hxxps://mandrillapp[.]com/track/click/31047859/myalumni[.]mcgill[.]ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ

Analysis

max time kernel
39s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2023, 19:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mandrillapp.com/track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C960858A-FA7C-11ED-BDA1-DA4DA442263B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dda575ab9a32464a94b16e264785df5f00000000020000000000106600000001000020000000973ef5888f383a9c4a58486bc2024050e7ca29837e7fa317c8d6f46321b944f2000000000e80000000020000200000009c2b7de3ea9744d7f1eb31d82a9a0eaf36add80a627bc1a6acc0907fed45a8bf2000000030c2a5b89870ec396f64294fcd134fb6a790eb7df06df60dca1e7893d2e25b6a40000000aa623d099d00df95c3bfbfdb704def0bab715cef57d9a1fcc495f0e63dfb3aa8f8d6db3beb088816b123f4990525b1bd412012e80273c7416a1ed7e3683c8cdc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31035017"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2657086194"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3048c394898ed901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2704126466"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31035017"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4009339a898ed901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dda575ab9a32464a94b16e264785df5f00000000020000000000106600000001000020000000fca5dbaada511c1898878eca281e3142322a8274b5fadf024b75a6d7d11078df000000000e80000000020000200000002fda8de7174ad2bb128a0382091b4145f2212bae425c03ecbdf67a6ef3b3d0112000000034d6e32b75785b402c3ed607cd56295fe174e5f91893993d27027dc64f724c6440000000dfed5541b451db552b37f8e06a7a28bca8d6d73bf2221d7aeb16f40aac149cb0cf33bd3ba1f1fbebef45773fc6e8d29439b4c5bb418cf8171b11dd83e8cbbb3f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31035017"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2657086194"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4952	iexplore.exe
4952	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4952	iexplore.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4952	iexplore.exe
4952	iexplore.exe
3816	IEXPLORE.EXE
3816	IEXPLORE.EXE
3816	IEXPLORE.EXE
3816	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE
4188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 3816	4952	iexplore.exe	83
PID 4952 wrote to memory of 3816	4952	iexplore.exe	83
PID 4952 wrote to memory of 3816	4952	iexplore.exe	83
PID 4952 wrote to memory of 4188	4952	iexplore.exe	89
PID 4952 wrote to memory of 4188	4952	iexplore.exe	89
PID 4952 wrote to memory of 4188	4952	iexplore.exe	89

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://mandrillapp.com/track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4952 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4952 CREDAT:82962 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4188

Network

DNS

mandrillapp.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

mandrillapp.com

IN A

Response

mandrillapp.com

IN A

13.229.125.179

mandrillapp.com

IN A

13.229.229.215
DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
GET

https://mandrillapp.com/track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ

IEXPLORE.EXE

Remote address:

13.229.125.179:443

Request

GET /track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mandrillapp.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

server: nginx/1.4.6 (Ubuntu)
date: Wed, 24 May 2023 19:49:08 GMT
content-type: text/html; charset=utf-8
transfer-encoding: chunked
set-cookie: PHPSESSID=d5b34bcfa7553281f25e033a19d9cc6b; expires=Thu, 25-May-2023 05:49:08 GMT; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=d5b34bcfa7553281f25e033a19d9cc6b; expires=Thu, 25-May-2023 05:49:08 GMT; path=/; secure; httponly
location: https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=
content-encoding: gzip
vary: Accept-Encoding
DNS

179.125.229.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

179.125.229.13.in-addr.arpa

IN PTR

Response

179.125.229.13.in-addr.arpa

IN PTR

ec2-13-229-125-179ap-southeast-1compute amazonawscom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

myalumni.mcgill.ca

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

myalumni.mcgill.ca

IN A

Response

myalumni.mcgill.ca

IN CNAME

cahosted.imodules.com

cahosted.imodules.com

IN CNAME

imodusorigin.imodulesca.com

imodusorigin.imodulesca.com

IN A

104.17.59.157

imodusorigin.imodulesca.com

IN A

104.17.61.157

imodusorigin.imodulesca.com

IN A

104.17.57.157

imodusorigin.imodulesca.com

IN A

104.17.58.157

imodusorigin.imodulesca.com

IN A

104.17.60.157
GET

https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=

IEXPLORE.EXE

Remote address:

104.17.59.157:443

Request

GET /redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU= HTTP/2.0
host: myalumni.mcgill.ca
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:09 GMT
content-type: text/html; charset=utf-8
content-length: 403
location: https://secureca.imodules.com/controls/login/sts.ashx?sid=1762&gid=2&returnUrl=https%3a%2f%2fmyalumni.mcgill.ca%2fredirect.aspx%3flinkID%3d805890%26sendId%3d208699%26eid%3d228301%26gid%3d2%26tokenUrl%3dhttp%3a%2f%2fDcccd.xyz-wellness.com%2fS2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU%3d
x-stackifyid: P2|ecbc4091-b7ea-4b0f-b673-875e0d863574|C55784|CD1284
set-cookie: tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=; path=/; SameSite=none ;Secure
set-cookie: ENCOMPASSCC_1762=bsc; path=/; SameSite=none ;Secure
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.imodules.com
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc80f692cc7b891-AMS
GET

https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&sessionid=87204e21-e580-4bd8-bf63-bd56c5093c6a&cc=1

IEXPLORE.EXE

Remote address:

104.17.59.157:443

Request

GET /redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&sessionid=87204e21-e580-4bd8-bf63-bd56c5093c6a&cc=1 HTTP/2.0
host: myalumni.mcgill.ca
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=; ENCOMPASSCC_1762=bsc

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:09 GMT
content-length: 0
location: https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2
x-stackifyid: P2|56e19353-5fb5-48b7-9d34-574ee5d5a800|C55784|CD1284
set-cookie: ENCOMPASSSESSIONID_1762=87204e21-e580-4bd8-bf63-bd56c5093c6a; path=/; secure; HttpOnly; SameSite=none ;Secure
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.imodules.com
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc80f6d3b9ab891-AMS
GET

https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2

IEXPLORE.EXE

Remote address:

104.17.59.157:443

Request

GET /redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2 HTTP/2.0
host: myalumni.mcgill.ca
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=; ENCOMPASSCC_1762=bsc; ENCOMPASSSESSIONID_1762=87204e21-e580-4bd8-bf63-bd56c5093c6a

