yns+T5Yb9h5IMbUEEJNGBMMXn99xRZh+REQ6jildwoKPHeYViF0zbsH7Wd6n4k6l5rvW5IC2fbM8N0Ol; path=/; expires=Mon, 03-Apr-23 22:57:24 GMT; domain=.www.cloudflare.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16BFLPedIK%2BPSpCwK3Hzyo8w68U2h1DLi2MZmqtdZ7RcuudhRtiDCj19J%2BflKDECFLoKwueZ4AvjU5NvnCpMQseUWjMQvsJ3szP88QleOjRvfhVtfJSrmVN3deBltXqt16QRuA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

www.googleoptimize.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.googleoptimize.com

IN A

Response

www.googleoptimize.com

IN A

142.251.39.110
GET

https://www.googleoptimize.com/optimize.js?id=GTM-N4JSZJ8

IEXPLORE.EXE

Remote address:

142.251.39.110:443

Request

GET /optimize.js?id=GTM-N4JSZJ8 HTTP/2.0
host: www.googleoptimize.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: gzip
vary: Accept-Encoding
date: Mon, 03 Apr 2023 22:27:21 GMT
expires: Mon, 03 Apr 2023 22:27:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 49322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

performance.radar.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

performance.radar.cloudflare.com

IN A

Response

performance.radar.cloudflare.com

IN A

104.18.30.78

performance.radar.cloudflare.com

IN A

104.18.31.78
GET

https://performance.radar.cloudflare.com/beacon.js

IEXPLORE.EXE

Remote address:

104.18.30.78:443

Request

GET /beacon.js HTTP/2.0
host: performance.radar.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=yOqrDVu2JIEcICFrHbn66G5UKPNjLsSEtlr5TAQJqLA-1680560840-0-AZrLNQAonXWJmu4xFt1sEVZHfOroLXQcvYSyy7vJdYWqIgg+JW03teuJgPQ2pg1T6xgF43dijAPkQ6AX5G9tvIM=

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: text/javascript;charset=UTF-8
content-length: 41
access-control-allow-origin: *
cache-control: no-store, max-age=0
access-control-allow-headers: *
access-control-allow-methods: *
timing-allow-origin: *
set-cookie: __cf_bm=lqZjkGjRUxPcQ537V4OTGQ6vC6VqBgBYJAxGSvivVXU-1680560841-0-AQCCGdJ1wSxlb0NTHSbfrUfozbQXGXjRDackYh9YbZvLcnOT9Yo4fcJn9iOoIM0QPMRU1RRAdNioUGDP6K9mVvo=; path=/; expires=Mon, 03-Apr-23 22:57:21 GMT; domain=.radar.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 7b24bd0a5b1f0be3-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.57.101

static.cloudflareinsights.com

IN A

104.16.56.101
GET

https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

IEXPLORE.EXE

Remote address:

104.16.57.101:443

Request

GET /beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114 HTTP/2.0
host: static.cloudflareinsights.com
accept: application/javascript, */*;q=0.8
referer: https://www.cloudflare.com/time/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://www.cloudflare.com
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Mon, 03 Apr 2023 22:27:21 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2023.3.0
last-modified: Mon, 20 Mar 2023 17:58:49 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b24bd0afa0f0b8c-AMS
content-encoding: gzip
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

38.146.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.146.190.20.in-addr.arpa

IN PTR

Response

38.146.190.20.in-addr.arpa

IN CNAME

38.0-26.146.190.20.in-addr.arpa
DNS

229.133.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.133.16.104.in-addr.arpa

IN PTR

Response
DNS

96.124.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.124.16.104.in-addr.arpa

IN PTR

Response
DNS

110.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.39.251.142.in-addr.arpa

IN PTR

Response

110.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f141e100net
DNS

78.30.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.30.18.104.in-addr.arpa

IN PTR

Response
DNS

101.57.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.57.16.104.in-addr.arpa

IN PTR

Response
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

162.159.200.123:443

https://time.cloudflare.com/

tls, http2

IEXPLORE.EXE

1.3kB
3.8kB
16
11

HTTP Request

GET https://time.cloudflare.com/

HTTP Response

301
162.159.200.123:443

time.cloudflare.com

tls, http2

IEXPLORE.EXE

1.0kB
3.6kB
14
10
104.16.133.229:443

cloudflare.com

tls, http2

IEXPLORE.EXE

1.0kB
3.7kB
14
10
104.16.133.229:443

https://cloudflare.com/time

tls, http2

IEXPLORE.EXE

1.3kB
4.4kB
16
11

HTTP Request

GET https://cloudflare.com/time

HTTP Response

301
104.16.124.96:443

www.cloudflare.com

tls, http2

IEXPLORE.EXE

1.0kB
3.6kB
14
10
104.16.124.96:443

https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/assets/otCommonStyles.css

tls, http2

IEXPLORE.EXE

30.1kB
648.8kB
570
555

HTTP Request

GET https://www.cloudflare.com/time

HTTP Response

301

HTTP Request

GET https://www.cloudflare.com/time/

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.js

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/SearchModal-3ddfdb137194c4ee1004.js

HTTP Request

GET https://www.cloudflare.com/app-aaeb3732c2eadfb1495f.js

HTTP Request

GET https://www.cloudflare.com/framework-af5f1d9ed36a18b8ece2.js

HTTP Request

GET https://www.cloudflare.com/webpack-runtime-4b24f05bf0f56258dd70.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.json

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/favicon.ico

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/otBannerSdk.js

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/d8806338-d10a-406d-9677-f925dab8e982/en.json

HTTP Response

200

HTTP Request

GET https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.21.0/assets/otCommonStyles.css