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:09 GMT
content-type: text/html; charset=utf-8
content-length: 183
location: http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=
cache-control: private
x-stackifyid: P2|cb905c37-8209-42b5-9043-e89f7ad7fc0c|C55784|CD1284
x-aspnet-version: 4.0.30319
set-cookie: tokenUrl=; expires=Tue, 23-May-2023 19:49:09 GMT; path=/; SameSite=none ;Secure
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.imodules.com
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc80f6e0cdab891-AMS
DNS

76.38.195.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.38.195.152.in-addr.arpa

IN PTR

Response
DNS

157.59.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.59.17.104.in-addr.arpa

IN PTR

Response
DNS

secureca.imodules.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

secureca.imodules.com

IN A

Response

secureca.imodules.com

IN CNAME

imodusorigin.imodules.com.cdn.cloudflare.net

imodusorigin.imodules.com.cdn.cloudflare.net

IN A

104.18.69.99

imodusorigin.imodules.com.cdn.cloudflare.net

IN A

104.18.68.99

imodusorigin.imodules.com.cdn.cloudflare.net

IN A

104.18.71.99

imodusorigin.imodules.com.cdn.cloudflare.net

IN A

104.18.72.99

imodusorigin.imodules.com.cdn.cloudflare.net

IN A

104.18.70.99
GET

https://secureca.imodules.com/controls/login/sts.ashx?sid=1762&gid=2&returnUrl=https%3a%2f%2fmyalumni.mcgill.ca%2fredirect.aspx%3flinkID%3d805890%26sendId%3d208699%26eid%3d228301%26gid%3d2%26tokenUrl%3dhttp%3a%2f%2fDcccd.xyz-wellness.com%2fS2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU%3d

IEXPLORE.EXE

Remote address:

104.18.69.99:443

Request

GET /controls/login/sts.ashx?sid=1762&gid=2&returnUrl=https%3a%2f%2fmyalumni.mcgill.ca%2fredirect.aspx%3flinkID%3d805890%26sendId%3d208699%26eid%3d228301%26gid%3d2%26tokenUrl%3dhttp%3a%2f%2fDcccd.xyz-wellness.com%2fS2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU%3d HTTP/2.0
host: secureca.imodules.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:09 GMT
content-type: text/html; charset=utf-8
content-length: 274
location: https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&sessionid=87204e21-e580-4bd8-bf63-bd56c5093c6a&cc=1
cache-control: private
x-stackifyid: P2|0850de78-fbe5-47d0-b748-0542f49a2c15|C55784|CD1284
set-cookie: ENCOMPASSSESSIONID_1762=87204e21-e580-4bd8-bf63-bd56c5093c6a; path=/; secure; HttpOnly; SameSite=none ;Secure
x-aspnet-version: 4.0.30319
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.imodules.com
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7cc80f6c4f091c87-AMS
DNS

dcccd.xyz-wellness.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

dcccd.xyz-wellness.com

IN A

Response

dcccd.xyz-wellness.com

IN A

192.254.190.194
GET

http://dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=

IEXPLORE.EXE

Remote address:

192.254.190.194:80

Request

GET /S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU= HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: dcccd.xyz-wellness.com

Response

HTTP/1.1 200 OK

Date: Wed, 24 May 2023 19:49:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=85c0569e853bc0806f5946ee62bde248; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 139
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
DNS

99.69.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.69.18.104.in-addr.arpa

IN PTR

Response
DNS

194.190.254.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.190.254.192.in-addr.arpa

IN PTR

Response

194.190.254.192.in-addr.arpa

IN PTR

192-254-190-194unifiedlayercom
DNS

6ciqkkdehs6453c4419efdc.tkdref.ru

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

6ciqkkdehs6453c4419efdc.tkdref.ru

IN A

Response

6ciqkkdehs6453c4419efdc.tkdref.ru

IN A

188.114.96.0

6ciqkkdehs6453c4419efdc.tkdref.ru

IN A

188.114.97.0
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /MKimberlyFlanders@dcccd.edu HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: http://dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 403

date: Wed, 24 May 2023 19:49:11 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WDBfUxhXrs5eTaCUOozbQ%2BSk2lQRQBTXIaR4GMFefLT%2B4Ld%2FC1aXOZRLNuTDfDdkhuB6vuAkrCSymJE472hlSb4yeB6Cmh14eDcrVo%2FQSm1r6kDdaB7O3IzBwqjjrTKlpB086kDWX60%2FPAO5cmmFdHFC5Xc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80f7abd1eb92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/styles/challenges.css

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/styles/challenges.css HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: text/css, */*
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:11 GMT
content-type: text/css
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: W/"64678b62-19c8"
server: cloudflare
cf-ray: 7cc80f7b2de6b92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:11 GMT
cache-control: max-age=7200
cache-control: public
content-encoding: gzip
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f7abd1eb92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f7abd1eb92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:11 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: "64678b62-2a"
server: cloudflare
cf-ray: 7cc80f7cf8dcb92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:11 GMT
cache-control: max-age=7200
cache-control: public
accept-ranges: bytes
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f7abd1eb92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f7abd1eb92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: application/javascript, */*;q=0.8
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:11 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BoQOkTfW1GpZ51wOkQMx1hBjbI%2Babx4YrJQKHonkLbwcfsKndKBhA1CI%2Bte4dq%2BCThKL5KqoKVw1kmKRydd%2Fwt0zzoFh5G4SaahJqpwRk4%2B1ADTjn4YE3Pcz%2FzLq8vhrFzIdQwCJdo5Tp8L5VlIMeuhXsIc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc80f7d392bb92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/favicon.ico

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /favicon.ico HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 403

date: Wed, 24 May 2023 19:49:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNWW4cS%2BczfdRkmpReJmm8rZirJpvsRt4jxtlNENcdan%2FhTAOYpMH4RDCJBzLN4DSAUTzx5n4ZIhTAdtP9GGf4xKWoCaHG5kHr%2BDKCBehs%2BfuvIFbdxRb7Ozry5w1vAShOfmJM1Vzn28s9bep5qB%2Fe3SM8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80f808e9eb92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f7abd1eb92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f7abd1eb92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:12 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: "64678b62-2a"
server: cloudflare
cf-ray: 7cc80f80ff38b92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:12 GMT
cache-control: max-age=7200
cache-control: public
accept-ranges: bytes
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /MKimberlyFlanders@dcccd.edu HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 403

date: Wed, 24 May 2023 19:49:15 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVZwfCaqaWvkVNCSXdISarRRCSuMljisQqXEPA0z6fvAu5Ojzg2bzrf8X9Xljy7vaRGRxYjNZo9uvnyHmefjEW63zxNhiWG%2BOvBzt19dDRLbT2lhHcBNtcg9Af6ZQYRCgz8O9WIcIpjzETzgIp3dgs6r%2FDg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80f94bf69b92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/styles/challenges.css

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/styles/challenges.css HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: text/css, */*
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
if-modified-since: Fri, 19 May 2023 14:44:50 GMT
if-none-match: W/"64678b62-19c8"
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 304

date: Wed, 24 May 2023 19:49:15 GMT
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: "64678b62-19c8"
server: cloudflare
cf-ray: 7cc80f94cf8fb92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:15 GMT
cache-control: max-age=7200
cache-control: public
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f94bf69b92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f94bf69b92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:15 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: "64678b62-2a"
server: cloudflare
cf-ray: 7cc80f94ffd6b92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:15 GMT
cache-control: max-age=7200
cache-control: public
accept-ranges: bytes
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f94bf69b92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f94bf69b92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: application/javascript, */*;q=0.8
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:15 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQxBg0MLqwtJR5Gzlj0YEcRHcQdCwILpFC0ZyzQ2VxSttu0hrxqC5J2UtUJJ%2Fwsz9Q1h4dJuaajjvSGXiz7%2B%2FaBiOaQGK0NtsOpA000Aoysc6445uuJtlKDq2R%2BIs94Hryp%2F6ra%2B9ncMGt%2Fpa0jhocXzBFs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cc80f94ffdbb92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f94bf69b92a

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f94bf69b92a HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu?__cf_chl_rt_tk=eieoGElq7F26xu0HBxVbGeyQpNnMGRqgthQOIEcItKM-1684957755-0-gaNycGzNCTs
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:15 GMT
content-type: image/gif
content-length: 42
last-modified: Fri, 19 May 2023 14:44:50 GMT
etag: "64678b62-2a"
server: cloudflare
cf-ray: 7cc80f95280bb92a-AMS
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 24 May 2023 21:49:15 GMT
cache-control: max-age=7200
cache-control: public
accept-ranges: bytes
GET

https://6ciqkkdehs6453c4419efdc.tkdref.ru/favicon.ico

IEXPLORE.EXE

Remote address:

188.114.96.0:443

Request

GET /favicon.ico HTTP/2.0
host: 6ciqkkdehs6453c4419efdc.tkdref.ru
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: cf_chl_rc_m=1

Response

HTTP/2.0 403

date: Wed, 24 May 2023 19:49:15 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3%2BHIx5w1Lot%2FdQitmTVciuH8t%2B7Ac9huNi2O%2FmWJirP1LhRgEYY%2BYxsnkBrEY0eG2jLsNZyMeUache16QKX71HeDWS5AQ42mo%2FaF4rB7X7L7YzZsn11TG9Csgv6yYmNb7bzF7Gel2RCH9wgllZCgO7Q2mw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80f95b8e5b92a-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

x2.c.lencr.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

x2.c.lencr.org

IN A

Response

x2.c.lencr.org

IN CNAME

crl.root-x1.letsencrypt.org.edgekey.net

crl.root-x1.letsencrypt.org.edgekey.net

IN CNAME

e8652.dscx.akamaiedge.net

e8652.dscx.akamaiedge.net

IN A

23.206.95.234
GET

http://x2.c.lencr.org/

IEXPLORE.EXE

Remote address:

23.206.95.234:80

Request

GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Sat, 15 Apr 2023 00:28:13 GMT
ETag: "6439ef9d-12c"
Cache-Control: max-age=3600
Expires: Wed, 24 May 2023 20:49:11 GMT
Date: Wed, 24 May 2023 19:49:11 GMT
Content-Length: 300
Connection: keep-alive
DNS

123.108.74.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

123.108.74.40.in-addr.arpa

IN PTR

Response
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

234.95.206.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.95.206.23.in-addr.arpa

IN PTR

Response

234.95.206.23.in-addr.arpa

IN PTR

a23-206-95-234deploystaticakamaitechnologiescom
DNS

challenges.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

challenges.cloudflare.com

IN A

Response

challenges.cloudflare.com

IN A

104.18.6.185

challenges.cloudflare.com

IN A

104.18.7.185
GET

https://challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit

IEXPLORE.EXE

Remote address:

104.18.6.185:443

Request

GET /turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/2.0
host: challenges.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:12 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80f811e650b48-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
DNS

185.6.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.6.18.104.in-addr.arpa

IN PTR

Response
DNS

developers.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

developers.cloudflare.com

IN A

Response

developers.cloudflare.com

IN A

104.16.80.250

developers.cloudflare.com

IN A

104.16.77.250

developers.cloudflare.com

IN A

104.16.79.250

developers.cloudflare.com

IN A

104.16.81.250

developers.cloudflare.com

IN A

104.16.78.250
GET

https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Request

GET /fundamentals/get-started/concepts/cloudflare-challenges/ HTTP/2.0
host: developers.cloudflare.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 103

link: </style.css>; as=style; rel=preload
GET

https://developers.cloudflare.com/assets/index-dc2f2bff.js

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
link: </style.css>; rel=preload; as=style
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1PhWEYFbDJpNZtNZRYEXX1GvZCFsySwMQKipJZGpx2pN%2BRtpH%2F5Wc9uqMMYb04tEvQyJX37ni06S3CeULRtH94oLacWNHF0fYt69KMBoRo%2BBFZ60Y8klgfl%2FOIQc4jC8l8pOyAMekMKU18mq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=; path=/; expires=Wed, 24-May-23 20:19:22 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7cc80fbccc7d0e31-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Request

GET /assets/index-dc2f2bff.js HTTP/2.0
host: developers.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=
GET

https://developers.cloudflare.com/assets/index-7babe9c7.css

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Request

GET /assets/index-7babe9c7.css HTTP/2.0
host: developers.cloudflare.com
accept: text/css, */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=60
etag: W/"9810d95af9e8e7a6807c237ef42e7410"
link: </style.css>; rel=preload; as=style
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jft0j5ipNi4t%2BnV58zNZzMj8aaZ4xT%2FGV0vZp7gcrXoQJykziphJAo3DGj0Z0C3DEO8EMwEUybv%2F23h%2FdF2%2BioIvpz1%2BtcKOuhw2EJQXb%2BynRmY4n%2FtUv51tPscESEsa9FPX1LAvpRFATmdU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Wed, 24 May 2023 19:50:22 GMT
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7cc80fbdfec00e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://developers.cloudflare.com/assets/CodeCopy-a4650a37.css