HTTP Response

200
142.251.39.110:443

https://www.googleoptimize.com/optimize.js?id=GTM-N4JSZJ8

tls, http2

IEXPLORE.EXE

3.3kB
58.8kB
57
52

HTTP Request

GET https://www.googleoptimize.com/optimize.js?id=GTM-N4JSZJ8

HTTP Response

200
142.251.39.110:443

www.googleoptimize.com

tls, http2

IEXPLORE.EXE

1.1kB
5.4kB
15
11
104.18.30.78:443

performance.radar.cloudflare.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
14
10
104.18.30.78:443

https://performance.radar.cloudflare.com/beacon.js

tls, http2

IEXPLORE.EXE

1.6kB
4.5kB
18
13

HTTP Request

GET https://performance.radar.cloudflare.com/beacon.js

HTTP Response

200
104.16.57.101:443

https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

tls, http2

IEXPLORE.EXE

1.7kB
10.4kB
22
17

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vb26e4fa9e5134444860be286fd8771851679335129114

HTTP Response

200
104.16.57.101:443

static.cloudflareinsights.com

tls, http2

IEXPLORE.EXE

1.1kB
3.6kB
14
10
52.109.13.63:443

40 B
1
20.189.173.4:443

322 B
7
192.229.221.95:80

46 B
40 B
1
1
204.79.197.200:443

40 B
1
204.79.197.200:443

40 B
1
13.89.179.8:443

40 B
1
13.89.179.8:443

40 B
1
209.197.3.8:80

322 B
7
204.79.197.200:443

ieonline.microsoft.com

tls, http2

iexplore.exe

1.2kB
8.1kB
15
14

8.8.8.8:53

123.108.74.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

123.108.74.40.in-addr.arpa
8.8.8.8:53

time.cloudflare.com

dns

IEXPLORE.EXE

65 B
97 B
1
1

DNS Request

time.cloudflare.com

DNS Response

162.159.200.123

162.159.200.1
8.8.8.8:53

123.200.159.162.in-addr.arpa

dns

74 B
107 B
1
1

DNS Request

123.200.159.162.in-addr.arpa
8.8.8.8:53

cloudflare.com

dns

IEXPLORE.EXE

60 B
92 B
1
1

DNS Request

cloudflare.com

DNS Response

104.16.133.229

104.16.132.229
8.8.8.8:53

www.cloudflare.com

dns

IEXPLORE.EXE

64 B
96 B
1
1

DNS Request

www.cloudflare.com

DNS Response

104.16.124.96

104.16.123.96
8.8.8.8:53

www.googleoptimize.com

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

www.googleoptimize.com

DNS Response

142.251.39.110
8.8.8.8:53

performance.radar.cloudflare.com

dns

IEXPLORE.EXE

78 B
110 B
1
1

DNS Request

performance.radar.cloudflare.com

DNS Response

104.18.30.78

104.18.31.78
8.8.8.8:53

static.cloudflareinsights.com

dns

IEXPLORE.EXE

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.57.101

104.16.56.101
8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

76.38.195.152.in-addr.arpa
8.8.8.8:53

38.146.190.20.in-addr.arpa

dns

72 B
168 B
1
1

DNS Request

38.146.190.20.in-addr.arpa
8.8.8.8:53

229.133.16.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

229.133.16.104.in-addr.arpa
8.8.8.8:53

96.124.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

96.124.16.104.in-addr.arpa
8.8.8.8:53

110.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

110.39.251.142.in-addr.arpa
8.8.8.8:53

78.30.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

78.30.18.104.in-addr.arpa
8.8.8.8:53

101.57.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

101.57.16.104.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

200.232.18.117.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

200.232.18.117.in-addr.arpa
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
8b82e64a7691fb70aec48c12c37eb312

SHA1
96084b73e24ced2adea93695f71a62092771ce79

SHA256
5e1b36f0cccb94221d862d2fe35c892d699d397a87f74f18a668a57ba7ef8d5e

SHA512
36802e6043f76d717a376d762f84e89be4bf5b6675bcc662f9f768dfe6487582654333ede1f871cadaa5b5120ad5147ca81bd79b5092623d38f1fbf4037237f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
a2556d04bc82fa96cb5d82378f70cb71

SHA1
56144e220706609a4d93bf0978000982cfa44768

SHA256
24b4760a06a2e7f5daca21ba43340d79e7aab6a8c14a93c19b4c34583ca629ec

SHA512
0063e5366733f0a2bffcf239c1d7ca5d24b8ad54f8984e4206029448f166df1ef1488cb6e448300b0014c5b8b3de050dcdc3b975b333d688805c52f9b7af78cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\phzg4yt\imagestore.dat

Filesize
34KB

MD5
7debc6a51bc9929cc9ed4a41acb509a8

SHA1
d3ef027bd486b6d03c17455939ce101ccaa71f4b

SHA256
d74c89c4636e82879d72c9380da87b0d85c1d51ea26f2e1131d78f9519963817

SHA512
8b15f2c7590c882a4342832401ffcbe9774361348485f085de8fefa837684e738f2e9d7821343eaa055f1b8a1bec76394e77d639954177da97ef40d9e5acbe93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VT6R2QM\favicon[1].ico

Filesize
33KB

MD5
88415acda09a4cbd9d87543c3ba78180

SHA1
2dec4705e9ab399efdc6eef36e079aa31d1df8d9

SHA256
20cccc47c1bac9d2ef36b6a1c58af58c5c169ad5ca084080f0392b86f949641c

SHA512
77d0d7e0c85a1cad6a22372f2d3904c0842628ce7f1adac9a2a0cbf3b566ce8148527b0e7ede2bb068f5d005917b3f95c2a25d031d0d4d7a6a5a117cefa83b24

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.