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Request

GET /assets/CodeCopy-a4650a37.css HTTP/2.0
host: developers.cloudflare.com
accept: text/css, */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=60
etag: W/"e48220dedb4d94af80384d4adeb9308b"
link: </style.css>; rel=preload; as=style
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wfkwwn5A7%2Ff0NsTl%2FqyVn%2FwjtN0HuGEIShu2Y0aWkRuNVe1kB1MsJjCzs6NzjKmdzoECIP0j9N3ooO2MvQ%2B5YLvi4s5aSFDVi9jeQkQnf0bNnbv%2FsVBbVeEepbtidE0XL8jCGiDxqx6DpFfe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Wed, 24 May 2023 19:50:22 GMT
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7cc80fbdfeb90e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://developers.cloudflare.com/cdn-cgi/challenge-platform/scripts/invisible.js

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=60
etag: W/"c3ba8d31f9ba3570281bd36182d53331"
link: </style.css>; rel=preload; as=style
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U8d9kkw9LQAJfQMEBRfLbpo4oEFkiAKeZyu0lzRcAkFwwZZRbrAoUmS0GmNkrvDvl6QAJ3U1qaAzf84GgLy9lObLj4YS9dyUmALNwcqf9yObtUtz9HBaHdAB%2FiwMKfYnGVtJh7TZZGKVg1uy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Wed, 24 May 2023 19:50:22 GMT
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7cc80fbdfeb40e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Request

GET /cdn-cgi/challenge-platform/scripts/invisible.js HTTP/2.0
host: developers.cloudflare.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=
GET

https://developers.cloudflare.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:22 GMT
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js
content-encoding: gzip
vary: accept-encoding
cache-control: max-age=300, public
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fc1bc9c0e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Request

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js HTTP/2.0
host: developers.cloudflare.com
accept: application/javascript, */*;q=0.8
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=
OPTIONS

https://developers.cloudflare.com/cdn-cgi/challenge-platform/h/b/cv/result/7cc80fbccc7d0e31

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
content-encoding: gzip
strict-transport-security: max-age=15552000; preload
server: cloudflare
cf-ray: 7cc80fc1ccc30e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Request

OPTIONS /cdn-cgi/challenge-platform/h/b/cv/result/7cc80fbccc7d0e31 HTTP/2.0
host: developers.cloudflare.com
accept: */*
origin: https://developers.cloudflare.com
access-control-request-method: POST
access-control-request-headers: content-type
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 0
cache-control: no-cache
POST

https://developers.cloudflare.com/cdn-cgi/rum?

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 400

date: Wed, 24 May 2023 19:49:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate
cf-chl-out: yDKxZQvrugKhYrZJ83csdw==$R2wMH7vAUDHc9jvLuerD8Q==
set-cookie: __cf_bm=lIv8mwfgJi4dzmnLKmjueprJKuikMCIHppI5JlsD6r8-1684957764-0-Ac5BvySCtjnjEKW9OKEjtvF951xt05/TYZCPk3WMsk9O3jFN+pjhyTTuiKYJr/FtHvDB81tPObwtqbouB7Ca/dk=; path=/; expires=Wed, 24-May-23 20:19:24 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fca5a7b0e31-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Request

POST /cdn-cgi/rum? HTTP/2.0
host: developers.cloudflare.com
accept: */*
content-type: application/json
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 4261
cache-control: no-cache
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=
POST

https://developers.cloudflare.com/cdn-cgi/rum?

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 204

date: Wed, 24 May 2023 19:49:24 GMT
access-control-allow-origin: https://developers.cloudflare.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7cc80fcee9f40e31-AMS
x-frame-options: DENY
x-content-type-options: nosniff

Request

POST /cdn-cgi/rum? HTTP/2.0
host: developers.cloudflare.com
accept: */*
content-type: application/json
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
content-length: 442
cache-control: no-cache
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=; OptanonConsent=isGpcEnabled=0&datestamp=Wed+May+24+2023+21%3A49%3A23+GMT%2B0000+(Coordinated+Universal+Time)&version=202209.1.0&isIABGlobal=false&hosts=&consentId=f980e053-4ed3-4052-b1b4-b02dd7a386fc&interactionCount=0&landingPath=https%3A%2F%2Fdevelopers.cloudflare.com%2Ffundamentals%2Fget-started%2Fconcepts%2Fcloudflare-challenges%2F%23browser-support
DNS

IEXPLORE.EXE

Remote address:

104.16.80.250:443

Response

HTTP/2.0 204

date: Wed, 24 May 2023 19:49:33 GMT
access-control-allow-origin: https://developers.cloudflare.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7cc8100208640e31-AMS
x-frame-options: DENY
x-content-type-options: nosniff
DNS

250.80.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.80.16.104.in-addr.arpa

IN PTR

Response
DNS

cdn.cookielaw.org

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.cookielaw.org

IN A

Response

cdn.cookielaw.org

IN A

104.18.169.114

cdn.cookielaw.org

IN A

104.18.170.114
DNS

cdn.jsdelivr.net

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
GET

https://cdn.jsdelivr.net/npm/@docsearch/css@3

IEXPLORE.EXE

Remote address:

151.101.1.229:443

Request

GET /npm/@docsearch/css@3 HTTP/2.0
host: cdn.jsdelivr.net
accept: text/css, */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.3.5
x-jsd-version-type: version
etag: W/"34e2-wFF0C09/1nVys1n1OM1fVZsXsDs"
content-encoding: gzip
accept-ranges: bytes
date: Wed, 24 May 2023 19:49:22 GMT
age: 12361
x-served-by: cache-fra-eddf8230069-FRA, cache-ams21043-AMS
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3135
GET

https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/OtAutoBlock.js

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/OtAutoBlock.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/x-javascript
content-length: 1904
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: ZLVU6rpQcqxHxITIfOyEAA==
last-modified: Fri, 03 Feb 2023 19:17:58 GMT
etag: 0x8DB061B5C6651DF
x-ms-request-id: a710c32a-901e-0175-3ee1-5a1908000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 40415
expires: Thu, 25 May 2023 19:49:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbdff78b980-AMS
GET

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /scripttemplates/otSDKStub.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript
content-length: 6766
content-encoding: gzip
content-md5: JYwMFRCSwBZdNsd6Nb17qg==
last-modified: Mon, 22 May 2023 17:17:51 GMT
etag: 0x8DB5AE879496250
x-ms-request-id: 38a1e82d-701e-007b-4a06-8db356000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 9157
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbdff79b980-AMS
GET

https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d3bba612-bde9-4daa-93e3-a78dab7d1a86.json

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d3bba612-bde9-4daa-93e3-a78dab7d1a86.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/x-javascript
content-length: 1624
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: YpImnNdUaUAYnF6FuMK0pw==
last-modified: Fri, 03 Feb 2023 19:17:58 GMT
etag: 0x8DB061B5BFB1C89
x-ms-request-id: fd957aae-f01e-0108-2ce1-5a85c0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 43659
expires: Thu, 25 May 2023 19:49:22 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbee89ab980-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /scripttemplates/202209.1.0/otBannerSdk.js HTTP/2.0
host: cdn.cookielaw.org
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript
content-length: 91423
content-encoding: gzip
content-md5: 229oLfugqvtMNLM3e0uPaA==
last-modified: Tue, 11 Oct 2022 04:36:30 GMT
etag: 0x8DAAB422B1E6529
x-ms-request-id: 3ff92f43-501e-0082-4bae-7379b6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 679
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fc1bcdcb980-AMS
GET

https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d8806338-d10a-406d-9677-f925dab8e982/en.json

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d8806338-d10a-406d-9677-f925dab8e982/en.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:23 GMT
content-type: application/x-javascript
content-length: 11115
cache-control: public, max-age=86400
content-encoding: gzip
content-md5: LeJ1brvqfL8qiBTKVA78zA==
last-modified: Fri, 03 Feb 2023 19:17:58 GMT
etag: 0x8DB061B5C8B39A1
x-ms-request-id: b61026f7-d01e-0098-1be1-5a56d9000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 85949
expires: Thu, 25 May 2023 19:49:23 GMT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fc4588fb980-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otFlat.json

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /scripttemplates/202209.1.0/assets/otFlat.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:25 GMT
content-type: application/json
content-length: 3007
content-encoding: gzip
content-md5: wG3T8rT9wA5w2UbDdvkxcQ==
last-modified: Tue, 11 Oct 2022 04:36:21 GMT
etag: 0x8DAAB42258FDE79
x-ms-request-id: 62225c11-501e-004e-27e1-5a1d03000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 38118
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fcfa9d3b980-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/otPcCenter.json

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /scripttemplates/202209.1.0/assets/v2/otPcCenter.json HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:25 GMT
content-type: application/json
content-length: 13334
content-encoding: gzip
content-md5: eeLeQFlL9c7wmvR8bYV+Vw==
last-modified: Tue, 11 Oct 2022 04:36:23 GMT
etag: 0x8DAAB4226FAD215
x-ms-request-id: fd957a62-f01e-0108-67e1-5a85c0000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 42587
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fcfa9d4b980-AMS
GET

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otCommonStyles.css

IEXPLORE.EXE

Remote address:

104.18.169.114:443

Request

GET /scripttemplates/202209.1.0/assets/otCommonStyles.css HTTP/2.0
host: cdn.cookielaw.org
accept: */*
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:25 GMT
content-type: text/css
content-md5: B55i3ZY9miZIaUrwjufy0w==
last-modified: Tue, 11 Oct 2022 04:36:34 GMT
x-ms-request-id: a13ea9bc-001e-0056-6ee1-5a3096000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: max-age=86400
cf-cache-status: HIT
age: 38118
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fcfb9dfb980-AMS
content-encoding: gzip
DNS

cdnjs.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
DNS

feedback.developers.cloudflare.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

feedback.developers.cloudflare.com

IN A

Response

feedback.developers.cloudflare.com

IN A

104.16.81.250

feedback.developers.cloudflare.com

IN A

104.16.80.250

feedback.developers.cloudflare.com

IN A

104.16.77.250

feedback.developers.cloudflare.com

IN A

104.16.78.250

feedback.developers.cloudflare.com

IN A

104.16.79.250
DNS

unpkg.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

unpkg.com

IN A

Response

unpkg.com

IN A

104.16.125.175

unpkg.com

IN A

104.16.122.175

unpkg.com

IN A

104.16.126.175

unpkg.com

IN A

104.16.123.175

unpkg.com

IN A

104.16.124.175
DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.56.101

static.cloudflareinsights.com

IN A

104.16.57.101
DNS

static.cloudflareinsights.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.56.101

static.cloudflareinsights.com

IN A

104.16.57.101
GET

https://cdnjs.cloudflare.com/ajax/libs/docsearch-js/3.3.3/umd/index.js

IEXPLORE.EXE

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/docsearch-js/3.3.3/umd/index.js HTTP/2.0
host: cdnjs.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 28310
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: gzip
etag: "63e0ed6c-6e96"
last-modified: Mon, 06 Feb 2023 12:07:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 178787
expires: Mon, 13 May 2024 19:49:22 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AL8gjcvsfIOWnm9f9s%2Bwz2FDgJ6WrNag4y2%2BgejBVHuh%2BZjLMMz8Fs8XkG9D8Zx7RZwN0uv99Hk3NQdwjrWUOYVbs6GHHDx4B%2BvbY0mSUpdwQ3rh6iexNNNhIpxYqH9sFAu9E4K1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7cc80fbe291a1c8a-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://feedback.developers.cloudflare.com/sdk.js

IEXPLORE.EXE

Remote address:

104.16.81.250:443

Request

GET /sdk.js HTTP/2.0
host: feedback.developers.cloudflare.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
cookie: __cf_bm=i4cR7GOMv7YyUZn35n.d3I6u3IPhZJ8Qf3qu9fV_KLY-1684957762-0-AdNc3wj74B0JvbUg4F/sMqAIWwZH0+Wl9AoTq2qAvc7YdFtnNbS6JZ9Do+BzTIgArmSr4KL1fEbCk5qk7azsjGw=

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=900
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbe49a10e08-AMS
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET

https://unpkg.com/littlefoot/dist/littlefoot.js

IEXPLORE.EXE

Remote address:

104.16.125.175:443

Request

GET /littlefoot/dist/littlefoot.js HTTP/2.0
host: unpkg.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 302

date: Wed, 24 May 2023 19:49:22 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /littlefoot@4.0.0-9/dist/littlefoot.js
vary: Accept, Accept-Encoding
content-encoding: gzip
via: 1.1 fly.io
fly-request-id: 01H17MVE4GYS90299TKTY2ZRW0-ams
cf-cache-status: HIT
age: 89
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbe5bc60a51-AMS
GET

https://unpkg.com/littlefoot@4.0.0-9/dist/littlefoot.js

IEXPLORE.EXE

Remote address:

104.16.125.175:443

Request

GET /littlefoot@4.0.0-9/dist/littlefoot.js HTTP/2.0
host: unpkg.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
cache-control: public, max-age=31536000
last-modified: Thu, 09 Mar 2023 14:40:19 GMT
etag: "3e5c-OP5rX/QC0OrInRimANOkq1m+jA8"
via: 1.1 fly.io
fly-request-id: 01GV3D6PZ6Z981SXXYJXNSC1P2-ams
cf-cache-status: HIT
age: 6584775
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7cc80fbe9c1f0a51-AMS
GET

https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

IEXPLORE.EXE

Remote address:

104.16.56.101:443

Request

GET /beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 HTTP/2.0
host: static.cloudflareinsights.com
accept: application/javascript, */*;q=0.8
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2023.4.2
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cc80fbeb89f1cc6-AMS
content-encoding: gzip
DNS

geolocation.onetrust.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

geolocation.onetrust.com

IN A

Response

geolocation.onetrust.com

IN A

104.18.29.38

geolocation.onetrust.com

IN A

104.18.28.38
GET

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

IEXPLORE.EXE

Remote address:

104.18.29.38:443

Request

GET /cookieconsentpub/v1/geo/location HTTP/2.0
host: geolocation.onetrust.com
accept: application/json
referer: https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/
accept-language: en-US
origin: https://developers.cloudflare.com
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

Response

HTTP/2.0 200

date: Wed, 24 May 2023 19:49:22 GMT
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7cc80fbf5fe1b7df-AMS
content-encoding: gzip
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
DNS

114.169.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

114.169.18.104.in-addr.arpa

IN PTR

Response
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

250.81.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.81.16.104.in-addr.arpa

IN PTR

Response
DNS

175.125.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.125.16.104.in-addr.arpa

IN PTR

Response
DNS

101.56.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.56.16.104.in-addr.arpa

IN PTR

Response
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

38.29.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.29.18.104.in-addr.arpa

IN PTR

Response
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

229.65.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.65.101.151.in-addr.arpa

IN PTR

Response
DNS

200.232.18.117.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.232.18.117.in-addr.arpa

IN PTR

Response

13.229.125.179:443

mandrillapp.com

tls

IEXPLORE.EXE

688 B
3.6kB
8
5
13.229.125.179:443

https://mandrillapp.com/track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ

tls, http

IEXPLORE.EXE

1.6kB
4.5kB
10
7

HTTP Request

GET https://mandrillapp.com/track/click/31047859/myalumni.mcgill.ca?p=eyJzIjoiNUxZX3ZaZ29fY2xFVjdNNmliVGdxX0RXTlZzIiwidiI6MSwicCI6IntcInVcIjozMTA0Nzg1OSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL215YWx1bW5pLm1jZ2lsbC5jYVxcXC9yZWRpcmVjdC5hc3B4P2xpbmtJRD04MDU4OTAmc2VuZElkPTIwODY5OSZlaWQ9MjI4MzAxJmdpZD0yJnRva2VuVXJsPWh0dHA6XFxcL1xcXC9EY2NjZC54eXotd2VsbG5lc3MuY29tXFxcL1MybHRZbVZ5YkhsR2JHRnVaR1Z5YzBCa1kyTmpaQzVsWkhVPVwiLFwiaWRcIjpcIjA4NWE1YTU3M2RjMDQwMmY5ZDE2MzhjOGQ1MjllZTQ2XCIsXCJ1cmxfaWRzXCI6W1wiZDU3YjQ5NmYwMDA1YTY3YTM1YjIwMDQ1MzhkZGEzNWE3ODQ3MDg3NVwiXX0ifQ

HTTP Response

302
104.17.59.157:443

https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2

tls, http2

IEXPLORE.EXE

2.3kB
6.5kB
20
16

HTTP Request

GET https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&tokenUrl=http://Dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=

HTTP Response

302

HTTP Request

GET https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2&sessionid=87204e21-e580-4bd8-bf63-bd56c5093c6a&cc=1

HTTP Response

302

HTTP Request

GET https://myalumni.mcgill.ca/redirect.aspx?linkID=805890&sendId=208699&eid=228301&gid=2

HTTP Response

302
104.17.59.157:443

myalumni.mcgill.ca

tls, http2

IEXPLORE.EXE

1.2kB
4.2kB
12
9
104.18.69.99:443

secureca.imodules.com

tls, http2

IEXPLORE.EXE

958 B
3.5kB
12
9
104.18.69.99:443

https://secureca.imodules.com/controls/login/sts.ashx?sid=1762&gid=2&returnUrl=https%3a%2f%2fmyalumni.mcgill.ca%2fredirect.aspx%3flinkID%3d805890%26sendId%3d208699%26eid%3d228301%26gid%3d2%26tokenUrl%3dhttp%3a%2f%2fDcccd.xyz-wellness.com%2fS2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU%3d

tls, http2

IEXPLORE.EXE

1.4kB
4.4kB
14
10

HTTP Request

GET https://secureca.imodules.com/controls/login/sts.ashx?sid=1762&gid=2&returnUrl=https%3a%2f%2fmyalumni.mcgill.ca%2fredirect.aspx%3flinkID%3d805890%26sendId%3d208699%26eid%3d228301%26gid%3d2%26tokenUrl%3dhttp%3a%2f%2fDcccd.xyz-wellness.com%2fS2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU%3d

HTTP Response

302
192.254.190.194:80

http://dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=

http

IEXPLORE.EXE

535 B
746 B
5
4

HTTP Request

GET http://dcccd.xyz-wellness.com/S2ltYmVybHlGbGFuZGVyc0BkY2NjZC5lZHU=

HTTP Response

200
192.254.190.194:80

dcccd.xyz-wellness.com

IEXPLORE.EXE

98 B
52 B
2
1
188.114.96.0:443

6ciqkkdehs6453c4419efdc.tkdref.ru

tls, http2

IEXPLORE.EXE

1.0kB
5.6kB
13
10
188.114.96.0:443

https://6ciqkkdehs6453c4419efdc.tkdref.ru/favicon.ico

tls, http2

IEXPLORE.EXE

9.6kB
146.0kB
171
156

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu

HTTP Response

403

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/styles/challenges.css

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f7abd1eb92a

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f7abd1eb92a

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/favicon.ico

HTTP Response

403

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f7abd1eb92a

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/MKimberlyFlanders@dcccd.edu

HTTP Response

403

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/styles/challenges.css

HTTP Response

304

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cc80f94bf69b92a

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cc80f94bf69b92a

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/cdn-cgi/images/trace/managed/nojs/transparent.gif?ray=7cc80f94bf69b92a

HTTP Response

200

HTTP Request

GET https://6ciqkkdehs6453c4419efdc.tkdref.ru/favicon.ico

HTTP Response

403
23.206.95.234:80

http://x2.c.lencr.org/

http

IEXPLORE.EXE

299 B
721 B
4
3

HTTP Request

GET http://x2.c.lencr.org/

HTTP Response

200
104.18.6.185:443

https://challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit

tls, http2

IEXPLORE.EXE

1.6kB
9.7kB
21
17

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit

HTTP Response

200
104.18.6.185:443

challenges.cloudflare.com

tls, http2

IEXPLORE.EXE

962 B
3.6kB
12
9
20.50.80.209:443

322 B
7
104.16.80.250:443

developers.cloudflare.com

tls, http2

IEXPLORE.EXE

1.0kB
5.9kB
13
10
104.16.80.250:443

https://developers.cloudflare.com/cdn-cgi/rum?

tls, http2

IEXPLORE.EXE

11.6kB
70.2kB
107
95

HTTP Request

GET https://developers.cloudflare.com/fundamentals/get-started/concepts/cloudflare-challenges/

HTTP Response

103

HTTP Response

200

HTTP Request

GET https://developers.cloudflare.com/assets/index-dc2f2bff.js

HTTP Request

GET https://developers.cloudflare.com/assets/index-7babe9c7.css

HTTP Request

GET https://developers.cloudflare.com/assets/CodeCopy-a4650a37.css

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://developers.cloudflare.com/cdn-cgi/challenge-platform/scripts/invisible.js

HTTP Response

302

HTTP Request

GET https://developers.cloudflare.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/938e2b5c/invisible.js

HTTP Response

200

HTTP Request

OPTIONS https://developers.cloudflare.com/cdn-cgi/challenge-platform/h/b/cv/result/7cc80fbccc7d0e31

HTTP Response

400

HTTP Request

POST https://developers.cloudflare.com/cdn-cgi/rum?

HTTP Response

204

HTTP Request

POST https://developers.cloudflare.com/cdn-cgi/rum?

HTTP Response

204
151.101.1.229:443

cdn.jsdelivr.net

IEXPLORE.EXE

156 B
3
151.101.1.229:443

https://cdn.jsdelivr.net/npm/@docsearch/css@3

tls, http2

IEXPLORE.EXE

1.3kB
9.3kB
16
15

HTTP Request

GET https://cdn.jsdelivr.net/npm/@docsearch/css@3

HTTP Response

200
104.18.169.114:443

https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otCommonStyles.css

tls, http2

IEXPLORE.EXE

7.9kB
146.3kB
144
134

HTTP Request

GET https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/OtAutoBlock.js

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d3bba612-bde9-4daa-93e3-a78dab7d1a86.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/consent/d3bba612-bde9-4daa-93e3-a78dab7d1a86/d8806338-d10a-406d-9677-f925dab8e982/en.json

HTTP Response

200

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otFlat.json

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/v2/otPcCenter.json

HTTP Request

GET https://cdn.cookielaw.org/scripttemplates/202209.1.0/assets/otCommonStyles.css

HTTP Response

200

HTTP Response

200

HTTP Response

200
104.18.169.114:443

cdn.cookielaw.org

tls, http2

IEXPLORE.EXE

954 B
3.5kB
12
9
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/docsearch-js/3.3.3/umd/index.js

tls, http2

IEXPLORE.EXE

2.5kB
34.4kB
40
36

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/docsearch-js/3.3.3/umd/index.js

HTTP Response

200
104.17.25.14:443

cdnjs.cloudflare.com

tls, http2

IEXPLORE.EXE

911 B
3.5kB
11
8
104.16.81.250:443

https://feedback.developers.cloudflare.com/sdk.js

tls, http2

IEXPLORE.EXE

2.1kB
16.5kB
28
24

HTTP Request

GET https://feedback.developers.cloudflare.com/sdk.js

HTTP Response

200
104.16.81.250:443

feedback.developers.cloudflare.com

tls, http2

IEXPLORE.EXE

971 B
5.8kB
12
9
104.16.125.175:443

https://unpkg.com/littlefoot@4.0.0-9/dist/littlefoot.js

tls, http2

IEXPLORE.EXE

1.9kB
12.9kB
26
21

HTTP Request

GET https://unpkg.com/littlefoot/dist/littlefoot.js

HTTP Response

302

HTTP Request

GET https://unpkg.com/littlefoot@4.0.0-9/dist/littlefoot.js

HTTP Response

200
104.16.125.175:443

unpkg.com

tls, http2

IEXPLORE.EXE

900 B
3.5kB
11
8
104.16.56.101:443

static.cloudflareinsights.com

tls, http2

IEXPLORE.EXE

966 B
3.6kB
12
9
104.16.56.101:443

https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

tls, http2

IEXPLORE.EXE

1.8kB
11.2kB
23
19

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

HTTP Response

200
104.18.29.38:443

geolocation.onetrust.com

tls, http2

IEXPLORE.EXE

961 B
3.6kB
12
9
104.18.29.38:443

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

tls, http2

IEXPLORE.EXE

1.3kB
4.0kB
15
11

HTTP Request

GET https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

HTTP Response

200
151.101.65.229:443

cdn.jsdelivr.net

tls, http2

IEXPLORE.EXE

919 B
476 B
8
7
52.152.110.14:443

208 B
4
84.53.175.11:80

92 B
2

8.8.8.8:53

mandrillapp.com

dns

IEXPLORE.EXE

61 B
93 B
1
1

DNS Request

mandrillapp.com

DNS Response

13.229.125.179

13.229.229.215
8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

179.125.229.13.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

179.125.229.13.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

myalumni.mcgill.ca

dns

IEXPLORE.EXE

64 B
217 B
1
1

DNS Request

myalumni.mcgill.ca

DNS Response

104.17.59.157

104.17.61.157

104.17.57.157

104.17.58.157

104.17.60.157
8.8.8.8:53

76.38.195.152.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

76.38.195.152.in-addr.arpa
8.8.8.8:53

157.59.17.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

157.59.17.104.in-addr.arpa
8.8.8.8:53

secureca.imodules.com

dns

IEXPLORE.EXE

67 B
205 B
1
1

DNS Request

secureca.imodules.com

DNS Response

104.18.69.99

104.18.68.99

104.18.71.99

104.18.72.99

104.18.70.99
8.8.8.8:53

dcccd.xyz-wellness.com

dns

IEXPLORE.EXE

68 B
84 B
1
1

DNS Request

dcccd.xyz-wellness.com

DNS Response

192.254.190.194
8.8.8.8:53

99.69.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

99.69.18.104.in-addr.arpa
8.8.8.8:53

194.190.254.192.in-addr.arpa

dns

74 B
120 B
1
1

DNS Request

194.190.254.192.in-addr.arpa
8.8.8.8:53

6ciqkkdehs6453c4419efdc.tkdref.ru

dns

IEXPLORE.EXE

79 B
111 B
1
1

DNS Request

6ciqkkdehs6453c4419efdc.tkdref.ru

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

x2.c.lencr.org

dns

IEXPLORE.EXE

60 B
165 B
1
1

DNS Request

x2.c.lencr.org

DNS Response

23.206.95.234
8.8.8.8:53

123.108.74.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

123.108.74.40.in-addr.arpa
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

234.95.206.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

234.95.206.23.in-addr.arpa
8.8.8.8:53

challenges.cloudflare.com

dns

IEXPLORE.EXE

71 B
103 B
1
1

DNS Request

challenges.cloudflare.com

DNS Response

104.18.6.185

104.18.7.185
8.8.8.8:53

185.6.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

185.6.18.104.in-addr.arpa
8.8.8.8:53

developers.cloudflare.com

dns

IEXPLORE.EXE

71 B
151 B
1
1

DNS Request

developers.cloudflare.com

DNS Response

104.16.80.250

104.16.77.250

104.16.79.250

104.16.81.250

104.16.78.250
8.8.8.8:53

250.80.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

250.80.16.104.in-addr.arpa
8.8.8.8:53

cdn.cookielaw.org

dns

IEXPLORE.EXE

63 B
95 B
1
1

DNS Request

cdn.cookielaw.org

DNS Response

104.18.169.114

104.18.170.114
8.8.8.8:53

cdn.jsdelivr.net

dns

IEXPLORE.EXE

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

cdnjs.cloudflare.com

dns

IEXPLORE.EXE

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

feedback.developers.cloudflare.com

dns

IEXPLORE.EXE

80 B
160 B
1
1

DNS Request

feedback.developers.cloudflare.com

DNS Response

104.16.81.250

104.16.80.250

104.16.77.250

104.16.78.250

104.16.79.250
8.8.8.8:53

unpkg.com

dns

IEXPLORE.EXE

55 B
135 B
1
1

DNS Request

unpkg.com

DNS Response

104.16.125.175

104.16.122.175

104.16.126.175

104.16.123.175

104.16.124.175
8.8.8.8:53

static.cloudflareinsights.com

dns

IEXPLORE.EXE

150 B
214 B
2
2

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.56.101

104.16.57.101

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.56.101

104.16.57.101
8.8.8.8:53

geolocation.onetrust.com

dns

IEXPLORE.EXE

70 B
102 B
1
1

DNS Request

geolocation.onetrust.com

DNS Response

104.18.29.38

104.18.28.38
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

229.1.101.151.in-addr.arpa
8.8.8.8:53

114.169.18.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

114.169.18.104.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

250.81.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

250.81.16.104.in-addr.arpa
8.8.8.8:53

175.125.16.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

175.125.16.104.in-addr.arpa
8.8.8.8:53

101.56.16.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

101.56.16.104.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

38.29.18.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

38.29.18.104.in-addr.arpa
8.8.8.8:53

200.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

200.179.250.142.in-addr.arpa
8.8.8.8:53

229.65.101.151.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

229.65.101.151.in-addr.arpa
8.8.8.8:53

200.232.18.117.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

200.232.18.117.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
193dfb673cd9fca38d4de32acb04d94d

SHA1
e1501e520919814d52a176a38258260b5cb2f189

SHA256
b37c58d2e2d4714091cabfc912fe445f07bc308d178d34252a225e952ab944a6

SHA512
b0d52ec51bff7de0039559212856c16523968f95e7a05309f7919ebdfb6916fea7cbf721c59e32ef1e66002cb4389e3ca061d7c54b5f17704d4b5c37131783a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
3fbb8ee33354096d9f116c557a402d14

SHA1
f75756c42d45d1047eb04fa54bd7702f5560df4b

SHA256
13e2696561dd0955e1d61f7e18166c8bd7a02faf1dbfe04e738b5d68cc2ca57e

SHA512
cc21e56f9278282b3c15964b5618d42bdfda83b245d7bf01d12550aabd69a9747d1deaa5a9a9830e6d6a47465f580e21e0a7621cf992b56244ad4bee8779c338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
784189f34d27557e23ab4f5c0653989a

SHA1
03cc8b2e61413eedda490cbb28b5db4fd014ea99

SHA256
da04abd7f5c5e4c281c8b30b8583476d94a55ce74b9894c1e11bc0b8168a818b

SHA512
68707c7c7448501bce92150aa53f0b94260c3b9c671fce73e490e77738556fb9b3c71bfc8f4edba48cbd0b75da89de5ad951a4f704ec046cfbc42d83522768ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
eba030abb94cc8f88330ee1047725295

SHA1
3e2cdcaca7902d45e47d73277c1b46f9e89185a1

SHA256
64c2e0a333e787c4013f109325bc7cf56fcbc6ca2d74dc71a89d98b51f2243c0

SHA512
1a06845685b5ea834870b93f3c4b9edbf015efac20113ce8b85552ea17e122569f680ca97124b68aa260f58d0d0f4506bdba8ac56fe7f8b39765de996157fdd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0BMP3ERH\challenges[1].css

Filesize
6KB

MD5
2c78b7f8fa496092bf41d5edd51611e7

SHA1
8b0b1b276e8194b0a5497db478ec2ea9b4f83c42

SHA256
2b0bd09c1cc7119d27e45353a59bf6c2721563e1689853ff704057a7439508d2

SHA512
53a7750ea46082968c2ec557857ad3975cddb0b45595259f0f3e9fc16360b87c5f257e058489ecaf80e61a97f92f1c5e34fa2f6fcfe922f4ae22392ffd75b4da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request